• State Verified Answer
  • Replies 1 reply
  • Subscribers 73 subscribers
  • Views 2432 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 119332
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NFC Security on the NRF52

Sam

What is the best way to go about implementing secure reads/writes to the NRF52 NFC tag? I noticed there didn't seem to be any built in security functionality in those areas (based on the libraries and datasheet). Things like "tap to pay" exist between a simple tag and NFC device (like a phone) so I know it is possible in some capacity. I have even seen authentication functionality on some NFC readers. Is this just something the NRF52 doesn't quite support, beyond figuring out a secure communication procedure on our own?

Perhaps there is some way to make use of the AES module in regard to this, I'm not sure.

And to be clear, I'm looking for purely NFC communication (no bluetooth etc).

Thank you!

  • 0

    Hi Sam,

    There exist numerous applicative protocols on top of ISO14443 stack (which you call "NFC"), there are many ways starting from the things defined in ISO7816-4 up to specific technologies such as EMV (payment) protocols or NXP's DESFire used in transport and physical access applications. In general any of these CAN be implemented on top of NFC front-end in nRF52 chips, it's just matter of doing it. I'll let Nordic to answer why there is nothing like that available but my view is following is:

    • It would need to be "interoperable" with reader application you want to use on the other side. But you want to use typically it with Android phone (or Windows PC) which has nothing like that by default (at least as far as I know Android supports just basic NFC Forum NDEF Tag formats, not speaking about crippled native Smart Card service in Windows).
    • It's already "secured" by extremely short range communication when compared to things like BLE or other sub-GHz/2.4GHz/5GHz technologies. So they usually don't bother because by using NFC as second factor you've already improved the situation by several orders of magnitude.

    However I do agree that NFC security is desirable and that I suggest to implement it as custom in your app (until Nordic or someone else release suitable solution as library or open source - but I'm very skeptical;).

    Cheers Jan

Related
Terms of service