This article is more than six years old

IBM launches two-factor authentication for NFC devices

Computer giant IBM has added a two factor authentication solution to its IBM Worklight mobile app platform, providing “an extra layer of security when using an NFC-enabled device and a contactless smart card to conduct mobile transactions.”


IBM Worklight is used by the company’s clients to develop and manage secure mobile applications for consumers. From today, companies will be able to offer the new method to consumers through their apps.

The two factor solution eliminates the need for the consumer to carry an additional device — such as a one-time code generator, often used in online banking on a PC — when carrying out transactions from a mobile device.

“The user simply holds the contactless smart card next to the NFC reader of the mobile device and after keying in their PIN, a one-time code would be generated by the card and sent to the server by the mobile device,” says IBM.

IBM’s model turns the accepted role of an NFC phone on its head by using the smart card as, in effect, a remote secure element — the phone takes a challenge over the air from a remote server, passes it to the secure smart card, and then passes back the response.

A video from IBM shows the technology in action:

The system works today with NFC devices running Android 4.0 and up. Future updates will include support for additional operating systems, “based on market trends.”

One comment on this article

  1. Excellently presented and luckily by IBM, as a major international company. I myself have presented similar scenarios many times at international standardization meetings and at conferences in order to emphasize the necessity for NFC smartphones to be compatible with ISO 14443, the standard for contactless chipcards.

    Michael Hegenbarth, Chairman ISO/IEC JTC1/SC17/WG8, Contactless Interface, Inventor of the combination mobile phone / contactless chipcard interface

Comments are closed.