How much will Smart Navigo HCE suck?

It’s interesting parsing app reviews that say ‘this app sucks’. How does it suck and why? As I’ve said before, the overwhelming negative App Store reviews for Suica App are less about the app and more about lousy carrier auto-connect • free WiFi connections messing with the Mobile Suica recharge function. Most users see Suica App as the software that controls everything Mobile Suica AND iPhone NFC hardware. It does not of course but people dump all blame on Suica App anyway.

It’s a complete mystery why people even bother using Suica App when so much Mobile Suica functionality is built in Apple Pay Wallet right out of the box. Nevertheless it’s safe to conclude that Suica App user angst is network related. People assume the WiFi and cellular icons at the top of the iPhone screen indicate a healthy internet connection, which they decidedly do not.

Most of what Mobile Suica does is done without an internet connection. The only time it needs one is recharge time with a credit card in Apple Pay Wallet app or Suica App. All that complaining over one Mobile Suica feature however, tells us something important about WiFi and cellular internet connections in station areas and on trains: they suck. Despite ubiquitous cellular and WiFi coverage, reliable internet is notoriously fickle in those famously busy Japanese train stations. This is the real reason behind all those ‘this app sucks’ Suica App reviews.

Which brings us to Smart Navigo, the Île-de-France Mobilités (IDFM) Paris region transit card for mobile that is going wide on Android smartphones this year. IDFM has spent a lot of time and expense working with Calypso Networks Association (CNA), the transaction tech used for Navigo, to implement the less secure network dependent Calypso HCE ‘cloud’ secure element approach as the default mobile transit tech for Android devices in 2022.

It is very unusual that IDFM chose HCE as their go to mobile strategy on Android when the more secure hardware embedded secure element (eSE) is standard on all smartphone NFC devices, and does the job without internet connections. HCE is very different from eSE in that both NFC smartphone and the reader need a connection to talk with a server. HCE was also conceived for leisurely supermarket checkout, not the challenging transit enviroment. How does Calypso HCE compare to the network-less eSE experience? CNA says:

For security reasons, transactions using the personalization key or the load key are not possible through the NFC interface, and must be done with a secure connection to a server.

Only the Calypso debit key is stored in the HCE application for validation on entrance and control during travel, coupled with a mechanism of renewal of the Calypso Serial Number (CSN) to mitigate the risk of fraud : a part of the CSN contains date and time of validity of the debit key which shall be checked by the terminals.

Thales says: poor mobile network coverage can make HCE services inaccessible. In short no internet connection, no mobile transit service. Let’s compare the basic mobile transit card features of Mobile Suica with Calypso HCE:

It’s too bad IDFM didn’t study Mobile Suica shortcomings, they could have learned a few things. Most certainly they understand HCE shortcomings but chose it anyway for unknown (political?) reasons. Right out of the gate Smart Navigo HCE won’t support power reserve NFC transactions even on Android devices that support it for regular eSE NFC. In total, there are 6 core Smart Navigo features that are internet connection dependent vs 1 Mobile Suica feature. 6 more things to complain about when they don’t work…in other words the Smart Navigo HCE suck index is 6 times greater than Mobile Suica. If Suica App is anything to go by, there are going to be a lot of bad Google Play reviews for the HCE version of the Île-de-France Mobilités App.

iPhone and Apple Watch users can be thankful that Apple Pay Navigo will use eSE (as Samsung Pay Navigo already does), and avoid most of this mess when the service launches in 2023, matching the Mobile Suica experience, feature for feature.

Apple Pay Navigo launch in 2023, open loop coming in 2024

After a long, long dance, Île-de-France Mobilités (IDFM) confirmed that Smart Navigo, the Paris region transit card for mobile will come to Apple Pay in 2023. As usual, Le Parisien broke the story (paywall), quickly reported on French Apple centric tech blog iGeneration.

“This time, for sure, it will be done”

After a test phase, in 2022, iPhones and Apple Watches will be able to replace the plastic pass distributed by IDFM (in 2023). “We cannot yet give a precise date, because it depends on the progress of Apple’s developments in Cupertino. But this time, for sure, it will be done, “says Laurent Probst, CEO of Île-de-France Mobilités. The contract is due to be voted on this Thursday at IDFM’s board of directors…

The contract between IDFM and Apple is spread over a period of five years, with a total budget of up to €5 million dedicated to the development of new services. A budget equivalent to that allocated to Android service developments operated by Samsung with IDFM.

