NFC Forum Brings Advanced Security to NFC Tags with Signature RTD 2.0 Technical Specification

  • Date: April 16, 2015
  • Provides the Only Open, Interoperable Security Standard for NFC Tags

    WAKEFIELD, Mass. – April 16, 2015 – The NFC Forum today announced the public availability of the Signature Record Type Definition (RTD) 2.0 technical specification following approval by the Board of Directors. Formerly a candidate technical specification, Signature RTD 2.0 provides developers with a way for users to verify the authenticity and integrity of data within NFC Data Exchange Format (NDEF) messages, the means by which NFC devices and tags exchange information. The specification is available for download from the NFC Forum website.

    Companies are embedding NFC tags in all sorts of products, including smart posters, restaurant menus, event badges, and interactive displays. The integrity of tag data is vital to many NFC tag applications and use cases. Use of Signature RTD 2.0 protects the integrity of URLs for brand owners and users, and it provides added assurance to customers that tag data is authentic.

    Signature RTD 2.0 works by specifying the format used when signing NDEF records and provides a list of suitable signature algorithms and certificate types that can be used to create signatures. It adds to the features of Signature RTD Technical Specification 1.0 (published in 2010) by supporting compact certificate formats to accommodate most tag types, and increasing security strength by supporting National Institute of Standards and Technology (NIST) and Federal Office of Information Security (BSI) recommended algorithms. Signature RTD 2.0 is designed to be open to all Certificate Authorities (CA), such as those issuing certificates for Transport Layer Security (TLS).

    When NDEF records are signed in accordance with the Signature RTD 2.0 specification, malicious hackers cannot tamper with trusted messages. In addition, the signature record identifies the signer by name, and signers who act in bad faith can have their privileges quickly revoked.

    Certificate Authorities TrustPoint Innovation and DigiCert have issued test certificates for Signature RTD 2.0 for NFC Forum interoperability testing of all functionality, including issuing certificates and signing, reading, and verifying tags, as well as all failure modes. The interoperability testing was conducted using applications supplied by NFC Forum members Broadcom, Sony, and TrustPoint Innovation. TrustPoint Innovation and DigiCert are expected to issue production certificates now that the specification has been published.

    The Signature RTD Certificate Policy defines the procedural and operational requirements that the NFC Forum expects CAs to adhere to when issuing and managing certificates to create signatures for NDEF messages. The Certificate Policy provides users with the possibility of verifying the authenticity and integrity of data within the NDEF message, and specifies the format used when signing single or multiple NDEF records.

    “Secure NFC Tags will be deployed on products to enhance the consumer experience while utilizing smart phones,” said Sherry Shannon Vanstone, president and CEO, TrustPoint Innovation. “TrustPoint’s new BlackSeal Authenticity Service uses Signature RTD 2.0 to protect consumers from hackers and product manufacturers from counterfeiting. This standard provides a significant foundation for securing the Internet of Things.”

    “DigiCert commends the work of the NFC Forum to approve an interoperable standard that helps ensure NFC integrity, and we’re pleased to lend our expertise to help develop and advance this important initiative,” said Jeremy Rowley, vice president of business development at DigiCert. “The increasingly mobile and connected world in which we operate requires strong authentication and encryption solutions to make sure that consumers and enterprises are protected from fraud as part of a more trustworthy future, and the Signature RTD 2.0 specification is an important step in the right direction.”

    “NFC tags are instrumental to a wide range of NFC use cases,” said Koichi Tagawa, chairman of the NFC Forum. “With just a tap of their mobile phones, consumers can access loyalty offers, special deals, and discounts, read about a wine’s history and vintage before purchase, and experience talking statues that bring history to life. With the publication of the Signature RTD 2.0 specification, NFC developers and users alike can be confident that their interactions with NFC tags are trustworthy and incorporate the most sophisticated encryption methods available. We thank our Security Working Group and Technical Committee for bringing this important specification to fruition.”

    About Near Field Communication Technology

    NFC technology makes life easier and more convenient for consumers around the world by making it simpler to make transactions, exchange digital content, and connect electronic devices with a touch. A standards-based connectivity technology, NFC harmonizes today’s diverse contactless technologies, enabling current and future solutions in areas such as access control, consumer electronics, health care, information collection and exchange, loyalty and coupons, payments, and transport. NFC technology is supported by the world’s leading communication device manufacturers, semiconductor producers, network operators, IT and services companies, and financial services organizations. NFC is compatible with hundreds of millions of contactless cards and readers already deployed worldwide.

    About the NFC Forum

    The NFC Forum (www.nfc-forum.org) was launched as a non-profit industry association in 2004 by leading mobile communications, semiconductor, and consumer electronics companies. The Forum’s mission is to advance the use of Near Field Communication technology by developing specifications, ensuring interoperability among devices and services, and educating the market about NFC technology. The Forum’s global member companies are currently developing specifications for a modular NFC device architecture, and protocols for interoperable data exchange and device-independent service delivery, device discovery, and device capability. The NFC Forum’s Sponsor members, which hold seats on the Board of Directors, include leading players in key industries around the world. The Sponsor members are: Broadcom Corporation, Dai Nippon Printing Co. Ltd., Google, Inc., Intel, MasterCard Worldwide, NEC, Nokia, NXP Semiconductors, Qualcomm, Samsung, Sony Corporation, STMicroelectronics, and Visa Inc.

    ###

    Media Contact:
    Ruth Cassidy
    NFC Forum Public Relations
    ruth.cassidy@nfc-forum.org
    +1 617.957.8494