NFC FORUM SPECIFICATIONS OFFER MOBILE DEVICE SECURITY WITH CRYPTOGRAPHY
Standardized Cryptographic Framework Simplifies Secure NFC Application Development For Service Providers
WAKEFIELD, Mass. – April 22, 2021 – The NFC Forum, the global standards-body for Near Field Communication (NFC) technology, released today two specifications that offer cryptology security for NFC. The new NFC specifications provide security for NFC-enabled mobile devices by using a cryptographic framework to enable development of secure NFC applications protecting the confidentiality and the privacy of NFC communications. The specifications can be used to improve the security of applications involving smartphones, among many other uses.
The NFC Authentication Protocol 1.0 Specification (NAP 1.0) provides a framework for using cryptography to establish a secure channel and authentication as well as the bonding between two devices using a shared, secret key for communicating personal data and messages between devices. The Logical Link Control Protocol Technical Specification 1.4 (LLCP 1.4) is the first NFC Forum technical specification to take advantage of NAP 1.0’s secured data transfer. It describes how the processes defined in NAP 1.0 are mapped on LLCP 1.4 for communication between two devices. The devices do not have to be on-line at the time authentication takes place.
“These specifications are important because the standardized framework simplifies development of secure NFC applications,” said Mike McCamon, executive director, NFC Forum. “This approach with these specifications avoids the need for proprietary implementations in the market which may lead to market fragmentation and confusion.”
The specifications help protect the privacy and confidentiality of personal data and messages shared electronically by establishing a secure communications channel. In addition, the authentication and bonding mechanisms allow for the establishment of trust and the pairing of an NFC-device, like a smartphone or wearable, to create different applications.
NAP 1.0: Application Authentication and Secured Data Transfer
NAP 1.0 describes the basic mechanism for applications needing an authentication and/or a secured data transfer. It provides mechanisms for cryptographically authenticated NFC connections in reader/writer mode and peer mode and describes the principals of the bonding and application process. NAP 1.0 supports three mechanisms:
- Establishment of a secure channel between two NFC devices to prevent eavesdropping when these two NFC devices are communicating with each other.
- The authentication process allows NFC devices to build up trust with each other for NFC communication. It prevents an NFC device from exchanging information with another unauthorized NFC-enabled device.
- The bonding process allows two NFC devices to be paired together and establish a common secret key during a registration phase. This allows for a faster authentication process and a faster setup of a secure channel.
LLCP 1.4: Peer-to-Peer Secure Data Transfer
LLCP 1.4 is the first NFC Forum technical specification to take advantage of NAP 1.0 for secured data transfer. The LLCP 1.4 describes how the processes defined in NAP 1.0 are mapped on LLCP for peer-to-peer communication between two devices. LLCP 1.4 can setup as either an ad-hoc secure data transfer or a secured data transfer after the two devices have been bonded. It uses NAP 1.0 for secure data transfer, replacing the secure data transfer defined by LLCP 1.3 specification
Both specifications were published as Candidate Specifications and interested parties are invited to comment on the documents on the NFC Forum web site at https://nfc-forum.org/our-work/specification-releases/feedback-on-technical-specifications/ before their adoption as NFC Forum Specifications.
About the NFC Forum
The NFC Forum was launched as a non-profit industry association in 2004 by leading mobile communications, semiconductor, and consumer electronics companies. The Forum’s mission is to advance the use of Near Field Communication technology by developing specifications, ensuring interoperability among devices and services, and educating the market about NFC technology. The Forum’s global member companies are currently developing specifications for a modular NFC device architecture, and protocols for interoperable data exchange and device-independent service delivery, device discovery, and device capability. Only member companies can participate in the Forum’s certification program of NFC devices, readers and tags.