Le Parisien

The contract with Apple is due to be approved by IDFM directors the week of February 20, we can thank the 2024 Paris Summer Olympics for breaking the Smart Navigo on Apple Pay logjam. Le Parisien has regularly criticized IDFM’s slow rollout of mobile services: “The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.” A timeline is helpful to understand the stalemate.

  • October 2017: Smart Navigo mobile was announced for 2019 launch. At the time IDFM said, “Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.” In other words, IDFM wants to bypass Apple Pay Wallet and do everything in their own app.
  • September 2019: Smart Navigo launches on smartphones using an Orange SIM card, and on Samsung devices.
  • January 2021: Le Parisien reports that Smart Navigo is coming to Apple Pay. However this turns out to be a false alarm, instead IDFM releases a new version of the ViaNavigo iPhone app with support for adding money to plastic Navigo cards with the iPhone NFC.
  • November 2021: Le Parisien reports that IDFM suddenly terminated their partnership with Orange, IDFM announces a HCE + app strategy for Smart Navigo on Android that will launch in 2022. In other words, IDFM will do everything in their own app.
  • February 2022: Le Parisien reports Smart Navigo on Apple Pay will launch in 2023, IDFM confirms on Twitter and also announces EMV open loop support coming in 2024 in time for the 2024 Paris Summer Olympics.

French journalist Nicolas Lellouche independently confirmed the Apple Pay Navigo 2023 launch directly with IDFM and posted some details. Expect direct adding in Wallet app with Apple Pay recharge, similar to Suica, PASMO, Clipper, TAP and SmarTrip. An updated ViaNavigo app will provide extra features for commuter passes and more service options.

French reaction on Twitter was interesting and varied. People complained about the long lag getting Smart Navigo on iPhone but the equally long delay getting Smart Navigo on all Android devices, not just Samsung Galaxy, is more interesting and revealing. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices. It’s almost like Ferdinand de Lesseps digging a sea level Panama Canal when a lock-and-lake canal was the better technical choice all along.

As for Android Calypso HCE performance vs Apple Pay Navigo Calypso eSE performance, I suspect the network dependent HCE on Android will be problematic. It will certainly be problematic, and challenging, for non-Apple smart wearables. If there is anything the bad user reviews of Suica App tell us, it is that network connections in station areas and on trains are never reliable and Android NFC adds layer upon layer of support complexity. No network = no HCE service, it’s that simple. Apple Pay Navigo will work without a network connection, just like all transit cards on Apple Pay, and will work great on Apple Watch too.

For this reason IDFM has to focus all of their system resources on the much more complex Android launch this year. They could certainly launch Apple Pay Navigo sooner if they really wanted to, but it’s better to do these things one platform at a time.


Related
Contactless Payment Turf Wars: Smart Navigo HCE power play
Smart Navigo reportedly launching on Apple Pay

Contactless Payment Turf Wars: the Smart Navigo HCE power play

Don’t you love how big organizations play fast and loose with big concepts like Host Card Emulation? HCE was SimplyTapp created technology that Google incorporated into Android Pay in 2013 sowing endless nonsense and confused debate about ‘open’ vs ‘closed’ NFC, aka the secure element wars. Back then industry pundits said:

The significance of HCE is that it frees NFC from dependence on the secure element, which has largely been controlled by mobile carriers. Banks, merchants, and wallet developers must pay fees for access to that chip. Yeager is counting on HCE to scare up interest among issuers and kickstart NFC, which has been stuck in neutral for years.

SimplyTapp, the Power Behind Google’s NFC Workaround, Aims at Mobile Banking

HCE was created when the cloud was seen as an answer for every problem. All it did for ‘freeing’ NFC from dependence on the secure element on a device was make it dependent on a network connection to connect with a ‘secure element in the cloud’. But this was overlooked in the rush to ‘free NFC’ from the evil grasp of mobile carriers.

How little things change, swap ‘evil mobile carriers’ for ‘evil Apple’ and you have exactly the same self serving ‘open’ vs ‘closed’ NFC chip nonsense that people are debating in Europe and Australia today. FeliCa Dude, the ultimate industry insider who has experienced it all, said it best: ‘It’s all eSE or nothing now.’

