Tag: Smart Navigo

The open loop mobile connectivity challenge

The recent additions of stera transit (Visa-SMBC-Nippon Signal-QUADRAC) open loop test systems in Kyushu covering Fukuoka metro, Kuamamoto city transit and JR Kyushu expand the VISA Touch transit boutique deeper into western Japan territory. Open loop based cloud processing advocates like to portray these developments as proof that local processing based FeliCa systems like Suica et al. are expensive bygones due for replacement.

There’s just one little problem that open loop advocates fail to mention: mobile connectivity, aka the Suica app problem, the QR Code payment problem, the Smart Navigo HCE problem, etc. Wide LTE and 5G deployment doesn’t mean reliable mobile and internet connectivity that mobile payment apps depend on, and carrier outages quickly bring down the cloud transaction processing side of the equation. This was proven, yet again, on July 2 when major carrier KDDI suffered a massive nationwide outage that lasted for 80 hours. Let’s make a quick reference graph for examining local processing vs cloud processing in the mobile era.

Stera is a mobile based payments platform from the SMBC group (basically the VISA JP group) that does away with the NTT Data CAFIS dedicated backbone and replaces it with the internet based GMO Payment Gateway. This is the same stera that powers the open loop stera transit initiative.

The weak point of course is that since mobile powers the gate reader side, when mobile service goes down, stera gate readers stop working. As everybody found out during the KDDI network meltdown, Mobile Suica kept right on working on the transit gate and the store checkout reader, while mobile app based code payments and point systems all stopped. Some vital services that depended on KDDI connectivity like ATM networks also stopped working.

Cloud based Suica will face some of these challenges when it goes online in March 2023. The only difference being how much local processing stays intact and how much system buffering there is (how much it needs to talk with the cloud server to do the job), we shall see. Which brings me to the point I want to make. The media almost always portrays the open loop/cloud vs closed loop/local match as a winner takes all, one size fits all proposition. As the KDDI meltdown proves, this is stupid, and dangerous. Never put all the eggs in one technology basket. I don’t think the risk will go away, not as long as telecommunication company corporate structures don’t foster and promote their engineering talent (the people who actually make things work) deep into the executive decision making forums.

Open loop in Japan is geared for inbound tourists the supplements, but does not replace, the old reliable Transit IC infrastructure which is evolving and reducing costs too. They compliment each other, address different needs and uses. One size doesn’t fit all. If it did, Oyster card would have died years ago.

How much does Smart Navigo HCE suck?

It’s interesting parsing app reviews that say ‘this app sucks’. How does it suck and why? As I’ve said before, the overwhelming negative App Store reviews for Suica App are not about the app but about poor network connectivity kills a connectivity critical service app. The poor connectivity is due to a variety of factors: carrier auto-connect and free WiFi or overloaded mobile connections messing with Mobile Suica recharge and other online functions. People assume the WiFi and cellular icons at the top of the phone screen indicate a healthy internet connection, which they decidedly do not.

Most users see Suica App as the software that controls everything Mobile Suica AND iPhone NFC hardware. It does not of course but people dump all blame on Suica App anyway. Fortunately most of what Mobile Suica does is done without an internet connection. The only time it needs one is recharge time with a credit card in Apple Pay Wallet app or Suica App.

Yet all that complaining over online Mobile Suica app services however, tells us something important about mobile internet connections in station areas, on trains and subways: they suck. Despite ubiquitous 4G LTE~5G cellular and WiFi coverage, reliable internet is notoriously fickle in those famously busy Japanese train stations. This is the real reason behind all those ‘this app sucks’ Suica App reviews. Interestingly enough, this is the same performance gripe with the mobile myki system in Victoria. Like Mobile Suica this became a problem because mobile internet connections weren’t up to the job of delivering reliable, trouble free ‘anytime, anywhere’ recharge/top-up, which people tend to do in transit.

Which brings us to Smart Navigo, the Île-de-France Mobilités (IDFM) Paris region transit card for mobile that is going wide on Android smartphones this year. IDFM has spent a lot of time and expense working with Calypso Networks Association (CNA), the transaction tech used for Navigo, to implement the less secure network dependent Calypso HCE ‘cloud’ secure element approach as the default mobile transit tech for Android devices in 2022.

