Field of Invention
The invention relates to near field communication (NFC) devices, and more specifically to enabling and disabling the NFC device to prevent unauthorized use.
Related Art
Near field communication (NFC) devices are being integrated into communication devices, such as mobile devices to provide an example, to facilitate the use of these communication devices in conducting daily transactions. For example, instead of carrying numerous credit cards, the credit information provided by these credit cards could be stored onto an NFC device. The NFC device is simply tapped to a credit card terminal to relay the credit information to it to complete a transaction. As another example, a ticket writing system, such as those used in bus and train terminals, may simply write ticket fare information onto the NFC device instead of providing a ticket to a passenger. The passenger simply taps the NFC device to a reader to ride the bus or the train without the use of a paper ticket.
Generally, NFC requires that NFC devices are present within a relatively small distance from one another so that their corresponding magnetic fields can exchange information. Typically, the first NFC device transmits or generates a magnetic field modulated with the information, such as the credit information or the ticket fare information. This magnetic field inductively couples the information onto a second NFC device that is proximate to the first NFC device. The second NFC device may respond to the first NFC device by inductively coupling its corresponding information onto the first NFC device.
As NFC devices are being used to conduct daily transactions that include sensitive information, such as, for example, credit card or bank account numbers, user addresses, etc., there is a risk of the information being stolen from the NFC device in a way that is transparent to the owner of the NFC device. The threat exists as the attacker need only be in a physical proximity of the NFC device and need not physically touch or interact with a victim or with the NFC device of the victim. For example, an attacker may execute an electronic pick pocket on a victim carrying an NFC device in his pocket, a bag or a brief case. The attacker could use the NFC device of a genuine owner to make contactless purchases at a legitimate vendor that is remote from the NFC device that is under a control of the victim.
For instance, a first attacker may walk next to the victim carrying an NFC device in his pocket that acts as a “leech.” The first attacker uses the “leech” NFC device to make contact with the NFC device of the victim. At the same time, a second attacker may walk around with a “ghost” NFC device that detects a radio frequency (“RF”) signal and command data from a legitimate NFC device reader, at for example, an ATM or a credit card reader of a legitimate vendor. The “ghost” NFC device receives RF signal and command data from the legitimate vendor, re-modulates the command data and rebroadcasts the reader signal to the “leech” NFC device.
The “leech” NFC device receives the re-broadcasted signal and command data from the “ghost” NFC device, de-modulates and amplifies the signal, and becomes a copy of a legitimate reader in real-time. The “leech” NFC device may amplify the signal, using, for example, a large low frequency (“LF”) or high frequency (“HF”) coil to increase the range of the rebroadcasted signal from, for example, two feet to one hundred feet or more.
As the unsuspecting victim (the owner of the NFC device) carries his NFC device, the NFC tag of his NFC device responds to the “leech” NFC device as though the “leech” NFC device was a genuine tag reader. Once the “leech” receives the NFC tag signal from the NFC device of a victim, the “leech” de-modulates the signal and transmits the signal to the “ghost” NFC device. The “ghost” NFC device receives the signal from the “leech” device and uses the signal to load modulate its coil and respond to the legitimate reader as though the “ghost” NFC device included an NFC tag of a legitimate NFC device of the owner.
Conventional systems attempt to prevent these types of electronic attacks by having the owner of the NFC device activate the NFC device prior to use. For example, the NFC device owner may be asked to turn on the tag mode of the NFC device, using, for example, the phone menu system on the communication device or opening the communication device. However, activating NFC device prior to executing a transaction may be burdensome on the consumer and degrade the consumer experience. Thus, there is a need for systems and methods that activate and deactivate the NFC device in a way that is seamless to the owner.
The invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digit(s) in the reference number.