NFC-Enabled Smart Washing Machine?

Have you ever NFC-enabled smart washing machine? Yes, there is one from NXP.
MoreRFID reported NXP is currently showcasing a new RFID and NFC-enabled smart washing machine at Embedded World in Germany.

The washing machine reads information about the fabric type and color from RFID-tagged buttons, helps you avoid mixing white and dark laundry, and optimizes the washing program based on the characteristics it reads from both the clothing and the detergent itself. 

 Using an NFC-enabled phone, an authorized maintenance technician can perform diagnostics on the smart washing machine onsite, change its status, upgrade firmware, and launch an app that communicates directly with the manufacturer's service center using the phone's built-in 3G connection. 

"Major home appliances are becoming 'smarter' by the day - yet we've only started to explore the universe of possibilities when it comes to two-way communication," said Jan Willem Vogel, senior director, industrial applications marketing, NXP Semiconductors. "We're particularly excited about our new smart washing demonstrator, which brings together our advanced application insights, our expertise in RFID and NFC, as well as our broad-based understanding of the complex sub-systems driving white goods today. The demo also showcases the breadth of NXP's portfolio - the most extensive in the semiconductor industry when it comes to home appliances."

TazTag Launches Android Phone with Features like NFC and Zigbee

A French company, TazTag, introduced a new smartphone that supports NFC, Zigbee, and Secure Element. Called TPH-ONE, the phone is based on Android 2.3 Gingerbread. The TPH-ONE is going to be available in March.

According to TazTag, TPH-ONE runs on an 800 MHz Qualcomm processor, with 512 MB of RAM, 512 MB of storage, a Micro SD slot allowing up to 32 GB more storage. The phone has a 5 MP auto-focus camera with a 0.3 MP front-facing camera. The display is 4î, with a 480 x 800 resolution. The phone can be used in home automation, smart energy monitoring, set top box smart user interfaces, and mobile payment.

For more information, click here.

Visa Reached Deal with Intel and Vodafone Targeting Mobile Payments

Vodafone plans to install Visa's payWave platform on smartphones that have NFC support. The company will launch the service first in some countries in Europe, including Germany, Netherlands, Spain, Turkey and UK this year.

According to Vodafone CEO Vittorio Colao, "The Vodafone mobile wallet represents the next stage of the smartphone revolution."

The potential benefit for Visa could be huge as currently Vodafone has about 400 million customers in more than 30 countries.

PC Magazine  reported payWave techology is from Oberthur Technologies and Visa signed a deal with the company to allow customer to use their phones to pay for goods and service via NFC. However, there is an interesting twist.

However, Visa will be required to approve individual devices for its payment app, providing an additional factor for consumers to consider when selecting a new phone.

....

Here's how it will work, according to Visa: users will need to purchase an NFC phone from their carrier. That phone will have to be approved by Visa. Then, the consumer will need to contact either their own bank, financial institution, or another service provider, and set up an approved account with Visa. Once that back-end arrangement has been facilitated, the purchase process will be similar to Google Wallet - at the point of sale, the user will enter a PIN, and then Visa will facilitate the payment between the user's account and the retailer.

Greene said that the Visa payWave systems will work with many wallet providers, including Google's own mobile payments solution, Google Wallet. Both Google and Isis, a rival mobile payments system backed by carriers, have committed to a broad rollout in 2012, Greene said, in response to a question about when Visa would roll out its payWave in phones solution.

If you don't like this option, you probably don't have other choices after 2013.

Visa has also set a 2013 deadline to phase out magnetic-striped cards in the U.S.

LG Released New Smartphone

LG recently released a new smart phone, Optimus 3D Cube at Mobile World Congress. 

The new phone is thinner than the Optimus 3D with a 4.3-inch 3D display, 8G internal storage, 1G RAM, 5-megapixel camera with 3D capability. The device runs on Android 2.3 (Gingerbread).

It also supports NFC and LG's Tag+ application. 

PayPal Stays Away from NFC

PayPal recently made a surprised announcement that the company may drop its support of NFC as a way of mobile payment. 

According to David Marcus, VP of mobile at PayPal, "By the time NFC catches up, we'll be in a world that will move away from the point-of-sales terminal."

PayPal expect user to link your phone number with pin protected PayPal account. At the time of payment, user just chooses PayPal, then mobile number, and then pin number. After the payment, a receipt will be sent the mobile phone.

