Saturday, July 16, 2011

Near Field Communication (NFC)

An NFC mobile phone interacting with a "SmartPoster"

N-Mark Logo for certified devices
Near field communication, or NFC, allow for simplified transactions, data exchange, and connections with a touch.[1] Formed in 2004, the Near Field Communication Forum (NFC Forum) promotes sharing, pairing, and transactions between NFC devices[2] and develops and certifies device compliance with NFC standards.[3] A smartphone or tablet with an NFC chip could make a credit card payment or serve as keycard or ID card. NFC devices can read NFC tags on a museum or retail display to get more information or an audio or video presentation. NFC can share a contact, photo, song, application, or video or pair Bluetooth devices. The 140 NFC Forum members include LG, Nokia, Huawei, HTC, Motorola, NEC, RIM, Samsung, Sony Ericsson, Toshiba, AT&T, Sprint, Rogers, SK, Google, Microsoft, PayPal, Visa, Mastercard, American Express, Intel, TI, Qualcomm, and NXP.[4]

Contents

Uses

Emerging NFC standards allow customers to quickly purchase products and transfer secure information by touching devices. NFC allows companies to reduce staffing, printing, and point of sale costs. Globally, 100 million people use mobile payment outside the U.S., but only 3.5 million use the technology in the U.S.[5]

Social networking

NFC simplifies and expands Social networking options:

Bluetooth and WiFi Connections

NFC can be used to initiate higher speed wireless connections for expanded content sharing.[11]
  • Bluetooth: Instant Bluetooth Pairing can save searching, waiting, and entering codes. Touch the NFC devices together for instant pairing.[6][11]
  • WiFi: Instant WiFi Configuration can configure a device to a WiFi network automatically. Tap an NFC device to an NFC enabled router.[11]

eCommerce

NFC expands eCommerce opportunities, increases transaction speed and accuracy, while reducing staffing requirements. A Personal identification number (PIN) is usually only requried for payments over $100 (in Australia).[7]
  • Mobile payment: An NFC device may make a payment like a credit card by touching a payment terminal at checkout or a vending machine when a PIN is entered.[7][6][12]
  • PayPal: PayPal may start a commercial NFC service in the second half of 2011.[13][14]
  • Google Wallet is an Android app that stores virtual versions of your credit cards for use at checkout when a PIN is used.[12]
  • Ticketing: Tap an NFC device to purchase rail, metro, airline, movie, concert, or event tickets. A PIN is required.[7][15][16]
  • Boarding pass: A NFC device may act as a boarding pass, reducing check-in delays and staffing requirements.[7]
  • Point of Sale: Tap an SmartPoster tag to see information, listen to an audio clip, watch a video, or see a movie trailer.[10][11]
  • Coupons: Tapping an NFC tag on a retail display or SmartPoster may give the user a coupon for the product.[10][11]
  • Tour guide: Tap a passive NFC tag for information or an audio or video presentation at a museum, monument, or retail display (much like a QR Code).[6][10]

Identity documents

NFC's short range helps keep encrypted identity documents private.[11]
  • ID card: An NFC enabled device can also act as an encrypted student, employee, or personal ID card or medical ID card.[11]
  • Keycard: An NFC enabled device may serve as car, house, and office keys.[11]
  • Rental Car and hotel keys: NFC rental car or hotel room keys may allow fast VIP check-in and reduce staffing requirements.[6][17]

History

NFC traces its roots back to Radio-frequency identification, or RFID. RFID allows a reader to send radio waves to a passive electronic tag for identification and tracking.
  • 1983 The first patent to be associated with the abbreviation RFID was granted to Charles Walton.[18]
  • 2004 Nokia, Philips And Sony Establish The Near Field Communication (NFC) Forum[19]
  • 2006 Initial Specifications for NFC Tags[20]
  • 2006 Specification For "SmartPoster" Records[21]
  • 2006 Nokia 6131 is the first NFC phone[22]
  • 2009 In January, NFC releases Peer-to-Peer Standards to transfer contact, URL, initiate Bluetooth, etc.[23]
  • 2010 Samsung Nexus S - First Android NFC Phone shown[24][25]
  • 2011 Google I/O "How to NFC" demonstrates NFC to initiate a game and to share a contact, URL, app, video, etc.[6]

