Difference between revisions of "NFC"

Latest revision as of 10:04, 21 April 2024

Full Title or Meme

Near Field Communications (NFC) is used by some smart chips to provide Identity Information

Context

Many locations where a large number of Identity checks must be made at high speed, such as passports and door access methods, give the user an Identity Card with an imbedded NFC chip for easy access.

• One of the many Smartphone Wireless radios.
• Designed for close access, unlike BLE which can be accessed up to 10 meters away.

Problems

• It's easy to read an NFC chip without the user's knowledge.
• Apple iPhone has limited access to NFC for payment, but late in 2023 is being sued as a result.^[1]

Solutions

• Some providers of Identity cards also give the user a tinfoil envelope to block reading of the chip, for example if a user gets an enhanced Driver's License in the state of Washington, they are provided such an envelope.
• Apple had blocked their phones from reading NFC data, but was forced to allow access by the UK government in order to make it easier for the UK government to check the Identity of people passing into the country.^[2] Home Secretary Sajid Javid is quoted as saying about Brexit “Our EU Settlement Scheme is now up and running and after a successful launch, over 280,000 EU citizens have applied so that they can continue to live their lives as they do now.” Except that their private information is accessible by anyone with a smart phone
• Android NFC API - Google first began testing NFC in web apps with the release of Chrome 81. That version added initial support for the Web NFC API, allowing sites to read and write NFC tags. It’s mainly intended for inventory management, conferences, museum exhibits, and anywhere else NFC is frequently used. Starting with Chrome 89 (Stable on 2021-03-17), the Web NFC API is enabled by default on Android.

Protocol

The NFC Authentication Protocol Technical Specification is proprietary and must be purchased for $200. The NFC Authentication Protocol 1.0 technical specification was adopted in December 2022. There were no changes from the Candidate version. NFC communication technology is used by several different existing contactless communication protocols in the market which use different coding for signal and load modulation. The NFC Forum created a set of specifications allowing NFC Forum Devices to use these different communication protocols. As a result, NFC Forum Devices are able to communicate with:^[3]

ISO/IEC 14443 Type A compliant Readers and Cards
ISO/IEC 14443 Type B compliant Readers and Cards
ISO/IEC 15693 compliant Cards
ISO/IEC 18092 compliant Devices
JIS-X 6319-4 compliant Readers and Cards
NFC Forum Tags
Other NFC Forum Devices

NFC Basics

NFC, or Near Field Communication, is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. It’s a proximity-based wireless communication standard. Unlike Wi-Fi or Bluetooth, however, NFC interaction is limited to an extremely short range. NFC can allow a phone to act as a transit pass or credit card, quickly transfer data, or instantly pair with Bluetooth devices like headphones and speakers. It’s the technology that powers contactless payments via mobile wallets for payment, as well as for contactless cards.

In essence, NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. It’s an evolution of RFID (radio frequency identification) technology that has already been around for decades. If you’ve ever used a key card to access an office building or hotel room, you’re already familiar with how it works. Both RFID and NFC operate on the principle of inductive coupling and in most smartphone-related applications the software will only initiate communication if there’s physical contact.

Benefits (examples):

1. Encryption: Data passing between the two devices is encrypted. The security protocol followed by NFC technology is the same one used by chip-enabled payment cards. This means that data is translated from plaintext to ciphertext.
2. Secure Transmission: Depending on the standard being applied, in a transaction using NFC technology, sensitive information is encrypted and transmitted securely.

Limitations (examples):

1. Range: NFC can only work in shorter distances, which is about 10-20 cm. This is to prevent accidental triggers, especially important now that the technology is used for transferring sensitive data and is an important architectural design and user-experience consideration for mobile wallets
2. Data Transfer Rate: It offers very low data transfer rates which is about 106, 212, or 424 Kbps. This makes NFC suitable for exchanging small amounts of data, but it can become inconvenient and almost unusable if phones and/or readers need to be held together for many seconds to perform the data transfer. This will be a significant architectural, user-experience & exceptions management consideration for wallets
3. Data Size: In practice NFC is generally capped at 424Kbits/sec for data transfer, again a key architectural consideration for mobile wallets and the protocols implemented

Security Considerations (Examples):

While NFC is generally considered secure due to its short range, it is not without potential security risks. Here are some examples of security concerns associated with NFC:

