A review of Bluetooth and NFC for financial applications

Abstract: Bluetooth and near field communications (NFC) are two of the most recently emerging wireless technologies [1] [2], largely because of the integral role they play in the Internet of everything (IoE). In this paper, the security aspect is evaluated for these two wireless technologies for potential applications in financial systems. Their frame size is also analyzed. This is done by reviewing their characteristics based on the state of the art and on the standards governing their deployment. It is found that Bluetooth has good security mechanisms when compared to NFC, which requires developers to implement their own security features at application level; however, NFC’s short range and its requirement for intentional communication between devices makes it inherently secure. It is also found that NFC has a larger message size, however, the classic Bluetooth message size is not that far below that of NFC data exchange format (NDEF) short records (SR) message size

Near Field Communication: From theory to practice

This book provides the technical essentials, state-of-the-art knowledge, business ecosystem and standards of Near Field Communication (NFC)by NFC Lab - Istanbul research centre which conducts intense research on NFC technology. In this book, the authors present the contemporary research on all aspects of NFC, addressing related security aspects as well as information on various business models. In addition, the book provides comprehensive information a designer needs to design an NFC project, an analyzer needs to analyze requirements of a new NFC based system, and a programmer needs to implement an application. Furthermore, the authors introduce the technical and administrative issues related to NFC technology, standards, and global stakeholders. It also offers comprehensive information as well as use case studies for each NFC operating mode to give the usage idea behind each operating mode thoroughly. Examples of NFC application development are provided using Java technology, and security considerations are discussed in detail. Key Features: Offers a complete understanding of the NFC technology, including standards, technical essentials, operating modes, application development with Java, security and privacy, business ecosystem analysis Provides analysis, design as well as development guidance for professionals from administrative and technical perspectives Discusses methods, techniques and modelling support including UML are demonstrated with real cases Contains case studies such as payment, ticketing, social networking and remote shopping This book will be an invaluable guide for business and ecosystem analysts, project managers, mobile commerce consultants, system and application developers, mobile developers and practitioners. It will also be of interest to researchers, software engineers, computer scientists, information technology specialists including students and graduates.Publisher's Versio

The survey on Near Field Communication

PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider

Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

Privacy-preserving E-ticketing Systems for Public Transport Based on RFID/NFC Technologies

Pervasive digitization of human environment has dramatically changed our everyday lives. New technologies which have become an integral part of our daily routine have deeply affected our perception of the surrounding world and have opened qualitatively new opportunities. In an urban environment, the influence of such changes is especially tangible and acute. For example, ubiquitous computing (also commonly referred to as UbiComp) is a pure vision no more and has transformed the digital world dramatically. Pervasive use of smartphones, integration of processing power into various artefacts as well as the overall miniaturization of computing devices can already be witnessed on a daily basis even by laypersons. In particular, transport being an integral part of any urban ecosystem have been affected by these changes. Consequently, public transport systems have undergone transformation as well and are currently dynamically evolving. In many cities around the world, the concept of the so-called electronic ticketing (e-ticketing) is being extensively used for issuing travel permissions which may eventually result in conventional paper-based tickets being completely phased out already in the nearest future. Opal Card in Sydney, Oyster Card in London, Touch & Travel in Germany and many more are all the examples of how well the e-ticketing has been accepted both by customers and public transport companies. Despite numerous benefits provided by such e-ticketing systems for public transport, serious privacy concern arise. The main reason lies in the fact that using these systems may imply the dramatic multiplication of digital traces left by individuals, also beyond the transport scope. Unfortunately, there has been little effort so far to explicitly tackle this issue. There is still not enough motivation and public pressure imposed on industry to invest into privacy. In academia, the majority of solutions targeted at this problem quite often limit the real-world pertinence of the resultant privacy-preserving concepts due to the fact that inherent advantages of e-ticketing systems for public transport cannot be fully leveraged. This thesis is aimed at solving the aforementioned problem by providing a privacy-preserving framework which can be used for developing e-ticketing systems for public transport with privacy protection integrated from the outset. At the same time, the advantages of e-ticketing such as fine-grained billing, flexible pricing schemes, and transparent use (which are often the main drivers for public to roll out such systems) can be retained