Essential specifications

NFC is a set of short-range wireless technologies, typically requiring a distance of 4 cm or less. NFC operates at 13.56 MHz on ISO/IEC 18000-3 air interface and at rates ranging from 106 kbit/s to 848 kbit/s. NFC always involves an initiator and a target; the initiator actively generates an RF field that can power a passive target. This enables NFC targets to take very simple form factors such as tags, stickers, key fobs, or cards that do not require batteries. NFC peer-to-peer communication is of course possible, where both devices are powered.[2] A patent licensing program for NFC is currently under development by Via Licensing Corporation, an independent subsidiary of Dolby Laboratories. A public, platform-independent NFC library is released under the free GNU Lesser General Public License by the name libnfc.[26]
NFC tags contain data and are typically read-only but may be rewriteable. They can be custom-encoded by their manufacturers or use the specifications provided by the NFC Forum, an industry association charged with promoting the technology and setting key standards. The tags can securely store personal data such as debit and credit card information, loyalty program data, PINs and networking contacts, among other information. The NFC Forum defines four types of tags which provide different communication speeds and capabilities in terms of configurability, memory, security, data retention and write endurance. Tags currently offer between 96 and 512 bytes of memory.
  • As with proximity card technology, near-field communication uses magnetic induction between two loop antennas located within each other's near field, effectively forming an air-core transformer. It operates within the globally available and unlicensed radio frequency ISM band of 13.56 MHz. Most of the RF energy is concentrated in the allowed 14 kHz bandwidth range, but the full spectral envelope may be as wide as 1.8 MHz when using ASK modulation.[27]
  • Theoretical working distance with compact standard antennas: up to 20 cm (practical working distance of about 4 centimetres)
  • Supported data rates: 106, 212 or 424 kbit/s (the bit rate 848 kbit/s is not complaint with the standard ISO/IEC 18092)
  • There are two modes:
    • Passive communication mode: The initiator device provides a carrier fields and the target device answers by modulating the existing field. In this mode, the target device may draw its operating power from the initiator-provided electromagnetic field, thus making the target device a transponder.
    • Active communication mode: Both initiator and target device communicate by alternately generating their own fields. A device deactivates its RF field while it is waiting for data. In this mode, both devices typically have power supplies.
kbit/s Active device passive device
424 kbit/s Manchester, 10% ASK Manchester, 10% ASK
212 kbit/s Manchester, 10% ASK Manchester, 10% ASK
106 kbit/s Modified Miller, 100% ASK Manchester, 10% ASK
  • NFC employs two different codings to transfer data. If an active device transfers data at 106 kbit/s, a modified Miller coding with 100% modulation is used. In all other cases Manchester coding is used with a modulation ratio of 10%.
  • NFC devices are able to receive and transmit data at the same time. Thus, they can check for potential collisions if the received signal frequency does not match with the transmitted signal’s frequency.

Comparison with Bluetooth











































NFCBluetoothBluetooth Low Energy
RFID compatibleISO 18000-3      activeactive
Standardisation bodyISO/IEC   Bluetooth SIGBluetooth SIG
Network StandardISO 13157 etc.IEEE 802.15.1IEEE 802.15.1
Network TypePoint-to-pointWPANWPAN
Cryptographynot with RFIDavailableavailable
Range< 0.2 m~10 m (class 2)~1 m (class 3)
Frequency13.56 MHz2.4-2.5 GHz2.4-2.5 GHz
Bit rate424 kbit/s2.1 Mbit/s~1.0 Mbit/s
Set-up time< 0.1 s< 6 s< 1 s
Power consumption< 15mA (read)varies with class< 15 mA (transmit)

NFC and Bluetooth are both short-range communication technologies which are integrated into mobile phones. As described in technical detail below, NFC operates at slower speeds than Bluetooth, but consumes far less power and doesn’t require pairing. NFC sets up faster than standard Bluetooth, but is not much faster than Bluetooth low energy. With NFC, instead of performing manual configurations to identify devices, the connection between two NFC devices is automatically established quickly — in less than a tenth of a second. The maximum data transfer rate of NFC (424 kbit/s) is slower than that of Bluetooth V2.1 (2.1 Mbit/s). With a maximum working distance of less than 20 cm, NFC has a shorter range, which reduces the likelihood of unwanted interception. That makes NFC particularly suitable for crowded areas where correlating a signal with its transmitting physical device (and by extension, its user) becomes difficult. In contrast to Bluetooth, NFC is compatible with existing passive RFID (13.56 MHz ISO/IEC 18000-3) infrastructures. NFC requires comparatively low power, similar to the Bluetooth V4.0 low energy protocol. However, when NFC works with an unpowered device (e.g. on a phone that may be turned off, a contactless smart credit card, a smart poster, etc.), the NFC power consumption is greater than that of Bluetooth V4.0 Low Energy. Illumination of the passive tag needs extra power.

