[ffejie]

The subway around here uses NFC tags to debit your account. I'm wondering if there is a way to get my BlackBerry 9930 to serve this purpose instead of carrying a card.

I have my NFC subway card, and the BlackBerry can read it. Using ShortcutMe and NFC Shortcut, I can get that to do pretty much anything on the device. That's cool, but not really what I'm looking for.

What I'd like is for the BlackBerry to be broadcasting (essentially mimicking) my subway card, so when I tap my card on the subway turnstile, the subway system would authenticate and debit my account tied to my card.

Can anyone think of a way to enable such functionality?

[Guyzer]

that would be cool if you could mimic the nfc id of your card with your phone. then you could use this for security doors and other things as well. you could also program your gps to determine what id you want your phone to have, so you wouldn't need to select which id you would want to mimic.

only if eh

[9of13]

The subway around here uses NFC tags to debit your account. I'm wondering if there is a way to get my BlackBerry 9930 to serve this purpose instead of carrying a card.

I have my NFC subway card, and the BlackBerry can read it. Using ShortcutMe and NFC Shortcut, I can get that to do pretty much anything on the device. That's cool, but not really what I'm looking for.

What I'd like is for the BlackBerry to be broadcasting (essentially mimicking) my subway card, so when I tap my card on the subway turnstile, the subway system would authenticate and debit my account tied to my card.

Can anyone think of a way to enable such functionality?

I may be able to answer that. Here in NYC, we currently have a contact (swipe or dip) cards for our fare payment. The MTA (NYC's transit provider) tested a contact-less fare payment system using tests cards and debit cards where riders "tap" their cards. For those who have nfc enabled devices, it's up to the transit company to implement the use of nfc on cell phones for fare payment. This is something you would have to find out from your transit company, unless they allow payment directly from your debit card, which should allow you to be able to use your device then. If you use it for debit transactions.

[deezy87]

I may be able to answer that. Here in NYC, we currently have a contact (swipe or dip) cards for our fare payment. The MTA (NYC's transit provider) tested a contact-less fare payment system using tests cards and debit cards where riders "tap" their cards. For those who have nfc enabled devices, it's up to the transit company to implement the use of nfc on cell phones for fare payment. This is something you would have to find out from your transit company, unless they allow payment directly from your debit card, which should allow you to be able to use your device then. If you use it for debit transactions.

There's a similar system here around the GTA called Presto. It's a card you tap to pay the fare. Pretty neat, this way if you go drinking there's no hassle of counting change to get home as opposed to driving LOL

[ffejie]

I may be able to answer that. Here in NYC, we currently have a contact (swipe or dip) cards for our fare payment. The MTA (NYC's transit provider) tested a contact-less fare payment system using tests cards and debit cards where riders "tap" their cards. For those who have nfc enabled devices, it's up to the transit company to implement the use of nfc on cell phones for fare payment. This is something you would have to find out from your transit company, unless they allow payment directly from your debit card, which should allow you to be able to use your device then. If you use it for debit transactions.

Yeah, I'm asking about NYC - I have an NFC transit card that I tap on the turnstile. I don't necessarily want the phone to actually try to connect and do payment, I really just want it to mimic my NFC card. How can I get the phone to broadcast a signal, as opposed to just read NFC tags?

[Vijik]

To be able to mimic a card from a credit card company or a transit system company, the card info/credentials need to be securely stored in a secure area on the mobile device.
The secure are on the device is either SIM (new SIMs that are NFC enabled), or embedded secure element (BlackBerry has one ).

To be able to securely store card info/credentials on the secure elements (SIM/Embedded), the device needs to be connected to a back-end cloud system called TSM. The TSM should be supported by the credit card company or the transit system the card belongs too.

As it seams, it is not something that can be done by an end-user, or one single company/institute.

Transit System Companies might end up allowing credit card payment to enable mobile payment without going through the hassle of having a TSM and a system to works with TSM.

