NFC Forum releases specifications for mobile device security with cryptography

23 aprilie 2021

The NFC Forum, the global standards-body for Near Field Communication (NFC) technology, released today two specifications that offer cryptology security for NFC. The new NFC specifications provide security for NFC-enabled mobile devices by using a cryptographic framework to enable development of secure NFC applications protecting the confidentiality and the privacy of NFC communications. The specifications can be used to improve the security of applications involving smartphones, among many other uses.

The NFC Authentication Protocol 1.0 Specification (NAP 1.0) provides a framework for using cryptography to establish a secure channel and authentication as well as the bonding between two devices using a shared, secret key for communicating personal data and messages between devices.  The Logical Link Control Protocol Technical Specification 1.4 (LLCP 1.4) is the first NFC Forum technical specification to take advantage of NAP 1.0’s secured data transfer. It describes how the processes defined in NAP 1.0 are mapped on LLCP 1.4 for communication between two devices. The devices do not have to be on-line at the time authentication takes place.

These specifications are important because the standardized framework simplifies development of secure NFC applications,” said Mike McCamon, executive director, NFC Forum.  “This approach with these specifications avoids the need for proprietary implementations in the market which may lead to market fragmentation and confusion.

The specifications help protect the privacy and confidentiality of personal data and messages shared electronically by establishing a secure communications channel.  In addition, the authentication and bonding mechanisms allow for the establishment of trust and the pairing of an NFC-device, like a smartphone or wearable, to create different applications.

NAP 1.0: Application Authentication and Secured Data Transfer

NAP 1.0 describes the basic mechanism for applications needing an authentication and/or a secured data transfer.  It provides mechanisms for cryptographically authenticated NFC connections in reader/writer mode and peer mode and describes the principals of the bonding and application process. NAP 1.0 supports three mechanisms:

. Establishment of a secure channel between two NFC devices to prevent eavesdropping when these two NFC devices are communicating with each other.

. The authentication process allows NFC devices to build up trust with each other for NFC communication. It prevents an NFC device from exchanging information with another unauthorized NFC-enabled device.

. The bonding process allows two NFC devices to be paired together and establish a common secret key during a registration phase. This allows for a faster authentication process and a faster setup of a secure channel.

LLCP 1.4:  Peer-to-Peer Secure Data Transfer

LLCP 1.4 is the first NFC Forum technical specification to take advantage of NAP 1.0 for secured data transfer. The LLCP 1.4 describes how the processes defined in NAP 1.0 are mapped on LLCP for peer-to-peer communication between two devices.  LLCP 1.4 can setup as either an ad-hoc secure data transfer or a secured data transfer after the two devices have been bonded. It uses NAP 1.0 for secure data transfer, replacing the secure data transfer defined by LLCP 1.3 specification

Adauga comentariu

Noutăți
Cifra/Declaratia zilei

Constantin Rotariu – cofondator & COO Bitcoin Romania

In prezent, fiind o piata cu o volatilitate foarte mare, cu multi traderi sezonieri care incearca sa profite de aceasta volatilitate, volumul a crescut mult. Sunt zeci de milioane de euro pe luna tranzactionati prin Bitcoin Romania, pe toate produsele noastre, pe platforma online si prin ATM-uri. S-a dovedit ca bitcoin este un activ de stocare pe termen lung iar cei care au facut profitul cel mai mare sunt cei care au avut rabdare, de la trei ani in sus.

Afla aici sfaturile expertului

Sondaj

In 23 septembrie 2019, BNR a anuntat infiintarea unui Fintech Innovation Hub pentru a sustine inovatia in domeniul serviciilor financiare si de plata. In acest sens, care credeti ca ar trebui sa fie urmatorul pas al bancii centrale?