It is very unusual that IDFM chose HCE as their go to mobile strategy on Android when the more secure hardware embedded secure element (eSE) is standard on all smartphone NFC devices these days, and does the job without internet connections. HCE is very different from eSE in that both NFC smartphone and the reader need a connection to talk with a server. HCE was also conceived for leisurely supermarket checkout, not the challenging transit enviroment. How does Calypso HCE compare to the network-less eSE experience? CNA says:

For security reasons, transactions using the personalization key or the load key are not possible through the NFC interface, and must be done with a secure connection to a server.

Only the Calypso debit key is stored in the HCE application for validation on entrance and control during travel, coupled with a mechanism of renewal of the Calypso Serial Number (CSN) to mitigate the risk of fraud : a part of the CSN contains date and time of validity of the debit key which shall be checked by the terminals.

Thales says: poor mobile network coverage can make HCE services inaccessible. In short no internet connection, no mobile transit service. Let’s compare the basic mobile transit card features of Mobile Suica with Calypso HCE:

IDFM up against the Android wall of manufacturer indifference
It’s too bad IDFM didn’t study Mobile Suica shortcomings, they could have learned a few things. Most certainly they understand HCE shortcomings but chose it anyway. Why? They probably had no choice: it’s highly unlikely IDFM could get Android manufactures to retroactively update eSE for Calypso on countless different Android models. HCE was the only way to rollout Smart Navigo quickly. The Android platform reputation for keeping devices up to date with the latest software is notoriously bad.

If IDFM can convince Android manufacturers, Huawei, Google etc., to pre-load new device eSEs with Calypso, they could have a 2 tier approach: (1) full spec eSE Smart Navigo for Google Pay Pixel, Huawei Pay and so on, (2) limited spec HCE Smart Navigo for regular, i.e. cheap crappy, Android.

Right out of the gate Smart Navigo HCE won’t support power reserve NFC transactions even on Android devices that support it for regular eSE NFC. In total, there are 6 core Smart Navigo features that are internet connection dependent vs 1 Mobile Suica feature. 6 more things to complain about when they don’t work…in other words the Smart Navigo HCE suck index is 6 times greater than Mobile Suica. If Suica App is anything to go by, there are going to be a lot of bad Google Play reviews for the HCE version of the Île-de-France Mobilités App.

iPhone and Apple Watch users can be thankful that Apple Pay Navigo will use eSE (as Samsung Pay Navigo already does), and avoid this mess when the service launches in 2023, matching the Mobile Suica experience, feature for feature.

2022-10-17 UPDATE

Navigo HCE does not support Express Mode, Android users have to wake-unlock-tap to validate. This is the price of using HCE instead of a secure element.

IDFM launched Smart Navigo HCE that does not support an Express Transit mode. Android users have to wake-unlock-tap to validate…the price of using HCE instead of an embedded secure element (eSE). That IDFM and Calypso went with HCE, despite the downsides and the fact that modern NFC capable smartphones all have eSE as standard, is very interesting and speaks volumes about the state of Android NFC and licensing fee headaches. Assume that Mobile Calypso don’t come pre-installed on smartphone eSEs, unlike EMV, then imagine the nightmare of: (1) dealing with all the Android manufacturers to retroactively update their devices so they are compatible with eSE Navigo (such as currently found on compatible Samsung Pay devices), and (2) getting Google Pay on board. Going the HCE route likely avoided a lengthy messy delay getting Navigo on mobile for the Android masses which is by far the majority in France.

This is exactly the mess that Apple Pay takes care of behind the scenes so users don’t see or deal with any of it. That’s the value of having a gatekeeper, better UI and security encourages users to use NFC payments and Apple Pay use far exceeds any other digital wallet…this is the benefit that Apple Pay delivers to developers. Too bad it’s going away for EU users that the EU is forcing Apple to give up their NFC gatekeeping role, which is very sucky indeed.

Apple Pay Navigo launch in 2023, open loop coming in 2024

After a long, long dance, Île-de-France Mobilités (IDFM) confirmed that Smart Navigo, the Paris region transit card for mobile will come to Apple Pay in 2023. As usual, Le Parisien broke the story (paywall), quickly reported on French Apple centric tech blog iGeneration.

“This time, for sure, it will be done”

After a test phase, in 2022, iPhones and Apple Watches will be able to replace the plastic pass distributed by IDFM (in 2023). “We cannot yet give a precise date, because it depends on the progress of Apple’s developments in Cupertino. But this time, for sure, it will be done, “says Laurent Probst, CEO of Île-de-France Mobilités. The contract is due to be voted on this Thursday at IDFM’s board of directors…

The contract between IDFM and Apple is spread over a period of five years, with a total budget of up to €5 million dedicated to the development of new services. A budget equivalent to that allocated to Android service developments operated by Samsung with IDFM.