[ffejie]

To be able to securely store card info/credentials on the secure elements (SIM/Embedded), the device needs to be connected to a back-end cloud system called TSM. The TSM should be supported by the credit card company or the transit system the card belongs too.

Darn, not what I was hoping for, but good information. Also, gives me some reassurance that people can't just read my NFC tag and clone it so easily.

[Vijik]

Darn, not what I was hoping for, but good information. Also, gives me some reassurance that people can't just read my NFC tag and clone it so easily.

It is a difference between NFC tags and secure NFC cards.

I think BB can emulate an NFC tag specifically for others to read it (Business card, etc). Those tags don't necessarily need to reside from secure element. They can be in BB memory or in secure element (I am not sure how BB OS does that).

The secure NFC Cards from Credit Card, Access Control, and Transit system companies however need to reside from the secure element.

As long as you have an NFC card from the company categories mentioned above, and as long as your device OS is BlackBerry OS (Secure ), then yes, you don't need to worry about someone clone your NFC card.

[gordonzhao]

So I understand for the most part as to what your saying vijik. Thanks for the awesome nfc app by the way. But entertain my idea here...the 9900/9930 can read the nfc tag, I haven't tried this but hypothetically, if it can read my nfc card (chicago card) as we use here. Can the phone in theory, store the tag or 'code' if you will. And just emit the same code out when needed? In the sense it's replicating/mimicking the tag.

[Vijik]

So I understand for the most part as to what your saying vijik. Thanks for the awesome nfc app by the way. But entertain my idea here...the 9900/9930 can read the nfc tag, I haven't tried this but hypothetically, if it can read my nfc card (chicago card) as we use here. Can the phone in theory, store the tag or 'code' if you will. And just emit the same code out when needed? In the sense it's replicating/mimicking the tag.

You're very welcome. (NFCShortcuts is used by many happy users around the world, and that is encouraging)

It is a difference between reading (something from) a tag and get the tag to authenticate something (PAT: Payment, Access, Transit, etc).
You can get BB to read some data from a tag (universal ID, tag type ID, etc), and you might be able to program the BB to emulate that, but that is not enough for PAT.

PAT readers get authentication from the tag by sending a Challenge and verifying the Response received from the tag. The tag can respond "correctly" to the Challenge because it "knows" how to decipher the challenge (taking away the random number in challenge/etc) and it knows a secret code, a code that is used by the reader to create the Challenge.
The secret code and the know-how about how to decipher the Challenge is what you need if you wanted to mimic a PAT card.
(And because of the random number used in the Chellenge and Response, it doesn't help to sniff to the communication between the reader and a real tag)

If you are interested google
How mifare classic was hacked

[gordonzhao]

You're very welcome. (NFCShortcuts is used by many happy users around the world, and that is encouraging)

It is a difference between reading (something from) a tag and get the tag to authenticate something (PAT: Payment, Access, Transit, etc).
You can get BB to read some data from a tag (universal ID, tag type ID, etc), and you might be able to program the BB to emulate that, but that is not enough for PAT.

PAT readers get authentication from the tag by sending a Challenge and verifying the Response received from the tag. The tag can respond "correctly" to the Challenge because it "knows" how to decipher the challenge (taking away the random number in challenge/etc) and it knows a secret code, a code that is used by the reader to create the Challenge.
The secret code and the know-how about how to decipher the Challenge is what you need if you wanted to mimic a PAT card.
(And because of the random number used in the Chellenge and Response, it doesn't help to sniff to the communication between the reader and a real tag)

If you are interested google
How mifare classic was hacked

Thank you for the informative reply. I didn't think about the challenge question which would be part of the authentication process. But with the technology itself having been around for so long I think companies really need to focus on taking advantage of it. I personally don't want to carry more cards or stuff my wallet with cards other than my id.

[Vijik]

Thank you for the informative reply. I didn't think about the challenge question which would be part of the authentication process. But with the technology itself having been around for so long I think companies really need to focus on taking advantage of it. I personally don't want to carry more cards or stuff my wallet with cards other than my id.