Let’s make this simple as possible and list the industry forces in the NFC secure element wars:

  1. SIM Secure Element (SE) used by the mobile carriers for carrier locked NFC payments
  2. Embedded Secure Element (eSE) used by smartphone manufacturer digital wallet platforms (Apple Pay, Samsung Pay, Huawei Pay that use customized eSE and truly control it, off the shelf all-in-one NFC chipset users like Pixel and Xiaomi not so much)
  3. Host Card Emulation (HCE) is a secure element in the cloud strategy used by banks and card issuers on network connected Android devices using their own apps that bypass #1 and #2.

Carriers, smartphone manufacturers, banks•card issuers. Carriers lost out long ago. A classic case would be NTT docomo who built the worlds first major digital wallet platform, Osaifu Keitai, using Sony Mobile FeliCa technology back in 2004. Osaifu Keitai eventually made it to the other major Japanese carriers (KDDI au and SoftBank) but the carriers made the mistake of locking and limiting Osaifu Keitai service to SIM contracts and their own branded handsets.

More than anything else, carriers milking Osaifu Keitai as an expensive exclusive SIM contract option instead of making it a SIM free standard for everybody, was the reason why Osaifu Keitai growth stalled. The 2016 launch of Apple Pay in Japan circumvented the entire SIM SE mess with its own eSE, and gave Mobile FeliCa the second chance it’s enjoying now.

Smart Navigo power play
Smart Navigo is the Île-de-France Mobilités (IDFM) Paris region transit card for mobile on Galaxy devices, and Android smartphones with Orange SIM cards. France was an early innovator of NFC on mobile phones but it did not lead to early mobile transit adoption: Smart Navigo launched in September 2019.

Fast forward to 2021, today in LeParisien: Île-de-France: why some smartphones no longer allow access to the metro. A step forward, a step back. The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.

What LeParisien was reporting was that IDFM suddenly ended their partnership with Orange: “As long as you do not change your SIM card, the service is operational: you can continue to buy tickets and validate them with your phone,” If customers change their Orange SIM card, Smart Navigo no longer works. IDEM is freeing Smart Navigo from the evil grasp of a mobile carriers.

The French Apple news site iGeneration reports:

A new solution is scheduled for deployment in mid-2022. It will be open to all Android smartphones, without operator constraints, thanks to HCE (Host Card Emulation) technology that emulates cards in a mobile application, allowing it to free itself from NFC constraints. HCE was also partly used for the SIM card developed by the start-up Wizway on behalf of Orange.

It’s 2021, the secure element wars ended years ago. Perhaps IDFM didn’t get the message. Or maybe they want to turn back the clock and fight the battle again. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices.

It’s important to remember that one problem with the term HCE is that people and companies use it very loosely. All secure element methods have to load payment credentials from the cloud at some point. The big difference is that eSE and SIM SE have secure physical areas to store those payment credentials on the device, HCE does not. Far too many people assume that any kind of loading from the cloud = HCE, it does not. HCE = storing on the cloud.

This cloud approach has downsides outlined by Thales:

With HCE, critical payment credentials are stored in a secure shared repository (the issuer data center or private cloud) rather than on the phone. Limited use credentials are delivered to the phone in advance to enable contactless transactions to take place.

This approach eliminates the need for Trusted Service Managers (TSMs) and shifts control back to the banks. However, it brings with it a different set of security and risk challenges…

A centralized service to store many millions of payment credentials or create one-time use credentials on demand creates an obvious point of attack. Although banks have issued cards for years, those systems have largely been offline and have not requiring round-the-cloud interaction with the payment token (in this case a plastic card). HCE requires these services to be online and accessible in real-time as part of individual payment transactions. Failure to protect these service platforms places the issuer at considerable risk of fraud…

All mobile payments schemes are more complex than traditional card payments, yet smart phone user expectations are extremely high:

•Poor mobile network coverage can make HCE services inaccessible.
•Complex authentication schemes lead to errors.
•Software or hardware incompatibility can stop transactions.

What is Host Card Emulation (HCE)?

The two key takeaways are: 1) HCE shifts control back to banks and card issuers, 2) No network connection = no HCE. Think of HCE as the NCF equivalent of QR Code payment services like AliPay and PayPay that also send payment credentials to the app, just in a different format.