1. Eavesdropping: Since NFC uses radio waves, it is possible for someone to intercept the data being transmitted between devices or bump a phone to initiate an exchange without the subject's awareness ( ie crowded spaces such as public transit, festivals,,,, )
2. Data Corruption or Manipulation: As with any form of data transmission, there’s a risk that the data could be corrupted or manipulated during an NFC transaction. In a multi-application environment such as a smart phone this is a significant security design consideration for wallets.
3. Physical Theft: If an NFC-enabled device is lost or stolen, it could potentially be used to make unauthorized transactions.
4. Relay Attacks: In this scenario, an attacker uses two NFC devices to relay communication between a legitimate device and reader. This can allow the attacker to carry out transactions without the legitimate user’s knowledge.
5. Data Interception: (Eavesdropping): Data interception presents a significant security risk by exposing the private information of two NFC devices. If an attack is initiated within the range of two devices using NFC communication, the attacker can intercept communication signals and easily record the data being broadcast. NFC tags and reader applications for phones are inexpensive and widely available
6. Malware: NFC technology may be used to distribute malware and malicious apps if the wallet application does not "block' NFC signals from non-trusted sources

Technical Details

NFC technology is commonly used in contactless credit cards.

1. **Inductive Coupling**:

  - NFC operates based on **inductive coupling**, which is a fundamental principle of electromagnetic interaction.
  - Here's how it works:
    - A **reader device** (such as a payment terminal) generates an **electric current** through a coil.
    - This current creates a **magnetic field** around the coil.
    - When you bring an **NFC-enabled smart card** (or any NFC tag) close to the reader, the magnetic field induces an **electric current** within the card's coil.
    - Importantly, this communication happens **without any physical contact** between the reader and the card.

2. **Data Transmission**:

  - Once the initial **handshake** occurs (which establishes communication), the **stored data** on the smart card is wirelessly transmitted to the reader.
  - The data can include information like credit card details, transit pass credentials, or other relevant data.

3. **Short Range**:

  - Unlike Wi-Fi or Bluetooth, NFC has an **extremely short range**.
  - The maximum range for NFC communication is only a few **centimeters** (at most).
  - In most smartphone-related applications, NFC initiates communication only when there's **physical contact** between the card and the reader.

4. **Comparison with RFID**:

  - NFC is an evolution of **RFID (Radio Frequency Identification)** technology.
  - RFID has been around for decades and is commonly used for applications like key cards for office buildings or hotel rooms.
  - Both RFID and NFC use inductive coupling, but NFC has a much **lower transmission range** compared to RFID.
  - While RFID can operate over longer distances (even hundreds of feet), NFC's range is limited to close proximity.

5. **Real-World Applications**:

  - Smart cards, including **contactless credit cards**, use NFC for secure and convenient transactions.
  - You'll also find NFC in other devices like tablets, speakers, collectibles, and even gaming consoles like the Nintendo Switch and 3DS.

In summary, NFC enables your smart card to communicate wirelessly with compatible readers, making it a convenient and secure technology for various applications. 🌟

Source: Conversation with Bing, 4/20/2024

(1) What is NFC and how does it work? Everything you need to know. https://www.androidauthority.com/what-is-nfc-270730/.
(2) Near-field communication - Wikipedia. https://en.wikipedia.org/wiki/Near-field_communication.
(3) What is an NFC Card and How Does it Work? | Hype Blog. https://hype.co/blog/industry/what-is-an-nfc-card-how-does-it-work.
(4) What's an NFC Tag? | HowStuffWorks. https://electronics.howstuffworks.com/nfc-tag.htm.
(5) NFC Payment: How It Works and How You Can Use It - PayPal. https://www.paypal.com/us/money-hub/article/nfc-payment.

Credit Cards

NFC (Near Field Communication) technology is commonly used in contactless credit cards.

