Electronic – use a NFC ring as an Oyster card


I've been looking into converting a MIFARE (Oyster card) into a ring. I found this NFC ring on kickstarter, will that work as an Oyster card? Or are they different technologies?

Best Answer

The short answer is "no". The NFC ring will not contain the application-specific cryptographic keys required by Oyster.

NFC "rings", like other NFC-capable contactless payment tokens, contain a tamper-resistant microprocessor with cryptographic acceleration and a small amount of secure memory storage. These chips and associated induction antenna coil are together referred to as "tags", "smart cards", or "secure elements", regardless of the physical form factor of the surrounding plastic package (e.g. card, key chain dongle, ring, watchband).

Among the secrets stored inside the chip are symmetric cryptographic keys used to encrypt the observable traffic between the chip in the card and the turnstile reader. Without this secret key, any data you might place in your key ring, even if in exactly the right application format, would nevertheless have the wrong authentication key. The turnstile will not succeed in authenticating your key ring and will not be able to read the memory contents.

During manufacturing of the chips (during wafer-sort and test phase), the devices are automatically tested before the wafer is sawn into dice. During this testing step, the initial contents of the secure memory can be programmed according to the needs of high-volume customers. The chips are then sawn and delivered (securely) to a separate factory that produces the "inlays" (the combination of antenna coil, chip, encased in suitable packaging of plastic, plasticized paper, mylar, fluffy toy, rubber wristband, etc...)

The Oyster card uses MIFARE Classic or MIFARE Plus chips from NXP Semiconductor (MIFARE Classic family). MIFARE Plus works the same as MIFARE Classic but uses AES encryption rather than NXP proprietary encryption used in Classic. Newer applications use ISO/IEC 14443-4 standardized application cards (like payment cards from V/M/Amex, and NXP offers a proprietary extension of these called DESFire for transit agency issued cards).

The Oyster MIFARE cards are programmed at the factory (or by the system operator from blank devices) and are activated upon enrollment to the system. The readers at the turnstiles and behind the glass window or in the fare adjustment machines all have matching chipsets called "SAM" (Secure Access modules) with matching secret keys stored in their own secure memory. The reader uses the SAM to generate and validate challenge-response codes and to deduct or top-up fare balances or redeem one-time tickets.

The keys required by each application are generated in the factory and programmed as described above. Alternatively, blank cards can be programmed with "transport keys" that are not secret and enable anyone to use the chip. Your NFC key ring comes that way. Once you key the chip, you can change the two keys to whatever you want them to be and program your application settings into the chip. However, you will have no way of replicating the unique keys required by Oyster: Even if you were to discover the keys in the Oyster card, they would be the wrong keys for your NFC keyring which has a separate and unchangeable UID. The keys in each card are unique to that card, derived from the card serial number and encrypted according to an application diversification rule and master key set (AN10922—Symmetric Key Diversification). So even brute force cracking one card to discover its keys will not enable you to crack any others.

In the case of MIFARE the application platform two keys are needed. The Key A and the Key B. Key B can be thought of as the "admin" key--used to top-up change keys, replace otherwise read-only data. The Key A is the key used by the turnstiles to challenge the card. The MIFARE application in the card supports only a limited set of primitive operations and so the SAM must interrogate and update the card according to Oyster-defined logic after authenticating to the card using one of the two secret keys.

There is nothing different about an Oyster card electrically from any other MIFARE device. If TfL chose to, they could provision their application to any randomly presented MIFARE device of appropriate memory size, after first erasing it. The problem becomes one of veracity of the token. If Oyster issues the card or ticket, they can rely on a secure supply chain to ensure only legitimate cards are used to hold and redeem value. However, they can't prove where your device came from — it might be a microprocessor emulating a MIFARE device, encased in an ID-1 form plastic card like Oyster cards, but with backdoor logic that might be used to undermine Oyster system controls. There is no positive return for TfL investing against this risk, however small.

So the "no" above is really a policy choice by TfL, not a technical limitation.

Once mobile NFC becomes more accepted by TfL, they will have a way of provisioning a different kind of secure application to the phone, rather than relying on MIFARE emulation. Contactless payment cards issued by Visa, MasterCard, American Express and the other payment brands, use an ISO/IEC standard physical and logical protocol that has been adapted for use in mobile phones as "NFC". The compatibility of the radio and logical protocols, together with suitable security hardware or cloud-based tokenization, will enable the mobile phone to hold an Oyster-compatible digital token that will function at turnstiles and at the glass windows.

TfL must upgrade their reader systems and SAMs (nearly in entirety) to enable the use of open-loop payment cards, issued by banks, in addition to closed-loop Oyster tokens issued by TfL. This switch to ISO 14443-4 payment readers has taken awhile. But it works already on busses and they have promised conversion of Tube should be done by 16 September 2014.

Another way to pay
You can use your contactless payment card to travel on buses. From 16 September 2014 you'll also be able to use it on Tube, tram, DLR, London Overground and most National Rail services in London. http://www.tfl.gov.uk/fares-and-payments/contactless

This conversion is the first step in enabling consumer-owned security tokens to substitute for agency-issued tokens. And is a HUGE cost savings for TfL. Just accepting V/M contactless cards will save enormous amounts on issuing and replacing cards and on system management. And it is a practical improvement for riders who will no longer have to top-up an Oyster card or adjust a fare—these tasks are now performed automatically.

So it may not be too long from now before you can use an "NFC ring" or "watch" to open a turnstile at your favorite station. You can already use your branded payment card and may as well use your NFC payment enabled phone.