Near Field Communication (NFC) is a type of passive 13.56 MHz RFID technology that enables short-range wireless data transmissions at 4 centimeters (1.6 inches) or less. It powers such applications as contactless payments, and it lets consumers use NFC-enabled mobile devices to interact with RFID tags or other NFC-enabled devices and products.
The NFC Forum, an industry organization that develops and promotes NFC technical standards and best practices for the technology’s commercialization and use, has released its latest technical standard, known as Signature Record Type Definition (RTD) 2.0. The group says that RTD 2.0 standard will help ensure safe deployments of NFC across all applications, by establishing a system for authenticating data written to NFC tags.
NFC devices operate in three modes: reader-writer, in which the NFC module can either collect data from or write data to an NFC RFID tag; peer-to-peer, in which two NFC devices exchange data when in close proximity; and card emulation, in which the only NFC function that the device performs is a proxy for a credit card or a contactless building-access card. So, for example, when a smartphone containing an embedded NFC module is used to make a purchase, the module inside the phone acts as a contactless card and the module inside the payment terminal acts as a reader, collecting data from the phone and then triggering a secure transaction.
As use of NFC technology grows, manufacturers are beginning to embed NFC tags inside products so that consumers can more easily interact with or learn about those goods, or to thwart the potential counterfeiting of those items. For example, some Hewlett-Packard (HP) printers have an embedded NFC module that can be used, in combination with HP’s ePrint software running on a mobile device, to send a document directly to the printer, via NFC. And Sony has integrated NFC technology into certain modules of portable digital speakers, making it easy to pair an NFC smartphone to the device and then stream music to the speaker via a Bluetooth connection.
The NFC Forum estimates, based on shipments, that there are currently more than 500 million NFC-enabled smartphones in the global marketplace. Market research firm Strategy Analytics expects that number to grow sharply as an increasing number of manufacturers integrate NFC technology into devices.
Apple‘s iPhone 6 contains an NFC module, but supports only the card emulator mode (through the ApplePay program that many major retailers have adopted), and thus cannot be used for applications outside of payments. Nor has Apple opened up the NFC module to mobile phone app developers, via an application programming interface, as Google has for NFC phones running on the Android operating system, according to Tony Rosati, the chair of the NFC Forum’s Security Technical Working Group.
NFC technology has been widely deployed in Asia, Rosati says, where it is used for ticketing in transit systems, as well as for tracking purchases at some sushi restaurants.
NFC Forum spokesperson Ruth Cassidy says that while NFC technology and products have been in the marketplace for many years, the standards and protocols needed to make them appealing to manufacturers and service providers have only emerged in recent years.
The new Signature RTD 2.0 standard is important, the NFC Forum explains, because it provides a way to certify the integrity of data, such as a URL, written to an NFC tag, in order to prevent an unauthorized party from writing malicious code to the tag that could, for example, trigger a phishing attack when an NFC device collects the tag data. This has been a known vulnerability that security researchers exposed years ago, Rosati says.
NFC devices and tags exchange information using a format called the NFC Data Exchange Format (NDEF). The new standard specifies the format used when signing single or multiple NDEF records, as a means of authenticating them. The NFC Forum has worked with third-party authentication services, such as TrustPoint and DigiCert, to issue certificates to signees and then mangage them. This provides a system for verifying the authenticity and integrity of data within the NDEF message. Other upgrades that are part of the Signature RTD 2.0 standard include new encryption algorithms that comply with National Institute of Standards and Technology (NIST) and Federal Office of Information Security (BSI) guidelines. The specification for Signature RTD 2.0 is available for download from the NFC Forum website.
Prior to the NFC Forum’s release of RTD 2.0, some companies have offered their proprietary products and services for authenticating data written to NFC tags. One such firm is HID Global, which launched its HID Trusted Tag services last month.
“As a neutral standards body and industry trade association, the NFC Forum does not comment on any particular company’s product or implementation,” Cassidy says. “We can state that Signature RTD provides the only open, interoperable security standard for tags. It is not tied to any particular vendor.”
Will the new standard mean that manufacturers that have been holding back on integrating NFC technology into products, due to security concerns, will now dive in? “It’s possible,” Cassidy says. “We’ll see how many companies react.”
In an online consumer survey that the NFC Forum conducted late last year, approximately 75 percent of respondents expressed an interest in using NFC technology integrated into mobile devices to do such things as receive product coupons inside stores, access additional product information to help decide on a purchase, or purchase consumables, such as printer toner, for a product they own.