• Contactless Payments**:
  • Contactless payments allow you to make transactions by tapping either a contactless card or a payment-enabled mobile or wearable device over a contactless-enabled payment terminal.
  • Both cards and devices (such as phones and watches) use the same contactless technology.
  • When you tap to pay, the checkout process is secure and convenient.
• How It Works**:
  • Look for the **Contactless Symbol** on the store's checkout terminal.
  • When prompted, bring your card or mobile/wearable device within a few inches of the Contactless Symbol on the checkout terminal.
  • Your payment is securely processed in seconds.
  • Each transaction generates a **transaction-specific, one-time code**, which helps reduce counterfeit fraud.
  • To make a payment, your contactless card or payment-enabled device must be placed within 2 inches of the Contactless Symbol on the checkout terminal.
• Benefits of Contactless Payments**:
  • Secure**: The one-time code system enhances security by preventing accidental payments.
    • Convenient**: No need to insert or swipe your card; just tap and go.
  • Touch-Free**: Especially useful during times when minimizing physical contact is important.
• Where to Tap to Pay**:
  • Thousands of merchants in the U.S. accept contactless payments.
  • Look for the Contactless Symbol at places like fast-food restaurants, grocery stores, pharmacies, and more.

Remember that Visa's Zero Liability Policy protects your payment information from fraud losses and unauthorized purchases¹. Other credit card providers also offer similar security features for contactless payments²³.

If you have a contactless card, you're all set! Otherwise, you can still tap to pay by loading an eligible payment card into your payment-enabled phone or wearable device¹. 🌟

Source: Conversation with Bing, 4/20/2024

(1) Contactless Payments – Learn how to Tap to Pay | Visa. https://usa.visa.com/pay-with-visa/contactless-payments/contactless-payments.html.
(2) What is a Contactless Credit Card | Chase. https://www.chase.com/personal/credit-cards/education/basics/what-is-a-contactless-credit-card.
(3) What Are NFC Mobile Payments? | Capital One. https://www.capitalone.com/learn-grow/money-management/nfc-payments/.
(4) What Is An NFC Credit Card | Robots.net. https://robots.net/fintech/what-is-an-nfc-credit-card/.

WA State EDL

RFID is a wireless technology that stores and retrieves data remotely on devices. Technology components of an RFID system consist of an RFID tag with a microchip and antenna, a reader with an antenna, and a database. For added security and border crossing convenience, an RFID tag is embedded in the new Enhanced Driver License and Identification card (EDL/ID). • The EDL/ID is voluntary •  Call (360) 902-3900 to find an office near you or visit our website

The Washington State’s EDL/ID card includes an Ultra-High Frequency Passive Vicinity RFID tag. • Ultra-high frequencies typically offer better range, and can transfer data faster than low and high frequencies. • Passive RFID tags do not have a power source. They draw power from the RFID reader to energize the microchip’s circuits. The antenna enables the tag to transmit the information on the chip to a reader. The reader converts the radio waves reflected back from the RFID tag into digital information that is passed on to the computers that use it. • Vicinity RFID tags can be read from several feet away from the reader.

The RFID uses the low-end of the electromagnetic spectrum. The waves coming from the reader are similar to the waves coming to your car radio. The RFID tag does not contain any personal identifying information, just a unique reference number. At the border, the RFID reader will energize the RFID tag and transmit the EDL/ID’s unique reference number back to the border officer. The number will be matched to our records to verify the information contained on the front of the EDL/ID card. Data encryption, secure networks, and firewalls will protect the transmission of the EDL/ID information. For added security, we will provide a security sleeve to protect the RFID tag from being read when the cardholder is not using it for border crossing. This RFID technology is required by the federal government to facilitate rapid identification checks at the border, and complies with minimum requirements and best practices for card security. We will fully disclose the use of RFID, its purpose, content, and security to all EDL/ID applicants and interested parties.

RCW 19.300.20 makes it a class C felony for a person to intentionally scan another person’s identification device remotely, without that person’s prior knowledge and consent, for the purpose of fraud, identity theft, or for any other illegal purpose.

References

1. ↑ Finextra, Apple, Visa and Mastercard face anti-trust class action lawsuit (2023-12-18) https://www.finextra.com/newsarticle/43450/apple-visa-and-mastercard-face-anti-trust-class-action-lawsuit
2. ↑ NFC World (2019-04-09) https://www.nfcworld.com/2019/04/09/362259/apple-to-unlock-iphone-nfc-to-read-passports/?
3. ↑ NFC Forum, Technical Overview https://nfc-forum.org/learn/nfc-technology/

Other Material

• W3C TAG review of the NFC API
• Digital Guide IONOS
• Page on this wiki for Smartphone Wireless