Wednesday 1 October 2014 | RSS

 
Feedback
 
 

Uncovered: The hidden NFC potential of the Google Nexus S and the Nokia C7

Mobile and NFC experts Dr Gerald Madlmayr and Christian Kantner have taken apart both a Nokia C7 and a Google Nexus S to find out what’s inside and what kind of services it will be possible to offer via the handsets in the future — and to build a Nexus S that can operate in full card emulation mode. Here Dr Madlmayr explains what he and Kantner discovered…

Gerald Madlmayr • Pic by Reinhard Winkler

NFC TECH EXPERT: Dr Gerald Madlmayr

Lately the press has been full of articles and rumors about NFC in the new Samsung phone as well as upcoming Apple products, but nobody has done detailed reviews of the Nexus S and also the claimed NFC functionality of the Nokia C7. So a colleague, Christian Kantner, and I spent some time playing around with the phones and built a firmware for the Nexus S, that fully supports all NFC features, such as SWP.

Inside the Nokia C7

Nokia C7 disassembled

FIGURE 1: Nokia’s C7 in bits. Click to enlarge.

Let’s start with the Nokia phone. We took the phone apart (see Figure 1) to see which chipset they use, and the Nokia C7 comes with a PN544 from NXP. The device is ready for Single Wire Protocol support in order to use the UICC as the secure element.

In order to enable this functionality, Nokia only needs to provide firmware that comes with the appropriate software stack. In this case, Nokia will likely use NXP’s FRI (Forum Reference Implementation), which is also used in the Google phone, of which more later.

NXPs software stack — the FRI

FRI in Android

FIGURE 2: The FRI in Android. Click to enlarge.

The Forum Reference Implementation is a basic software stack that is responsible for managing the NFC chip through HCI (Host Controller Interface) commands. Android’s core and Symbian^3 are both implemented in C, so the software stack from NXP can be ported to both operating systems very well. The software stack features all necessary functionality for reader/writer mode, P2P/LLCP and card emulation using SWP or an embedded secure element.

On top of the FRI, Nokia will provide JSR257 (Java layer) in order to manage reading/writing functionality or exchanging of NDEF data structures. Depending on the configuration of the FRI, the phone can support SWP to offer card emulation using a UICC.

Nokia’s C7 already provides JSR177 for J2ME applications to communicate with the UICC. Hopefully we will see a Nokia firmware update on the device soon. Until then, enjoy the picture of the disassembled Nokia C7 phone, which might be one of the first and last Symbian^3 phones after this week’s ‘merger’ with Microsoft. It could be that the business impact of Nokia C7 — if NFC enabled — will be very little.

The hidden surprise in the Nexus S

PN65N in the Nexus S • Pic: iFixit.com

FIGURE 3: The PN65N with embedded secure element in Google\’s Nexus S. Click to enlarge.

So the Nokia looks fine, but what we found out about Samsung’s Nexus S is even better. The Nexus S comes with a PN65N from NXP. This chip is a combination of the PN544 NFC controller and an embedded SmartMX secure element. You can see this very well in the picture in the Nexus S teardown at iFixit.com.

So the phone comes with everything we do need for card emulation — SWP and even a secure element within the phone.

“But what about the software?” you might ask. Now, the good thing about Android is that everything is open source. This is also true for NXP’s FRI (mentioned already above), which is a library in the Android Git repository. There you can follow the implementation of the NFC stack and how it is glued into the operating system.

If you browse the source code you can see that the flags for the internal secure element as well as SWP are disabled. The same is true for some very interesting APIs such as “mNfcAdapter.getSecureElementList()” in the Java layer.

Currently the development and integration of the library is mainly driven by three different organizations: Google, NXP and TrustedLogic/Gemalto — just check the email addresses of the authors of the code in the repository.

DIY NFC using the Nexus S

Here’s what we did next: Download the source (actually from CyanogenMod 7 to have the full build environment for the new Nexus S), make the appropriate changes to the code, recompile everything and put it back into the phone and it works — Nexus S supports card emulation and SWP!