Le Parisien

The contract with Apple is due to be approved by IDFM directors the week of February 20, we can thank the 2024 Paris Summer Olympics for breaking the Smart Navigo on Apple Pay logjam. Le Parisien has regularly criticized IDFM’s slow rollout of mobile services: “The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.” A timeline is helpful to understand the stalemate.

  • October 2017: Smart Navigo mobile was announced for 2019 launch. At the time IDFM said, “Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.” In other words, IDFM wants to bypass Apple Pay Wallet and do everything in their own app.
  • September 2019: Smart Navigo launches on smartphones using an Orange SIM card, and on Samsung devices.
  • January 2021: Le Parisien reports that Smart Navigo is coming to Apple Pay. However this turns out to be a false alarm, instead IDFM releases a new version of the ViaNavigo iPhone app with support for adding money to plastic Navigo cards with the iPhone NFC.
  • November 2021: Le Parisien reports that IDFM suddenly terminated their partnership with Orange, IDFM announces a HCE + app strategy for Smart Navigo on Android that will launch in 2022. In other words, IDFM will do everything in their own app.
  • February 2022: Le Parisien reports Smart Navigo on Apple Pay will launch in 2023, IDFM confirms on Twitter and also announces EMV open loop support coming in 2024 in time for the 2024 Paris Summer Olympics.

French journalist Nicolas Lellouche independently confirmed the Apple Pay Navigo 2023 launch directly with IDFM and posted some details. Expect direct adding in Wallet app with Apple Pay recharge, similar to Suica, PASMO, Clipper, TAP and SmarTrip. An updated ViaNavigo app will provide extra features for commuter passes and more service options.

French reaction on Twitter was interesting and varied. People complained about the long lag getting Smart Navigo on iPhone but the equally long delay getting Smart Navigo on all Android devices, not just Samsung Galaxy, is more interesting and revealing. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices.

It’s almost like Ferdinand de Lesseps digging a sea level Panama Canal when a lock-and-lake canal was the better technical choice all along but it also speaks volumes how difficult it is to launch an NFC integrated service in the wildly uneven Android hardware jungle.

As for Android Calypso HCE performance vs Apple Pay Navigo Calypso eSE performance, I suspect the network dependent HCE on Android will be problematic. It will certainly be problematic, and challenging, for non-Apple smart wearables. If there is anything the bad user reviews of Suica App tell us, it is that network connections in station areas and on trains are never reliable and Android NFC adds layer upon layer of support complexity. No network = no HCE service, it’s that simple. Apple Pay Navigo will work without a network connection, just like all transit cards on Apple Pay, and will work great on Apple Watch too.

For this reason IDFM has to focus all of their system resources on the much more complex Android 2022 launch. They could certainly launch Apple Pay Navigo sooner if they really wanted to, but it’s better to do these things one platform at a time.

2023-05-26 Update: Île-de-France Mobilités has a coming soon page for Apple Pay Navigo

Related
Contactless Payment Turf Wars: Smart Navigo HCE power play
Smart Navigo reportedly launching on Apple Pay

Contactless Payment Turf Wars: the Smart Navigo HCE power play

Don’t you love how big organizations play fast and loose with big concepts like Host Card Emulation? HCE was SimplyTapp created technology that Google incorporated into Android Pay in 2013 sowing endless nonsense and confused debate about ‘open’ vs ‘closed’ NFC, aka the secure element wars. Back then industry pundits said:

The significance of HCE is that it frees NFC from dependence on the secure element, which has largely been controlled by mobile carriers. Banks, merchants, and wallet developers must pay fees for access to that chip. Yeager is counting on HCE to scare up interest among issuers and kickstart NFC, which has been stuck in neutral for years.

SimplyTapp, the Power Behind Google’s NFC Workaround, Aims at Mobile Banking

HCE was created when the cloud was seen as an answer for every problem. All it did for ‘freeing’ NFC from dependence on the secure element on a device was make it dependent on a network connection to connect with a ‘secure element in the cloud’. But this was overlooked in the rush to ‘free NFC’ from the evil grasp of mobile carriers.

