Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Idaho College to Test Secure NFC Phone Module

Brigham Young University students will try out RFinity's microSD NFC card, installed in handsets, to purchase items at the school's bookstore and make encrypted peer-to-peer transactions.
By Claire Swedberg
Jul 24, 2009Brigham Young University, located in Rexberg, Idaho, will begin piloting a mobile phone payment and security system this fall, provided by technology startup RFinity. The system includes RFinity's microSD security cards, which employ Near Field Communication (NFC) RFID technology, and the pilot is intended to test whether the technology can provide secure financial transactions at the school's bookstore, as well as peer-to-peer transactions between students.

The technology was first developed in 2006 as a mobile phone security solution by RFinity's cofounders, CTO Steve McCown and CEO Aaron Turner, when, while working for the U.S. Department of Energy, the duo were trying to develop a means of preventing data theft and unauthorized access to PCs and mobile phones. McCown developed a hardware security module for cell phones that included an NFC chip so that a phone could communicate with an RFID interrogator.

Aaron Turner, RFinity’s CEO
The security module offered encryption to ensure data stored on a phone could not be accessed by unauthorized individuals, as well as an NFC tag that could transmit a unique ID number to an NFC reader, for use at secure locations such as a classified workplace in which cellular phones are typically prohibited. In the latter case, the phone could be tapped against an NFC reader on the door of a secured space, and the ID number would be verified as belonging to a phone approved for use in that space. In that way, the user would not have to surrender his or her phone while within that classified workplace.

In 2007, Turner and McCown began working together to leverage the module's security and NFC aspects for other purposes. They developed a highly secure NFC module to enable college students and other users to conduct financial transactions with contactless capabilities in their cell phones. The two attained a patent on the technology in 2008, built a prototype of the RFinity microSD security card, and received support from venture capital firm Horizons Ventures Ltd.

When using the mobile phone's battery power, the card creates a series of random, constantly changing encrypted ID numbers that link to a single, permanent, unique 16-digit ID number, initially generated and assigned to the user. Because these encrypted numbers are computationally impossible to predict, data thieves are unable to steal a user's unique ID number and use it to access that person's account. The security is built on the National Security Agency (NSA) Suite B standard—a strategy for protecting national security information—with elliptical curve cryptology (ECC) based on the algebraic structure of ellipses. "We never say our system is unhackable," Turner says, noting, "We do say that we are the most secure contactless technology being developed today."

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations