NB: This is a guest article by Kevin O'Sullivan, lead engineer at SITA Lab.
Is NFC ready for prime time? 2011 saw just four articles on Tnooz tagged with NFC (Near Field Communication), one of which was a futuristic video.
2012 will undoubtedly see a lot more written about NFC (starting here), but the real question is, will passengers see widespread use of NFC-enabled smartphones?
In truth, it’s unlikely.
In this article, I'll go into some detail about some of the lessons we’ve learned during a SITA Lab proof of concept project (developed with Orange Business Services), list some problems limiting adoption, and what the industry is doing to address these problems.
Why NFC has value for passengers
NFC offers many benefits to the travel industry but I’ll focus on the passenger self-service uses identified by the IATA Fast Travel Programme, and highlighted in the joint GSMA/IATA document on mobile NFC for Air Travel.
Of course passengers can already use mobile boarding passes at self-service touch points in the airport - automatic security gates, lounge access, self-boarding. But the experience is not as smooth as it could be, especially at the point of use in the airport.
For example, with self-boarding the passenger has to visually present the barcode by unlocking the phone and then accessing a web URL or navigating through a phone app. In the SITA Passenger Self- Service Survey (2011), SITA found that 21% of passengers did not use a phone to board because it was perceived as too complex, and 12% cited the risk of the phone not functioning properly.
NFC promises a simpler experience as passengers simply place their phone on the reader and the boarding pass is read automatically. Passengers don’t even need to switch their phone on, they just “tap and go”.
For NFC to justify the costs of rollout and deliver real benefits it must simplify the passenger experience, and not just be a technology swap. And this makes the “tap and go” experience important.
But NFC phones are already here – what’s the problem?
The major device manufacturers have either released devices with NFC capabilities, or have announced that they will do so in 2012. But not all NFC phones are made equal, and what is not made clear is what type of NFC communications they support.
By and large, they all support basic NFC tag reading. But, the most exciting thing you can do with an NFC phone ’off the shelf’ is to hold your phone to an advert and get even more adverts. So, what are the different NFC types, and why does it matter?
NFC comes in several flavours:
1. Reader/writer mode.
The use case here is to tap your phone against a smart tag (e.g. embedded in a poster) to get more info about that poster, maybe launch a web page. The phone reads data from the tag.
This is a good way for a passenger to get data but not a good way for the airport touch points to get data from the passenger.
2. Peer to Peer mode.
Hold two NFC phones together, or hold a NFC phone to a device and the devices will exchange information. This data can be anything from business card data to videos, to passenger data.
But Peer to Peer mode is user-initiated and features proprietary data exchange protocols. Again, not a great way for the airport touch points to get data from the passenger.
3. Card Emulation mode.
In this mode, the phone emulates a contactless smart card (such as the London Underground Oyster Card). A reader (e.g. boarding gate) can read a boarding pass from the phone.
And crucially, it does this without any user interaction.
When it comes to simplifying the user experience, card emulation is the crown jewel of NFC. It is the only NFC mode that will let a device read data from a phone without requiring the phone user to initiate the process or even take any active part in the process.
But to understand how it does this is to understand some of the problems holding NFC back. So, let’s consider what happens in card emulation mode.
Cardlets - not your ordinary app
But first, an introduction to the Secure Element and cardlets. The Secure Element is a special chip on the phone that can store data and run cardlets. There are multiple implementations of the Secure Element:
- In the GSMA model, the SIM acts as the Secure Element.
- Google Wallet uses an embedded Secure Element
- Visa is proposing using a secure memory card
In all cases, the cardlet is an application that executes on the Secure Element to manage data. It runs in this secure environment outside of the main phone OS. A Secure Element can contain multiple cardlets - each cardlet has a unique ID.
So, in the self-boarding scenario, the following sequence of events happen:
- The passenger holds the phone near a boarding gate NFC reader
- Boarding gate reader selects the cardlet from the Secure Element using the pre-assigned cardlet ID (there may be multiple cardlets on the Secure Element)
- The cardlet validates that the boarding gate is authentic by using a secret challenge/response
- The boarding gate reader then issues a query to get the appropriate boarding pass from the cardlet. (there may be more than one boarding pass on the phone)
- The cardlet responds with a boarding pass (data is encoded in format IATA Resolution 792 just like 2DBCs)
This brings up several problems, for which there are currently no standard solutions. Some problems must be solved by the air transport industry, and some must be solved by the mobile industry (mobile network operators, device manufacturers and mobile operating system vendors).
Mobile Industry Challenges:
1. How do you install a cardlet app on the Secure Element?
Not through the app store, that's for sure! An update to the Secure Element can typically only take place over a contactless interface (e.g. charging your Oyster card) or Over The Air (OTA) via a Trusted Service Manager. But the developer community needs an API or a Service for this.
2. How do you send the boarding pass data to the Secure Element?
Again, the developer community needs an API or a service for this.
Air Transport Industry Challenges:
The challenges facing the air transport industry are ensuring the appropriate boarding pass is presented securely to authorized readers. A passenger can have more than one boarding pass stored on the phone but a security or gate reader should get the appropriate boarding pass automatically.
The appropriate boarding pass depends on the location (airport), the date or time, and the context (passenger boarding a flight, at security, duty free, lounge access, etc.).
- A reader must know the cardlet ID in order to query that cardlet. Should there be one cardlet for the ATI? Or a cardlet per airline, per alliance, airport or country/region? Given that each cardlet app must be uniquely identified, who will manage and allocate unique cardlet IDs?
- How to ensure security and a consistent way to retrieve a boarding pass between the reader and the various NFC- enabled phones.
For the mobile industry issues, we are seeing solutions emerge from GSMA (promoting the use of the SIM as the Secure Element).
They have established the Open Mobile API initiative which has already been incorporated into some Android NFC devices as a way for the application to access the Secure Element in an Android NFC phone.
Google has its Google Wallet which uses the embedded Secure Element, but it is a closed shop and there are no public APIs for Secure Element access. The picture is less clear when it comes to the other players such as RIM, Nokia and Microsoft. Apple, as is the norm, is silent on the issue.
IATA is taking the lead in the air transport industry and the Fast Travel Workgroup is working through the problems and opportunities to define the necessary standards to ensure NFC boarding passes can be use consistently across different airlines and airports. Interoperable standards are key to the success and adoption of NFC.
In 2012, SITA Lab will continue with NFC as a research project, both with Orange Business Services and others. Our aim is to release the current proof of concept "into the wild" (albeit on a limited basis), and to continue to work with industry organisations - such as IATA - airlines and airports to establish global standards to ensure the NFC ecosystem is as interoperable as current e-ticketing or 2DBC services.
As an industry, air transport must push the mobile industry players to solve problems that are blocking adoption. Watch this space.
Here is a clip:
NB: This is a guest article by Kevin O'Sullivan, lead engineer at SITA Lab.
NB2:Image via Shutterstock.