The idea behind this is that user don't have to pull out the wallet or mobile phone. 

In general, this is an interesting idea. However, my issue with this idea is the lack of security. Without the phone or wallet presence, it can be easily stoled and used in many places within a short time. I guess we have heard enough miserable stories about identify theft. Compared with NFC, I would go with NFC.

Google Patched the Security Bug

We reported the news about the security hole in Google Wallet last Thursday. Within a few days, Google provided the fix. Osama Bedier, Vice President, Google Wallet and Payments, announced yesterday that they patched the security hole in the Google Wallet. Here is the statement from Google:

First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device. 

Second, we also take concrete actions to help protect our users. For example, to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.

 And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.  

Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.

In addition, the company also announced the ability to issue new prepaid cards to the wallet. If you have issues, call google from here. 

Good Job, Google!

Can your medicine packaging talk?

Yes, they can. Finland based VTT Technical Research Centre recently developed a NFC-based applications  that can help visually impaired people to find out medical information about the medicine package without reading the content.

Here is how it works:

User can touch the info code on the packaging by using the mobile phone. NFC technology can acquire the brief information about the package, feed into the application. Then application can automatically download product and dosage information and can be heard from the phone. 

The project, named "HearMeFeelMe", is jointly developed by VTT, TopTunniste (Finland) Tecnalia (Spain) and Demokritos (Greece). 

The testers' favourite was Top Tunniste's Touch 'n' Tag demo, a mobile phone application that enables visually impaired users to identify everyday items, including food, with the help of voice memos. The phone must be equipped with an NFC reader. To record a memo tag, the user touches the NFC label on the packaging and dictates the information into the phone. The recording can then be listened to by touching the label again with the phone. The test run indicated that the application was most commonly used to mark food packaging. According to the majority of users, it was useful in recognising items and recalling product information. Additional benefit was seen in the possibility of recording the desired information in the user’s own words.

Another demo application was developed during the HearMeFeelMe project, completed at the end of 2011. This was the so-called speaking medicine packaging. When touched, this provides spoken dosage instructions and other important information. The data was stored on the NFC chip by pharmacy staff and could be listened to by the user at home. The demo version was only available for PC, but the application is designed to run on programmable smartphones equipped with an NFC reader and a code scanner.

This kind of application has huge potential, not only for visually impaired persons, but also helpful to old people because of age. Let's wait and see. More information can be found here at VTT.

Security Vulnerability Found in Google Wallet

Joshua Rubin of zvelo recently explained his research in the security of Google Wallet. Rubin discovers that a lost or stolen Android phone with Google Wallet configured could be as bad as lost a credit card.

Google Wallet is currently the only public available NFC-based payment system. It's officially available in Samsung Nexus S 4G on Sprint network. NFC is using Secure Element (SE) to store/encrypt the sensitive data, such as credit card number. It's designed to resist hacking and protect stored data.

To access SE, Google Wallet requires a 4-digit PIN at the first time launching the application. By design, if the phone is stolen, Google Wallet can lock it up completely after a few failed PIN attempts.

viaForensics first came out with a report questioning the security of Google Wallet. Then zevelo researched more in this topic and indeed found the security flaw in the Google Wallet.

As we investigated the data stored in the per-app (sqlite3) database used by Google Wallet, we became intrigued by the contents of the “metadata” table that contained only 3 rows but a large “blob” of binary data in each. The name alone, “metadata,” just seemed like a poor attempt at “security by obscurity” which as we already know, “is no security at all.”

One row in this table has id ‘gmad_bytes_are_fun’ and this appears to be a sort of encrypted file system used for storing data via the SE. The contents of the binary data in this row likely includes the complete credit card information and certainly needs further vetting, but it was not this row that interested us.

Another row had an id of ‘deviceInfo’ and appeared to have much more non-null data. However, this binary data had to be parsed somehow to uncover its contents. After some more digging, we realized that this data was compiled using Google’s own “Protocol Buffers.” This is an open library for serializing data for messages passing between systems. In order to use this data, we had to define a “message format” in a “.proto” file (Protocol Buffer Basics: Java). With our custom “.proto” file in hand, we were able to uncover the contents of the binary data and were shocked at what we found. Unique User IDs (UUID), Google (GAIA) account information, Cloud to Device Messaging (C2DM, also known as “push notification”) account information, Google Wallet Setup status, “TSA” (this is probably related to “Trusted Services” not the “Transportation Security Administration”) status, SE status and most notably “Card Production Lifecycle” (CPLC) data and PIN information.