How little things change, swap ‘evil mobile carriers’ for ‘evil Apple’ and you have exactly the same self serving ‘open’ vs ‘closed’ NFC chip nonsense that people are debating in Europe and Australia today. FeliCa Dude, the ultimate industry insider who has experienced it all, said it best: ‘It’s all eSE or nothing now.’

Let’s make this simple as possible and list the industry forces in the NFC secure element wars:

  1. SIM Secure Element (SE) used by the mobile carriers for carrier locked NFC payments
  2. Embedded Secure Element (eSE) used by smartphone manufacturer digital wallet platforms (Apple Pay, Samsung Pay, Huawei Pay that use customized eSE and truly control it, off the shelf all-in-one NFC chipset users like Pixel and Xiaomi not so much)
  3. Host Card Emulation (HCE) is a secure element in the cloud strategy used by banks and card issuers on network connected Android devices using their own apps that bypass #1 and #2.

Carriers, smartphone manufacturers, banks•card issuers. Carriers lost out long ago. A classic case would be NTT docomo who built the worlds first major digital wallet platform, Osaifu Keitai, using Sony Mobile FeliCa technology back in 2004. Osaifu Keitai eventually made it to the other major Japanese carriers (KDDI au and SoftBank) but the carriers made the mistake of locking and limiting Osaifu Keitai service to SIM contracts and their own branded handsets.

More than anything else, carriers milking Osaifu Keitai as an expensive exclusive SIM contract option instead of making it a SIM free standard for everybody, was the reason why Osaifu Keitai growth stalled. The 2016 launch of Apple Pay in Japan circumvented the entire SIM SE mess with its own eSE, and gave Mobile FeliCa the second chance it’s enjoying now.

Smart Navigo power play
Smart Navigo is the Île-de-France Mobilités (IDFM) Paris region transit card for mobile on Galaxy devices, and Android smartphones with Orange SIM cards. France was an early innovator of NFC on mobile phones but it did not lead to early mobile transit adoption: Smart Navigo launched in September 2019.

Fast forward to 2021, today in LeParisien: Île-de-France: why some smartphones no longer allow access to the metro. A step forward, a step back. The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.

What LeParisien was reporting was that IDFM suddenly ended their partnership with Orange: “As long as you do not change your SIM card, the service is operational: you can continue to buy tickets and validate them with your phone,” If customers change their Orange SIM card, Smart Navigo no longer works. IDEM is freeing Smart Navigo from the evil grasp of a mobile carriers.

The French Apple news site iGeneration reports:

A new solution is scheduled for deployment in mid-2022. It will be open to all Android smartphones, without operator constraints, thanks to HCE (Host Card Emulation) technology that emulates cards in a mobile application, allowing it to free itself from NFC constraints. HCE was also partly used for the SIM card developed by the start-up Wizway on behalf of Orange.

It’s 2021, the secure element wars ended years ago. Perhaps IDFM didn’t get the message. Or maybe they want to turn back the clock and fight the battle again. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices.

It’s important to remember that one problem with the term HCE is that people and companies use it very loosely. All secure element methods have to load payment credentials from the cloud at some point. The big difference is that eSE and SIM SE have secure physical areas to store those payment credentials on the device, HCE does not. Far too many people assume that any kind of loading from the cloud = HCE, it does not. HCE = storing on the cloud.

This cloud approach has downsides outlined by Thales:

With HCE, critical payment credentials are stored in a secure shared repository (the issuer data center or private cloud) rather than on the phone. Limited use credentials are delivered to the phone in advance to enable contactless transactions to take place.

This approach eliminates the need for Trusted Service Managers (TSMs) and shifts control back to the banks. However, it brings with it a different set of security and risk challenges…

A centralized service to store many millions of payment credentials or create one-time use credentials on demand creates an obvious point of attack. Although banks have issued cards for years, those systems have largely been offline and have not requiring round-the-cloud interaction with the payment token (in this case a plastic card). HCE requires these services to be online and accessible in real-time as part of individual payment transactions. Failure to protect these service platforms places the issuer at considerable risk of fraud…

All mobile payments schemes are more complex than traditional card payments, yet smart phone user expectations are extremely high:

•Poor mobile network coverage can make HCE services inaccessible.
•Complex authentication schemes lead to errors.
•Software or hardware incompatibility can stop transactions.

What is Host Card Emulation (HCE)?

The two key takeaways are: 1) HCE shifts control back to banks and card issuers away from carriers and Android smartphone manufacturers, 2) No network connection = no HCE. Think of HCE as the NCF equivalent of QR Code payment services like AliPay and PayPay that also send payment credentials to the app, just in a different format.

