Slashdot Mirror

← Back to Stories (view on slashdot.org)

New NXP SoC Gives Android Its Apple Pay

Posted by Soulskill on from the supported-by-one-used-book-store-and-a-dude-in-his-garage dept.

dkatana writes: NXP, having worked with Apple on Apple Pay, is now launching its PN66T module for secure NFC mobile transactions — for Android. It's intended to implement the same functionality of Apple Pay. While NXP claims the module is OS independent, the features clearly indicate that Android devices are the likely recipients of the SoC. The PN66T is Europay, MasterCard, and Visa (EMVCo) certified, and also supports American Express ExpressPay, thus fully covering the three big credit card companies, ensuring compatibility and interoperability with existing and future payment methods.

6 of 122 comments (clear)

  1. NXP is a huge secure element provider. by LWATCDR · · Score: 4, Insightful

    NXP making a secure element for any OS is about as shocking as nVidia making a GPU.
    That is what they do.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  2. Re:SoC? by swimboy · · Score: 4, Informative

    SoC is system on a chip.

    --
    Ask me how the Heisenberg Principle may or may not have saved my life.
  3. Re:So Android DOESN'T have an Apple Pay equivalent by Anonymous Coward · · Score: 5, Informative

    They do. It's called Google Wallet. Do literally any research, dude.

  4. Re:So Android DOESN'T have an Apple Pay equivalent by Anonymous Coward · · Score: 5, Informative

    Android has had a secure payment system, Google Wallet. Flagship Android phones used to include secure elements until Google implemented host card emulation in Android with KitKat. HCE eliminates the need for a hardware secure element. Europay, VISA and Mastercard have allowed the use of HCE for a while and American Express ExpressPay announced support for HCE a few days ago.

  5. Equivalence by DrYak · · Score: 4, Informative

    Functionnally: They are equivalent.
    - In both case, it's a payment system, and supports NFC protocol so that you can pay wirelessly just buy putting the phone next to the payment machine.

    Hardware-wise: They are not exactly the same.
    - Google Wallet is just a generic payment system (like PayPal, etc.) In most phone, it's simply the OS (Android) being able to talk over NFC to the payment machine. It's up to the OS and Application to hangle security any way they choose (might or might not involve hardware - most implementation do not. But some smartphone did have some form of it).
    - Apple's system specifically uses a separate piece of hardware: a TPM-like chip that is secured and hardened and holds the actual banking information (which never leaves the chip). Security is by definition handled by the specific chip.The whole systems works like a wireless credit-card with a smartphone bolted next to it, the smartphone being able to act as a GUI to the credit card, but the card handling the transaction themselves.
    Some Android Smartphone did in fact work exactly like that. (Had a dedicated chip which was more or less a micro credit card, which handled the NFC talk it self and the smartphone merely interfacing with the card).
    - NXP is a vendor of chip that makes hardware components for payment. They've worked on Apple's chip. They are now selling this chip for android smartphone manufacturers too.

    Apple's emphasis is on security: They want their "dedicated non-hackable credit-card-on-a-chip" approach.
    Google's emphasis is on making the technology available everywhere. High end phone will have a chip, low-end phone will simply emulate a virtual credit card by having a piece of software talk over NFC. But it's going to be available as widely as possible.

    From a security point of view:
    Meh.
    Google's idea isn't the most secure ever: it rellies on the OS being good at correctly isolating and sandboxing apps. But bugs happen.
    Apple's idea isn't perfect either. In theory, a separate piece of hardware is easier to make tamper proof. In practice, it's just a subpart of the same piece of silicon as the rest of the system (they are SoC. System-on-chip. Nearly the whole modern smartphone is a single chip) hacker are bound to find a way to leak sensitive data (I mean, for fuck's sake: hackers have been able to deduce GPG private key by reading signals leaking out of a compute. Noise. Captured by a smartphone's mic. If they can steal your crypto just by listening caps singing over a crappy mic, do you really think that a core on the same piece of silicon is isolated enough ?!)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  6. (Ref) by DrYak · · Score: 4, Informative

    I mean, for fuck's sake: hackers have been able to deduce GPG private key by reading signals leaking out of a compute. Noise. Captured by a smartphone's mic.

    Ref

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]