Frequently Asked Questions
General and Architecture
When I buy a transport ticket from the Internet, I must wait one hour until I can go to the station and download it to my transportation card. How long does it take with Fidesmo?
A few seconds at most - your ticket is downloaded to the card in the same transaction.
Let’s say that my town’s bus company and public library both decide to use Fidesmo. Do they have to coordinate their card applications to avoid interoperability issues?
Not at all! One of the best features of Fidesmo is that they can be run independently to each other, just as when you install and run different apps in a smartphone.
How does your solution compare to other mobile-NFC options?
There are other mobile Secure Elements that perform the same functions as the Fidesmo Card: embedded NFC chips in phones, SIM cards, NFC-capable micro-SD cards. While they might be more convenient for the user (they don’t require carrying a separate contactless card), we think our solution has strong advantages:
- Cost: the Fidesmo Card is cheaper than the alternatives above, but the main cost advantages lie on our pricing scenario (we do not charge for space on the card) and on the small initial costs, see below.
- Access to Gatekeepers: while SIM cards require signing contracts with mobile operators, and embedded NFC chips with phone manufacturers, our solution just requires signing up into this portal.
- Technical simplicity: our interfaces are simple and easy to integrate, completely different from the over-engineered procedures mandated by the mobile industry.
Do I have to send a push message to my users to initiate the service delivery process?
It is much simpler than that: the process is always initiated from the phone.
What if I need to send some information to my server at the time of triggering the service delivery process?
We have a recommendation for that! It is here.
I want to distribute my Java Card applet to Fidesmo cards but I don’t want to have a server running just for that
You don’t need to! Just upload your applet’s CAP file using the
/executableLoadFiles POST operation in our API and then write a “Service Recipe” so the Fidesmo server takes care of the entire process. Service Recipes are explained in this document. You can also use recipes for simple services that always send the same commands or data to the card.
How can I verify that my applet has been correctly uploaded to the Fidesmo servers?
There’s an API operation for that:
/executableLoadFiles GET operation.
Can I use any AID when I deploy my own Java Card applets?
You could run into trouble ;-). According to ISO 7816, AIDs have to start with a RID (resource identifier) that is assigned to companies by ISO. We provide two options:
- Use Fidesmo's RID
A0:00:00:06:17:00followed by your appId, as explained here.
- Use an AID that we can verify that you have the right to use. In that case, you can use it for your applets, but Executable Load Files loaded on Fidesmo cards will need to follow the schema above for their AIDs. When it comes to removing one of such applets from a card, it is necessary to delete its ELF, using the
The reason behind it is to avoid that a Service Provider removes objects installed by a different SP.
How many applications can I install on a Fidesmo Card?
As many as it fits - the only limit is the card’s permanent memory space. We always source the best smart card chips we can find: the ones we are using now have 144KB, which in the smart card world is a lot.
Will Fidesmo cards work with my card readers?
Yes, as long as they can read/write Java Card or MIFARE DESFire cards.
I really need my cards to be black. And have a green Martian printed on the front side. Is that possible?
We have our own awesome Android App and we would like to use it to send coupons to a card applet. How can we do that?
That’s easy! After setting up a service, your app just needs to call Fidesmo App so it does the hard work of getting the commands to the card. We have a really simple interface based on Intents - it is described and we have also this hands-on tutorial.
What if an evil hacker buys a ticket, stores it on the phone, and copies it in many cards? Won’t I be giving away my services?
The evil hacker can try, but that will not work. We always consider the smartphone as an untrusted environment, so no sensitive information is stored there or ever passes through. In case of a ticket download,
- The Fidesmo server opens a secure channel to the card. The phone just sees a stream of encrypted commands.
- Each Fidesmo card has its own set of keys, so commands can only be sent to the cards they are intended to.
- Finally, new keys are generated in every session, so replaying encrypted commands will not work.
You can read more about secure channels in GlobalPlatform specifications (requires registration).
Pricing and Business
How do you make money?
Our idea is to make money when you make money through our platform. We have prepared a number of price plans in which you are charged based on usage of our API and resources. If you decide to sell your services through our platform, we charge a commission on payments. All our pricing plans are listed here.
Can I try you for free?
We have a free plan. When you sign up, look for our introductory offers for developer cards.
Fingerprints of Fidesmo Public Keys
SHA-256 JWK Fingerprint of the Fidesmo public key for Samtrafiken.