NFC architecture in the Nexus S

FIGURE 4: NFC hardware architecture in the Nexus S. Click to enlarge.

Then we developed an Android app which we call “The Secure Element Manager” that gives the user full control over the secure elements in the phone as well as the NFC chip.

We are now able to fully control the PN65N from an Android app. Very nice, but not enough; we need more: an API for accessing the UICC (secure element) from an Android API.

Luckily Giesecke & Devrient already supports the development of a smartcard stack for Android, SEEK, the Secure Element Evaluation Kit. This one is available for Android 2.2 and requires some adaption to work in Gingerbread, but after these changes we have a fully featured NFC phone using the Nexus S Hardware. Nice, isn’t it?

G^2 = G&D and Google?

Now here is something interesting as well: When Android switched from 2.3.1 to 2.3.2, Google made some changes in the telephony API which are required by G&D’s smartcard stack. (The recently released Android 2.3.3 is not yet available on Git, therefore we couldn’t check the latest code changes).

These changes indicate that Google could be planning to integrate G&D’s smartcard stack in one of the upcoming versions of Android, perhaps 2.4? But this is just an assumption, and sources at G&D tell me that their stack is not (yet) an industry standard and therefore the market might fragment. That said, there are lots of proprietary APIs in the mobile world that are working fine.

Business impact

One of the most interesting questions that pops up now is “so why do all those companies (NXP, G&D, TrustedLogic) contribute to Google’s OS for free?” Well, for NXP it is quite clear: They earn money selling NFC chips for the mass market and have a strong interest in making sure that system integration is very easy for phone manufacturers.

The roles of G&D and TrustedLogic/Gemalto as software providers are not that obvious. They might just want to enable the easy usage of smart card chips in new platforms, but they might also plan to manage all the security credentials for the big players like Google.

We are pretty sure that Google does not really need SWP, but it could help Google phone manufactures if they provide all options for all the different regional markets. Some of them will offer high security services (like payment and ticketing) using the UICC, while in other markets we will perhaps rather see services using the embedded secure element.

In any case, Google’s two-pronged approach with both SWP and an embedded secure element will accelerate the roll out of secure NFC services considerably.

Dr Gerald Madlmayr is an IT and telecommuncations consultant based in Vienna, Austria, who specialises in technology strategy for mobile network operators, software systems and IT integration in banking and payment systems and customer-focused mobile technologies and devices.

Dr Madlmayr holds a PhD in computer science from the Johannes Kepler University of Linz. His outstanding academic performance was honoured by the president of Austria with a ‘sub auspiciis’ promotion, the highest award for study in the country. Dr Madlmayr has also been awarded the Republic of Austria’s Honouree Prize for R&D.

  • Hugo Rothenkolk

    Thanks for an interesting article.
    You mention
    “When Android switched from 2.3.1 to 2.3.2, Google made some changes in the telephony API which are required by G&D’s smartcard stack”
    Can you clarify what APIs you are referring to?
    I haven’t found any related changes in the API or the code.

    Thanks,
    BR

  • akly

    Hi,

    Very interesting article. I’ve been researching on card emulation capability with the Nexus S and you have provided the answer. Can you provide a fuller tutorial on what changes to the code are needed to enable card emulation and how to integrate SEEK for UICC access?

  • http://sebastianschaper.net sebastian

    what you showed as the NFC antenna in Nokia C7-00 is actually the cellular antenna, the NFC antenna is located at the top of the phone, a small label underneath the antenna for Bluewooth/WiFi/GPS:
    http://sebastianschaper.net/index.php/archives/37

    additionally, could you post a closer view of the NFC chip? mine has “NXP 44501″ written on it, and i couldn’t find any useful information about it, but according to the datasheet PN544 seems to be the appropriate name, thanks!

    it’s curious that google now starts putting secure elements in their nfc phones, when nokia has just stopped that after their first two phones…

  • http://www.tap2buy.com Bruce Hopkins

    Great article! I always love to see the stuff that Gerald is up to.

More headlines...