NFC Forum releases specifications for secure data transfer between NFC devices

The NFC Forum has released two specifications that set out a standardised cryptographic framework for enabling secure data transfer between NFC mobile devices and the development of applications using a secure communications channel between paired NFC devices.

NFC Forum logo

The NFC Authentication Protocol 1.0 Specification (NAP 1.0) and the Logical Link Control Protocol Technical Specification 1.4 (LLCP 1.4) “help protect the privacy and confidentiality of personal data and messages shared electronically” and incorporate “authentication and bonding mechanisms [that] allow for the establishment of trust and the pairing of an NFC-device, like a smartphone or wearable, to create different applications,” the NFC Forum says.

“NAP 1.0 describes the basic mechanism for applications needing an authentication and/or a secured data transfer. It provides mechanisms for cryptographically authenticated NFC connections in reader/writer mode and peer mode and describes the principles of the bonding and application process.

“NAP 1.0 supports three mechanisms:

  • Establishment of a secure channel between two NFC devices to prevent eavesdropping when these two NFC devices are communicating with each other.
  • The authentication process allows NFC devices to build up trust with each other for NFC communication. It prevents an NFC device from exchanging information with another unauthorised NFC-enabled device.
  • The bonding process allows two NFC devices to be paired together and establish a common secret key during a registration phase. This allows for a faster authentication process and a faster setup of a secure channel.”

The LLCP 1.4 technical specification describes how the processes described in NAP 1.0 can be used for peer-to-peer communication between two devices and “can set up as either an ad-hoc secure data transfer or a secured data transfer after the two devices have been bonded,” the Forum adds.

“These specifications are important because the standardised framework simplifies development of secure NFC applications,” says NFC Forum executive director Mike McCamon.

“This approach with these specifications avoids the need for proprietary implementations in the market which may lead to market fragmentation and confusion.”

Both have been published as candidate specifications and the documents are available for feedback and comment before their full adoption by the NFC Forum.

Next: Visit the NFCW Expo to find new suppliers and solutions