Standardization bodies and industry projects

Standards

NFC was approved as an ISO/IEC standard on December 8, 2003 and later as an ECMA standard.
NFC is an open platform technology standardized in ECMA-340 and ISO/IEC 18092. These standards specify the modulation schemes, coding, transfer speeds and frame format of the RF interface of NFC devices, as well as initialization schemes and conditions required for data collision-control during initialization for both passive and active NFC modes. Furthermore, they also define the transport protocol, including protocol activation and data-exchange methods. The air interface for NFC is standardized in:
ISO/IEC 18092 / ECMA-340
Near Field Communication Interface and Protocol-1 (NFCIP-1)[28]
ISO/IEC 21481 / ECMA-352
Near Field Communication Interface and Protocol-2 (NFCIP-2)[29]
NFC incorporates a variety of existing standards including ISO/IEC 14443 both Type A and Type B, and FeliCa. NFC enabled phones work basically, at least, with existing readers. Especially in "card emulation mode" a NFC device should transmit, at a minimum, a unique ID number to an existing reader.
In addition, the NFC Forum has defined a common data format called NFC Data Exchange Format (NDEF), which can store and transport various kinds of items, ranging from any MIME-typed object to ultra-short RTD-documents,[30] such as URLs.
NDEF is conceptually very similar to MIME. It is a dense binary format of so-called "records", in which each record can hold a different type of object. By convention, the type of the first record defines the context of the entire message.

GSMA

The GSM Association (GSMA) is the global trade association representing nearly 800 mobile phone operators and more than 200 product and service companies across 219 countries. Many of its members have led NFC trials around the world and are now preparing services for commercial launch.[31]
GSM is involved with several initiatives:
  • Standard setting - GSMA is developing certification and testing standards to ensure the global interoperability of NFC services.[31]
  • The Pay-Buy-Mobile initiative seeks to define a common global approach to using Near Field Communications (NFC) technology to link mobile devices with payment and contactless systems.[32][33]
  • On November 17, 2010, after two years of discussions, AT&T, Verizon and T-Mobile launched a joint venture intended to develop a single platform on which technology based on the Near Field Communication (NFC) specifications can be used by their customers to make mobile payments. The new venture, known as ISIS, is designed to usher in the broad deployment of NFC technology, allowing NFC-enabled cell phones to function similarly to credit cards for the 200 million customers using cell phone service provided by any of the three carriers throughout the United States.

StoLPaN

StoLPaN (‘Store Logistics and Payment with NFC’) is a pan-European consortium supported by the European Commission’s Information Society Technologies program. StoLPaN will examine the as yet untapped potential for the new kind of local wireless interface, NFC and mobile communication.

NFC Forum

The NFC Forum is a non-profit industry association formed on March 18, 2004, by NXP Semiconductors, Sony and Nokia to advance the use of NFC short-range wireless interaction in consumer electronics, mobile devices and PCs. The NFC Forum promotes implementation and standardization of NFC technology to ensure interoperability between devices and services. As of March 2011, the NFC Forum had 135 member companies.[34]

Alternative Form Factors

To realize the benefits of NFC in cellphones not yet equipped with built in NFC chips a new line of complementary devices were created. MicroSD and UICC SIM cards were developed to incorporate industry standard contactless smartcard chips with ISO14443 interface, with or without built-in antenna. The microSD form factor with built-in antenna has the greatest potential as bridge device to shorten the time to market of contactless payment and couponing applications, while the built in NFC contollers gain enough market share.

Other standardization bodies

Other standardization bodies that are involved in NFC include:
  • ETSI / SCP (Smart Card Platform) to specify the interface between the SIM card and the NFC chipset.
  • GlobalPlatform to specify a multi-application architecture of the secure element.
  • EMVCo for the impacts on the EMV payment applications.