Apple Pay has succeeded because it delivers on those high smartphone user expectations better than any other digital wallet out there. That’s why JR East needed to get Suica on Apple Pay to take Mobile Suica to the next level combining ease of use with growth, which is exactly what happened.

IDFM unceremoniously dumping Orange and going all in with HCE says to me that IDFM wants full control and nothing to do with carrier SIM SE, smartphone manufacture eSE, nor pay transaction fees to anybody… it’s our app or nothing.

We won’t know the full story until the HCE Android service starts sometime in 2022, presumably after pay-as-you-go functionality is fully operational and ready on all exit gates. IDFM has been in talks with Apple ever since Smart Navigo was first announced in 2017. At that time they said:

“Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.

Apple Pay Smart Navigo has yet to appear. If IDFM is waiting for Apple to support HCE, it will be a long wait. IDFM released an updated iOS app earlier this year that added iPhone recharge functionality for plastic Navigo cards.

One last thing: smart wearables won’t work with a HCE only Smart Navigo strategy. This is the lesson that Fitbit and Garmin have learned well from Apple Watch for deploying Mobile Suica on their devices: keep things simple and on the device for local processing without a network connection. This is what makes the Suica support coming to WearOS so interesting, it might succeed in beating Android as the first non-Apple global NFC device.

As for Smart Navigo, indeed a step forward, a step back. The IDFM journey to mobile ticketing for everybody is not a long quiet river.


This concludes the final installment Contactless Payment Turf Wars. It has been an unexpectedly longer series than planned. I hope people enjoyed reading them as much as I enjoyed writing them. Thanks always and happy transits!

Smart Navigo reportedly launching on Apple Pay


Smart Navigo, the Paris~Île-de-France region digital transit card for mobile, currently on Galaxy devices and Android smartphones with Orange SIM cards, is reportedly coming to Apple Pay in February. Although France was an early innovator of NFC on mobile phones, it did not lead to early mobile transit adoption: Smart Navigo launched in September 2019. Apple Pay Navigo would be the first native transit card (closed loop) for Apple Pay in Europe, it would also be the first smart wearable for Navigo users thanks to Apple Watch. The Calypso based Navigo transit card launched in 2001 and had a large upgrade in 2019 to add more transit services and mobile.

Navigo operator Île-de-France Mobilities has reportedly been in talks with Apple ever since Smart Navigo was first announced in 2017. At that time they said:

“Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.

Apple has a uniquely flexible custom embedded Secure Element (eSE) in their A/S Series chips that can be updated to support additional NFC protocols. Calypso is an open protocol that uses NFC-B, it would join the other major Apple Pay protocols, EMV (NFC-A) FeliCa (NFC-F) and MIFARE (NFC-A), that are all proprietary. There isn’t any technical difficulty adding new transit cards. It’s a matter of negotiation and deal making, which can take time.

Apple usually likes to roll out new transit cards following an iOS update. iOS 14.4 would fit a February launch window. There are also reports that Apple Pay Code Payments are working in recent iOS 14.4 internal builds. If all of this pans out, iOS 14.4 could be an important update for Apple Pay users, especially in France.

2021-01-08 UPDATE
01 News reports that iPhone users will be able to reload Navigo cards for day/weekly /monthly passes with an updated ViaNavigo app using NFC starting January 20. This is an important first step of implementing Apple Pay support in advance of the full Apple Pay Navigo service launch due in February and confirms the earlier Le Parisien report. It also follows the 2020 Apple Pay Octopus rollout which saw an updated iOS app with iPhone NFC recharge feature released before the service launch.

2021-01-15 UPDATE
The updated iOS Ile-de-France Mobilités app (previously ViaNavigo) with NFC reload for Navigo cards was released. iPhone 7 and later devices are supported as this follows Core NFC device specs, however iPhone XR/XS support is missing in the initial release and said to be addressed soon. There is also an issue with iPhone SE2 that needs to be restarted to work properly. These issues are fixed in iOS 14.5 and later.

2021-3-15 UPDATE
Apple Pay Navigo is a no-go, for now. Take this tweet with a grain of salt as none of this is confirmed…these things never are:

Navigo on iPhone will only arrive when pay-as-you-go functionality is fully operational (probably because of commission fees if you believe the rumours)… which will only arrive next year (2022) at best, when all exit gates will be equipped with validators