By Tom Phillips[1] • • Updated • nfcw.com[2]
The NFC Forum[3] has released two specifications that set out a standardised cryptographic framework for enabling secure data transfer between NFC mobile devices and the development of applications using a secure communications channel between paired NFC devices.
The NFC Authentication Protocol 1.0 Specification (NAP 1.0) and the Logical Link Control Protocol Technical Specification 1.4 (LLCP 1.4) “help protect the privacy and confidentiality of personal data and messages shared electronically” and incorporate “authentication and bonding mechanisms [that] allow for the establishment of trust and the pairing of an NFC-device, like a smartphone or wearable, to create different applications,” the NFC Forum says.
“NAP 1.0 describes the basic mechanism for applications needing an authentication and/or a secured data transfer. It provides mechanisms for cryptographically authenticated NFC connections in reader/writer mode and peer mode and describes the principles of the bonding and application process.
“NAP 1.0 supports three mechanisms:
- Establishment of a secure channel between two NFC devices to prevent eavesdropping when these two NFC devices are communicating with each other.
- The authentication process allows NFC devices to build up trust with each other for NFC communication. It prevents an NFC device from exchanging information with another unauthorised NFC-enabled device.
- The bonding process allows two NFC devices to be paired together and establish a common secret key during a registration phase. This allows for a faster authentication process and a faster setup of a secure channel.”
The LLCP 1.4 technical specification describes how the processes described in NAP 1.0 can be used for peer-to-peer communication between two devices and “can set up as either an ad-hoc secure data transfer or a secured