Security aspects

Although the communication range of NFC is limited to a few centimeters, NFC alone does not ensure secure communications. In 2006, Ernst Haselsteiner and Klemens Breitfuß described different possible types of attacks, and detail how to leverage NFC's resistance to Man-in-the-middle attacks to establish a specific key.[35] Unfortunately, as this technique is not part of the ISO standard, NFC offers no protection against eavesdropping and can be vulnerable to data modifications. Applications may use higher-layer cryptographic protocols (e.g., SSL) to establish a secure channel. Ensuring security for NFC data will require the cooperation of multiple parties: device providers, who will need to safeguard NFC-enabled phones with strong cryptography and authentication protocols; customers, who will need to protect their personal devices and data with passwords, keypad locks, and anti-virus software; and application providers and transaction parties, who will need to use anti-virus and other security solutions to prevent spyware and malware from infecting systems.[36]

Eavesdropping

The RF signal for the wireless data transfer can be picked up with antennas. The distance from which an attacker is able to eavesdrop the RF signal depends on numerous parameters, but is typically a small number of metres.[37] Also, eavesdropping is highly affected by the communication mode. A passive device that doesn't generate its own RF field is much harder to eavesdrop on than an active device. One Open source device that is able to eavesdrop on passive and active NFC communications is the Proxmark instrument.

Data modification

It is relatively easy to destroy data by using an RFID jammer. There is no way currently to prevent such an attack. However, if NFC devices check the RF field while they are sending, it is possible to detect attacks.
It is much more difficult to modify data in such a way that it appears to be valid to users. To modify transmitted data, an intruder has to deal with the single bits of the RF signal. The feasibility of this attack, (i.e., if it is possible to change the value of a bit from 0 to 1 or the other way around), is amongst others subject to the strength of the amplitude modulation. If data is transferred with the modified Miller coding and a modulation of 100%, only certain bits can be modified. A modulation ratio of 100% makes it possible to eliminate a pause of the RF signal, but not to generate a pause where no pause has been. Thus, only a 1 which is followed by another 1 might be changed. Transmitting Manchester-encoded data with a modulation ratio of 10% permits a modification attack on all bits.

Relay attack

Because NFC devices usually include ISO/IEC 14443 protocols, the relay attacks described are also feasible on NFC.[38][39] For this attack the adversary has to forward the request of the reader to the victim and relay back its answer to the reader in real time, in order to carry out a task pretending to be the owner of the victim’s smart card. One of libnfc code examples demonstrates a relay attack using only two stock commercial NFC devices.

Lost property

Losing the NFC RFID card or the mobile phone will open access to any finder and act as a single-factor authenticating entity. Mobile phones protected by a PIN code acts as a single authenticating factor. A way to defeat the lost-property threat requires an extended security concept that includes more than one physically independent authentication factor.

Walk-off

Lawfully opened access to a secure NFC function or data is protected by time-out closing after a period of inactivity.[citation needed][original research?] Attacks may happen despite provisions to shutdown access NFC after the bearer has become inactive. The known concepts described primarily do not address the geometric distance of a fraudulent attacker using a lost communication entity against lawful access from the actual location of the registered bearer. Additional feature to cover such attack scenario dynamically shall make use of a second wireless authentication factor that remains with the bearer in case of lost NFC communicator. Relevant approaches are described as an electronic leash or its equivalent, a wireless key.

NFC-enabled handsets

Future devices

On January 25, 2011, Bloomberg published a report stating that Apple was actively pursuing development of a mobile payment system employing NFC. New generations of iPhone, iPod and iPad products would reportedly be equipped with NFC capability which would enable small-scale monetary transactions.[54]
Near Field Communications World stated on March 21, 2011 that Sonim Technologies will add NFC to its XP3300 Force[55] device later this year.[56]
On May 2, 2011, RIM announced[57] the Blackberry Bold 9900, a new device that will use NFC technology.
In May 2011, Google announced Google Wallet, an Android application that will make use of NFC to make payments at stores. The card information will be stored in the app and will be used to make the transactions.

Project trials and full-scale deployments

Several hundred NFC trials have been conducted to date. While NFC trials continue, some firms have moved to full-scale service deployments, spanning either a single country or multiple countries. As a consequence, programs listed below date from 2010 forward and are cited for ease-of-reference. Programs were updated through April 2011. Multi-country deployments include:
  • Multiple European countries: Orange and operators, banks, retailers, transport, and service providers.[58]
  • Africa: Airtel Africa, Oberthur Technologies (15 countries)[59]

