Creating a secure infrastructure for NFC mobile phones
04 January, 2011
category: Contactless, Digital ID, NFC, Transit
Today’s mobile phones do more than make and receive calls. They are calendars, cameras, even game consoles. Thanks to near field communications (NFC) technology, the devices also are your keys.
NFC is a short-range wireless communication technology standard that enables the exchange of data between devices over several centimeters. This data includes credentials previously stored on contactless smart cards used for opening doors. NFC provides a platform for contactless applications and transactions including payment and transit ticketing, keys, data transfers and access to online digital content.
Today, contactless credentials are available as fobs and plastic cards programmed to provide various levels of facility access. Contactless credentials are loaded on mobile handsets, eliminating the need to carry other access credentials and making it easier for security managers to track access point entries and exits.
NFC enables these capabilities, but the only way to make them secure is if there is a comprehensive chain of custody in which all system end points can be validated. An example of this is HID’s Trusted Identity Platform (TIP), which turns access control readers, laptops, NFC-equipped mobile phones and other products into trusted identity nodes that are securely provisioned regardless of where they are or how they’re connected.
The basis for modern transactional systems has been the ability to trust the identification of a person, computer, Web site, check or credit card. Unfortunately, the effort required to authenticate them has grown exponentially. There are three basic building blocks for constructing and using trusted identities: un-forgeable signatures, shared secrets and tamper-resistant hardware. It is not a trivial matter to simply pick the correct, basic building blocks for a particular situation.
There is, however, an aspect of secure identity systems that simplifies the problem: like mobile networks, secure identity systems are closed systems. To use them, you often must complete a background check and sign a legal document to construct identity. It’s this strong authentication and binding that endows a secure identity system’s basic blocks with inherent trust.
This is the approach taken with TIP, which enables validation of networked endpoints or nodes—such as credentials, printers, readers and NFC phones.
TIP enables the provisioning of virtual products, including security credentials, and NFC is one vehicle for this. TIP delivers three critical capabilities: plug-and-play secure channels between hardware and software; best-in-class key management and secure provisioning processes; and seamless integration with information technology infrastructures. At the heart of the TIP framework is the Secure Vault that serves known nodes within published security policy. Data security, privacy and reliability are ensured using symmetric-key cryptography.
Deploying NFC mobile phones
One of the first steps toward widespread deployment of TIP-enabled mobile phones was the July 2010 partnership announced between HID Global and INSIDE Contactless, one of a handful of companies driving worldwide NFC trials. This first partnership will allow NFC-enabled phones to hold the same iCLASS access control and credentials information as traditional physical smart cards. Similar capabilities can be extended to other mobile devices including laptops, for applications ranging from user authentication to cashless vending and PC log-on security. These platforms and applications will significantly extend the value proposition for contactless smart card credentials.
Another example of early NFC mobile phone deployments is the first hotel pilot of NFC technology at Clarion Hotel Stockholm in Sweden. The hotel worked with HID Global parent ASSA ABLOY, Choice Hotels Scandinavia, TeliaSonera, VingCard Elsafe and Venyon, a subsidiary of Giesecke & Devrient, to replace the hotel’s room keys with NFC-enabled mobile phones.
Hotel guests receive Samsung mobile phones with NFC and relevant software. They check in using the mobile phones before arrival, which prompts digital hotel room keys delivered to the mobile phones. On arrival, guests skip the check -in line, go directly to their rooms and open the doors by holding the mobile phones close to the door locks. When leaving the rooms, the doors lock automatically, and guests check out using their mobile phones.
NFC-based access systems will enable a new era of more convenient and secure transactions requiring simple but protected, fully scalable and standards-based identity delivery systems that support a wide variety of identity nodes – from readers and cards to NFC-equipped mobile phones – that each can be registered as a “trusted node” for secure provisioning anywhere in the world.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews, ContactlessNews, CR80News, NFCNews, DigitalIDNews, ThirdFactor, RFIDNews, EnterpriseIDNews, FinancialIDNews, GovernmentIDNews, HealthIDNews, FIPS201.com, IDNoticias es.