I think companies are working to take advantage of it.

RIM has announced that they have deployed mobile payment in Turkey. I hope it also becomes available in other countries.

I think the biggest problem for deploying mobile payment is to get the carriers and other companies to agree on one business model. Some carriers are real greedy.

[gordonzhao]

I think companies are working to take advantage of it.

RIM has announced that they have deployed mobile payment in Turkey. I hope it also becomes available in other countries.

I think the biggest problem for deploying mobile payment is to get the carriers and other companies to agree on one business model. Some carriers are real greedy.

I completely agree, companies want to make at least some of not a lot of profit on just about anything they can get their hands into. But as far as mobile payments I don't get why carriers should be concerned other than wanting a piece of the pie. We're only using their data which we're already paying for....

[iamq]

Watch this space... (and have a google) HID Corp have something in the pipeline where IClass credentials can be stored on the phone and it used as your building access card.

At the moment its on limited trial, and once Visa finally get there finger out (Even though we had the TV adverts in the UK a while back now showing wavepay loaded onto a 9900) they are the key to this. This is also the reason why most CDMA (Non SIM devices) will never get access to secure objects.

The SIM is the key as others have said above and forms part of the secure wrapper. The same thing is relevent to this specific transit provider issue, ditto Oyster card here in London. At the end of the day to access those services you *will* have to wait for the providers (transit providers, app builders etc) to all come together and sort something out.

You can get apps that may let you read the balance off your travel card, but thats about it - no hope in using them fully at the moment.

[gordonzhao]

Lol, not really NFC at work but once I get my SIII in, the NFC bus card will be small enough to just stick between my battery and back door. Lol, people next to me will probably be shocked. How did you do that? At least here in Chicago.

[papped]

As a ghetto workaround, just get a case that has a credit card storage slot built in, then stick the card in there.

[gordonzhao]

I'm sure it would work if I placed my Chicago card between my phone's battery and back door, but I tried it between my case and phone and it did not unfortunately, I wonder if it just needs to be a little closer. Or if the phone is causing interference. But I'll need to find another workaround.

[papped]

I'm sure it would work if I placed my Chicago card between my phone's battery and back door, but I tried it between my case and phone and it did not unfortunately, I wonder if it just needs to be a little closer. Or if the phone is causing interference. But I'll need to find another workaround.

What is the case made out of? NFC should easily be able to read through your wallet, etc so I can't imagine a plastic case causing a problem (unless the subway readers are just complete crap).

[gordonzhao]

What is the case made out of? NFC should easily be able to read through your wallet, etc so I can't imagine a plastic case causing a problem (unless the subway readers are just complete crap).

Its the incipio Faxion, it's essentially a tpu infused with a hard case on the outside. I think they call it a 'smartchip' it should essentially the same as an NFC tag.

[Vijik]

Its the incipio Faxion, it's essentially a tpu infused with a hard case on the outside. I think they call it a 'smartchip' it should essentially the same as an NFC tag.

If you have metal (not covered with ferrite sheet) in front of or behind the NFC Card, most of the signal from the reader goes to that metal and that can cause your NFC card never getting enough power to turn on and respond to reader (no transaction).

Or, if you have another NFC Card in the reader's field at the same time, the reader might (depending on the implementation policies) reject using any of the cards.

[Gees97]

Just tape the subway card to ur blackberry and BAM! NFC! Lmao

[gordonzhao]

If you have metal (not covered with ferrite sheet) in front of or behind the NFC Card, most of the signal from the reader goes to that metal and that can cause your NFC card never getting enough power to turn on and respond to reader (no transaction).

Or, if you have another NFC Card in the reader's field at the same time, the reader might (depending on the implementation policies) reject using any of the cards.

There shouldn't be any metal, I'm thinking the case is too thick, I have a seidio surface on the way so it should be thinner. I have my NFC turned off on the S III. So it shouldn't affect the train's reader. I'll give it a try once I get the case in.