Africa

Europe

  •  Austria
    • Public transport: Mobilcom Austria, ÖBB, Vienna Lines [69]
  •  Belgium
    • Mobile payments: Belgacom, Mobistar, Base[62]
    • Paper vouchers study: IBBT, Clear2Pay/Integri, Keyware, Accor Services[63]
  •  Czech Republic
    • Mobile payments: Telefónica O2 Czech Republic, Komerční banka, Citibank Europe, Globus, Visa Europe[64]
  •  France
  •  Germany
    • Public transport (selected regions): RMV and Deutsche Bahn (combines the companies’ previous HandyTicket and Touch & Travel programs)[73]
    • Mobile payment: Deutsche Telekom, Vodafone Germany, Telefonica 02 Germany[74]
  •  Hungary
    • Event ticketing: Sziget Festival, Vodafone Hungary[75]
  •  Ireland
    • Loyalty program: AIB Merchant Services (Allied Irish Bank, First Data), Zapa Technology[76]
  •  Italy
    • Public transport: Telecom Italia, ATM[77]
    • Contactless payment cards: Intesa Sanpaolo, Mastercard, Gemalto[78]
  •  The Netherlands
    • Commercial services: T-Mobile, Vodafone, KPN, Rabobank, ABN Amro, ING[79]
    • Employee payments: Rabobank, Multicard[80]
  •  Poland
    • Mobile payments: Polkomtel, Bank Zachodni WBK;[81] PTC, Inteligo;[82] Orange, Bank Zachodni WBK[83][84]
  •  Russia
  •  Slovenia
    • Mobile payments, marketing: Banka Koper, Cassis International, Inside Contactless, System Orga, Mobitel[86]
  •  Spain
    • Mobile shopping: Telefonica, Visa, La Caixa (Sitges)[87]
    • Public transport: Bankinter, Emp resa Madrid (Madrid);[88] Vo dafone, Entidad Publica del Transporte (Murcia)[89]
    • Ev ent product payments: Mobile World Congress, GSMA, Telefonica, Visa, Samsung, Giesecke & Devrient, Ingenico, ITN International, La Caixa[90]
    • Employee payment, building access: Telefonica Espana, La Caixa, BBVA, Bankinter, Visa, Samsung, Oberthur, Autogrill, Giesecke & Devrient[91]
  •  Sweden
    • Hotel keys: Choice Hotels Scandinavia, Assa Abloy, TeliaSonera, VingCard Elsafe, Venyon (Stockholm)[92]
  •  Switzerland
    • Phone service kiosk: Sicap, Swisscom[93]
  •  Turkey
  •  United Kingdom
    • Smart poster, contactless payment: Transport for London[99]
    • Transport study: Department for Transport, Consult Hyperion[100]
    • Mobile payments: Waspit, Yates;[101] Barclaycard and Everything Everywhere (Orange, T-Mobile)[102]

North America

Asia and Oceania

  •  Australia
    • Mobile payments: Visa and ANZ Banking Group[118]
  •  China
    • Mobile payments: China Unicom, Bank of Communications, China UnionPay[119]
    • Mobile transport ticketing: China Unicom[120]
  •  India
    • Mobile banking: A Little World;[121] Citibank India[122]
    • Tata Docomo, MegaSoft XIUS (Hyderabad)[123]
  •  Japan
    • Consumer services: Softbank Mobile, Credit Saison, Orient Corporation[124]
    • Consumer services: KDDI, Toyota, Orient Corporation, Credit Saison, Aiwa Card Services, Mastercard, Nomura Research Institute, All Nippon Airways, Japan Airlines, Toho Cinemas, Dai Nippon Printing, NTT Data, T-Engine, IBM, Japhan Remote Control Co., Hitachi, Gemalto[125]
    • Consumer services: NTT Docomo and KT[126]
    • Social networking: Mixi[127]
  •  South Korea
    • Consumer and commercial services: KT solo and with NTT Docomo[128]
    • Cross-border services (with Japan): SK Telecom, KDDI, Softbank[129]
    • Mobile payment: SK Telecom, Hana SK Card[130]
    • Guided shopping: SK Telecom[131]
  •  Singapore
    • Mobile payments:MasterCard, DBS Bank, StarHub, EZ-Link, Gemalto[132]
  •  Sri Lanka
    • Consumer services: Sri Lanka Telecom Mobitel, Sony Corporation[133]
  •  Thailand
    • Mobile payments: Kasikornban, AIS, Gemalto[134]

Latin America

  •  Brazil
    • Mobile payments: Oi Paggo, Germalto’s Upteq N-Flex[135]
Posted by at No comments:
Subscribe to: Posts (Atom)