Battery-less near field communications (nfc) sensors for internet of things (iot) applications

L’ implementació de la tecnologia de comunicació de camp proper (NFC) en els telèfons intel·ligents no para de créixer degut a l’ús d’aquesta per fer pagaments, això, junt amb el fet de poder aprofitar l’energia generada pel mòbil no només per la comunicació, sinó també per transmetre energia, el baix cost dels xips NFC, i el fet de que els telèfons tinguin connectivitat amb internet, possibilita i fa molt interesant el disseny d’etiquetes sense bateria incorporant-hi sensors i poder enviar la informació al núvol, dins del creixent escenari de l’internet de les coses (IoT). La present Tesi estudia la viabilitat d’aquests sensors, analitzant la màxima distància entre lector i sensor per proveir la potència necessària, presenta tècniques per augmentar el rang d’operació, i analitza els efectes de certs materials quan aquests estan propers a les antenes. Diversos sensors han estat dissenyats i analitzats i son presentats en aquest treball. Aquests son: Una etiqueta que mesura la humitat de la terra, la temperatura i la humitat relativa de l’aire per controlar les condicions de plantes. Un sensor per detectar la humitat en bolquers, imprès en material flexible que s’adapta a la forma del bolquer. Dues aplicacions, una per estimació de pH i una altre per avaluar el grau de maduració de fruites, basats en un sensor de color. I, per últim, s’estudia la viabilitat de sensors en implants per aplicacions mèdiques, analitzant l’efecte del cos i proposant un sistema per augmentar la profunditat a la que aquests es poden llegir utilitzant un telèfon mòbil. Tots aquests sensors poden ser alimentats i llegits per qualsevol dispositiu que disposin de connexió NFC.La implementación de la tecnología de comunicaciones de campo cercano (NFC) en los teléfonos inteligentes no para de crecer debido al uso de esta para llevar a cabo pagos, esto, junto con el hecho de poder aprovechar la energía generada por el móvil no sólo para la comunicación, sino también para transmitir energía, el bajo coste de los chips NFC, i el hecho que los teléfonos tengan conectividad a internet, posibilita y hace muy interesante el diseño de etiquetas sin batería que incorporen sensores i poder enviar la información a la nube, enmarcado en el creciente escenario del internet de las cosas (IoT). La presente Tesis estudia la viabilidad de estos sensores, analizando la máxima distancia entre lector i sensor para proveer la potencia necesaria, presenta técnicas para aumentar el rango de operación, y analiza los efectos de ciertos materiales cuando estos están cerca de las antenas. Varios sensores han sido diseñados y analizados y son presentados en este trabajo. Estos son: Una etiqueta que mide la humedad de la tierra, la temperatura y la humedad relativa del aire para controlar las condiciones de plantas. Un sensor para detectar la humedad en pañales, impreso en material flexible que se adapta a la forma del pañal. Dos aplicaciones, una para estimación de pH y otra para evaluar el grado de maduración de frutas, basados en un sensor de color. Y, por último, se estudia la viabilidad de sensores en implantes para aplicaciones médicas, analizando el efecto del cuerpo y proponiendo un sistema para aumentar la profundidad a la que estos se pueden leer usando un teléfono móvil. Todos estos sensores pueden ser alimentados y leídos por cualquier dispositivo que disponga de conexión NFC.The implementation of near field communication (NFC) technology into smartphones grows rapidly due the use of this technology as a payment system. This, altogether with the fact that the energy generated by the phone can be used not only to communicate but for power transfer as well, the low-cost of the NFC chips, and the fact that the smartphones have connectivity to internet, makes possible and very interesting the design of battery-less sensing tags which information can be sent to the cloud, within the growing internet of things (IoT) scenario. This Thesis studies the feasibility of these sensors, analysing the maximum distance between reader and sensor to provide the necessary power, presents techniques to increase the range of operation, and analyses the effects of certain materials when they are near to the antennas. Several sensors have been designed and analysed and are presented in this work. These are: a tag that measures the soil moisture, the temperature and the relative humidity of the air to control the conditions of plants. A moisture sensor for diapers, printed on flexible material that adapts to the diaper shape. Two applications, one for pH estimation and another for assessing the degree of fruit ripening, based on a colour sensor. And finally, the feasibility of sensors in implants for medical applications is studied, analysing the effect of the body and proposing a system to increase the depth at which they can be read using a mobile phone. All of these sensors can be powered and read by any NFC enabled device

