The present invention relates generally to security in near field communication devices, and in particular to authentication for near field communications (NFC).
NFC is currently being adopted as a form of payment technology by both banks and retailers to allow quick payment for products and services with a small associated value. This form of payment technology provides a quick and easy mechanism for payments to be made using a contactless method through both traditional debit/credit cards and through mobile devices such as phones.
NFC is a set of short-range wireless technologies, typically operating over a distance of ten centimeters (cm) or less between two NFC-compatible devices. NFC operates at 13.56 megahertz (MHz) and transfers data at data rates ranging from 106 kilobits per second (kbit/s) to 424 kbit/s. When two NFC-compatible devices are brought within about four cms of one another, such as by a wave or a touch, an NFC connection is established which can then be used to transfer information and/or keys.
NFC typically involves an initiator and a target; the initiator actively generating a radio frequency (RF) field that can power a passive target. This enables NFC targets to take very simple form factors such as tags, stickers, key fobs, or debit/credit cards that do not require batteries. They can also be integral to or attached to mobile devices such as phones.
The quick and easy mechanism of establishing a connection by means of a wave or a touch however means that there is a compromise in security as no form of personal identification number (PIN) is required in order to authorize the transaction. While payments without the entry of a PIN are typically limited to a low value, in the case of a device such as a credit card being lost or stolen a number of smaller transactions can still be performed causing expense for either the customer or the payment provider.