Apple Pay has succeeded because it delivers on those high smartphone user expectations better than any other digital wallet out there. That’s why JR East needed to get Suica on Apple Pay to take Mobile Suica to the next level combining ease of use with growth, which is exactly what happened.

IDFM unceremoniously dumping Orange and going all in with HCE is all about IDFM wanting full control and nothing to do with carriers (SIM SE), Android smartphone manufactures (eSE). Realistically it has to be HCE for Android because Android manufactures would never update older device eSE to support Calypso. We won’t know the full story until the HCE Android service starts sometime in 2022, presumably after pay-as-you-go functionality is fully operational and ready on all exit gates.

Meanwhile, IDFM has been in talks with Apple ever since Smart Navigo was first announced in 2017. At that time they said:

“Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.

Apple Pay Smart Navigo has yet to appear though IDFM released an updated iOS app earlier this year that added iPhone recharge functionality for plastic Navigo cards.

One last thing: smart wearables won’t work with a HCE only Smart Navigo strategy. This is the lesson that Fitbit and Garmin have learned well from Apple Watch for deploying Mobile Suica on their devices: keep things simple and on the device for local processing without a network connection. This is what makes the Suica support coming to WearOS so interesting, it might succeed in beating Android as the first non-Apple global NFC device.

As for Smart Navigo, indeed a step forward, a step back. The IDFM journey to mobile ticketing for everybody is not a long quiet river.

This concludes the final installment Contactless Payment Turf Wars. It has been an unexpectedly longer series than planned. I hope people enjoyed reading them as much as I enjoyed writing them. Thanks always and happy transits!

Smart Navigo reportedly launching on Apple Pay

Smart Navigo, the Paris~Île-de-France region digital transit card for mobile, currently on Galaxy devices and Android smartphones with Orange SIM cards, is reportedly coming to Apple Pay in February. Although France was an early innovator of NFC on mobile phones, it did not lead to early mobile transit adoption: Smart Navigo launched in September 2019. Apple Pay Navigo would be the first native transit card (closed loop) for Apple Pay in Europe, it would also be the first smart wearable for Navigo users thanks to Apple Watch. The Calypso based Navigo transit card launched in 2001 and had a large upgrade in 2019 to add more transit services and mobile.

Navigo operator Île-de-France Mobilities has reportedly been in talks with Apple ever since Smart Navigo was first announced in 2017. At that time they said:

“Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.

Apple has a uniquely flexible custom embedded Secure Element (eSE) in their A/S Series chips that can be updated to support additional NFC protocols. Calypso is an open protocol that uses NFC-B, it would join the other major Apple Pay protocols, EMV (NFC-A) FeliCa (NFC-F) and MIFARE (NFC-A), that are all proprietary. There isn’t any technical difficulty adding new transit cards. It’s a matter of negotiation and deal making, which can take time.

Apple usually likes to roll out new transit cards following an iOS update. iOS 14.4 would fit a February launch window. There are also reports that Apple Pay Code Payments are working in recent iOS 14.4 internal builds. If all of this pans out, iOS 14.4 could be an important update for Apple Pay users, especially in France.

2021-01-08 UPDATE
01 News reports that iPhone users will be able to reload Navigo cards for day/weekly /monthly passes with an updated ViaNavigo app using NFC starting January 20. This is an important first step of implementing Apple Pay support in advance of the full Apple Pay Navigo service launch due in February and confirms the earlier Le Parisien report. It also follows the 2020 Apple Pay Octopus rollout which saw an updated iOS app with iPhone NFC recharge feature released before the service launch.

2021-01-15 UPDATE
The updated iOS Ile-de-France Mobilités app (previously ViaNavigo) with NFC reload for Navigo cards was released. iPhone 7 and later devices are supported as this follows Core NFC device specs, however iPhone XR/XS support is missing in the initial release and said to be addressed soon. There is also an issue with iPhone SE2 that needs to be restarted to work properly. These issues are fixed in iOS 14.5 and later.

2021-3-15 UPDATE
Apple Pay Navigo is a no-go, for now. Take this tweet with a grain of salt as none of this is confirmed…these things never are:

Navigo on iPhone will only arrive when pay-as-you-go functionality is fully operational (probably because of commission fees if you believe the rumours)… which will only arrive next year (2022) at best, when all exit gates will be equipped with validators