A framework for development of android mobile electronic prescription transfer applications in compliance with security requirements mandated by the Australian healthcare industry

This thesis investigates mobile electronic transfer of prescription (ETP) in compliance with the security requirements mandated by the Australian healthcare industry and proposes a framework for the development of an Android mobile electronic prescription transfer application. Furthermore, and based upon the findings and knowledge from constructing this framework, another framework is also derived for assessing Android mobile ETP applications for their security compliance. The centralised exchange model-based ETP solution currently used in the Australian healthcare industry is an expensive solution for on-going use. With challenges such as an aging population and the rising burden of chronic disease, the cost of the current ETP solution’s operational infrastructure is certain to rise in the future. In an environment where it is increasingly beneficial for patients to engage in and manage their own information and subsequent care, this current solution fails to offer the patient direct access to their electronic prescription information. The current system also fails to incorporate certain features that would dramatically improve the quality of the patient’s care and safety, i.e. alerts for the patient’s drug allergies, harmful dosage and script expiration. Over a decade old, the current ETP solution was essentially designed and built to meet legislation and regulatory requirements, with change-averting its highest priority. With little, if any, provision for future growth and innovation, it was not designed to cater to the needs of the ETP process. This research identifies the gap within the current ETP implementation (i.e. dependency on infrastructure, significant on-going cost and limited availability of the patient’s medication history) and proposes a framework for building a secure mobile ETP solution on the Android mobile operating system platform which will address the identified gap. The literature review part of this thesis examined the significance of ETP for the nation’s larger initiative to provide an improved and better maintainable healthcare system. The literature review also revealed the stance of each jurisdiction, from legislative and regulatory perspectives, in transitioning to the use of a fully electronic ETP solution. It identified the regulatory mandates of each jurisdiction for ETP as well as the security standards by which the current ETP implementation is iii governed so as to conform to those regulatory mandates. The literature review part of the thesis essentially identified and established how the Australian healthcare industry’s various prescription-related legislations and regulations are constructed, and the complexity of this construction for eTP. The jurisdictional regulatory mandates identified in the literature review translate into a set of security requirements. These requirements establish the basis of the guiding framework for the development of a security-compliant Android mobile ETP application. A number of experimentations were conducted focusing on the native security features of the Android operating system, as well as wireless communication technologies such as NFC and Bluetooth, in order to propose an alternative mobile ETP solution with security assurance comparable to the current ETP implementation. The employment of a proof-of-concept prototype such as this alongside / coupled with a series of iterative experimentations strengthens the validity and practicality of the proposed framework. The first experiment successfully proved that the Android operating system has sufficient encryption capabilities, in compliance with the security mandates, to secure the electronic prescription information from the data at rest perspective. The second experiment indicated that the use of NFC technology to implement the alternative transfer mechanism for exchanging electronic prescription information between ETP participating devices is not practical. The next iteration of the experimentation using Bluetooth technology proved that it can be utilised as an alternative electronic prescription transfer mechanism to the current approach using the Internet. These experiment outcomes concluded the partial but sufficient proofof- concept prototype for this research. Extensive document analysis and iterative experimentations showed that the framework constructed by this research can guide the development of an alternative mobile ETP solution with both comparable security assurance to and better access to the patient’s medication history than the current solution. This alternative solution would present no operational dependence upon infrastructure and its associated, ongoing cost to the nation’s healthcare expenditure. In addition, use of this mobile ETP alternative has the potential to change the public’s perception (i.e. acceptance from regulatory and security perspectives) of mobile healthcare solutions, thereby paving the way for further innovation and future enhancements in eHealth