Aspects of the disclosure relate to devices with Near Field Communication (NFC) technology. NFC technology can establish radio communication between different devices by touching them together or bringing them into close proximity. NFC allows two-way communication. For example, NFC peer-to-peer communication can occur when both devices are powered. Additionally, communication is also possible between an NFC device and an unpowered NFC chip. For example, NFC can involve an initiator and a target, where the initiator generates a radio frequency field that can power a passive target (e.g., tags, key fobs, cards).
NFC technology can facilitate information exchange in secure transactions, such as payment transactions. NFC-enabled mobile devices can be used in contactless payment systems, similar to those currently used in credit cards and electronic ticket smartcards. For example, an NFC-enabled mobile device allows users to store financial accounts in a virtual wallet and then use the NFC-enabled mobile device at terminals that accept such payment methods. NFC-enabled mobile devices can also be used as identification for access control, such as replacing traditional keys for either physical access (e.g., hotel room) or control (e.g., starting a car). NFC can facilitate other types of information (e.g., transferring media between mobile phones, ticketing for venue entrance).
Given that the NFC-enabled mobile devices can be involved in secure transactions, it is important that the NFC-enabled mobile devices are protected from malicious attacks. While software security is generally provided by layering multiple approaches within the system, a key consideration is that the system should be running the latest and most secure versions of software.
A commonly used attack vector on a system is the rollback attack, in which a system is caused to run an older, insecure software version rather than the latest version. Running the older software version can make the system more vulnerable to potential attacks. Therefore, to prevent a rollback attack, the latest software version needs to be installed when updating or installing the software.
A current approach for anti-rollback protection is for the operating system of mobile device to check the version number of the software being installed or updated. However, it can be easy for attackers to find vulnerabilities in the operating system to manipulate the code and override this protection mechanism.
Another approach is to use e-Fuse technology to provide “last installed version” information. Since e-Fuses cannot be physically rewritten, they are fairly secure. However, this approach has some drawbacks, because there is typically a fixed and relatively low number of fuses available, and once these are exhausted, no further anti-rollback protection can be offered. Therefore, there is potential for a rollback attack once the e-Fuse cannot be updated with the correct revision number.
For example, every time there is an update to the version number, the e-Fuse is updated with the new version number. Therefore, if the e-Fuse technology allows ten updates, on the 11th update, the new version number cannot be stored on the e-Fuse.
Additionally, in the e-Fuse approach, physical access to the chip is required and this can only be implemented on a single chip. Therefore the e-Fuse approach is not scalable. In the e-Fuse approach, the implementation needs to occur in the chip manufacturing factory.