The CPLC data is a vital part of the communication with the SE. However, it was yet another binary blob that would have to be deciphered, or perhaps it just acts like a “key” to unlock the SE and has no decipherable data within.

The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes. This is trivial even on a platform as limited as a smartphone. Proving this hypothesis took little time.

Google Wallet allows only five invalid PIN entry attempts before locking the user out. With this attack, the PIN can be revealed without even a single invalid attempt. This completely negates all of the security of this mobile phone payment system.

I am surprised to hear that Google Wallet is using sqlite db as the storage engine to save data, instead of their own db engine. Sqlite is a very good, light weight relational database, but just not strong enough to be as the base for secure database. Sqlite is open source database and all data is in one data file. It's both good and bad. Here's the link for the report from zevelo.

Can't Wait for New NFC-enable iPhone, Here's the Solution

We know Apple is going to launch NFC-enable iPhone in the future. Maybe iPhone 5 or iPhone6. However, if you want the NFC solution for your iPhone to accept credit card payment. Here is the solution.

Canada based Payfirma offers a complete solution for mobile payment including NFC and regular card swiper. Some of interesting features includes:

• Sign receipts right on the device
• After the sale, it can deliver eReceipt via email directly to customer's e-mail box
• It's PCI compliant and secure. No credit card information is stored in the device. 

This new version of payment app can allow business to access real-time transaction reporting with daily, weekly, and month-to-date sales keeping merchants on top of their business. Each transaction is tagged with the location of the sale, so merchants and their customers can see their transactions on a map, right on their mobile device. This gives small businesses a new set of business intelligence to improve their sales and also increase security.

Here is the video from youtube

Microsoft Filing NFC Patent for Mobile Payment Service

Microsoft filed a patent application for "Mobile Wallet and Digital Payment" service last September. Tom's Guide reported

The filing covers a "method that facilitates securing a wireless digital transaction" for "at least one of a good or a service." Microsoft refers to mobile devices that "can include at least one mobile payment card (m-card), wherein the m-card is created by establishing a PKC-secured link to an account associated with a form of currency." The link between a mobile device and a terminal is created via near field communication (NFC), Bluetooth, Wi-Fi, or RFID. 

Microsoft's "m-card" feature is similar to a virtual credit card whose data is transmitted to a payment terminal using upon request. Only a portion of the m-card is sent to and received by the payment terminal, which will then be authenticated the organization that issued m-card and associated it with "at least one of a bank, a credit card company, an investment fund, an online brokerage, a web site, a business, a company, or a financial institution." To authorize a transaction, a user may have to press "a physical input button that can initiate a password entry, a payment, or a password entry completion."

Microsoft Plans NFC in Window Phone 8 'Apollo'

Late last week, there is a leak revealing Microsoft's next big move in the mobile world, Windows Phone 8. Major improvements include NFC, Skype integration and removable microSD card storage. The potential target release time is second half of 2012.

With code name of "Apollo", Window Phone 8 is the next major release about Window Phone 7 "Tango". The new release will also support muti-core SoCs and new screen resolution. 

Like other major mobile players, Microsoft also targets the mobile-payment market by using NFC technology. Unlike Google, Microsoft would let phone carriers to brand the payment system by themselves. 

As Microsoft purchased Skype sometime ago, Window Phone 8 will incorporate Skype's VoIP into Window Phone 8. It could have the potential to increase the data usage by mobile phone.  More related information can be found at Supersite for Windows.

Germans Like NFC

NFC World reported Euro Kartensysteme conducted a survey in Germany about their impression about making payments with contactless cards or NFC phones.

Overall, 43% of respondents to the survey of 1,040 Germans aged 18-59 said they could well imagine making contactless payments in the future. Acceptance levels vary between different contactless payments technologies, however, with 58% saying they would make a payment with a contactless debit card, 50% would use an NFC phone and 41% would use a contactless credit card.

Paris Metro Uses New Cards toward NFC

Paris Metro will use new payment card that is compatible with NFC standard, sometime next year. The new card uses ISO 14443 type B and is compatible with NFC standard. The old system will still be in place with the new system.