Secure NFC

NFC (Near Field Communication) is a new radio communication technology, which is now starting to appear in mobile phones. NFC uses the same frequency band as modern contactless cards such as Mifare (13.56 MHz), and has a range of 3 - 6 cm. NFC can be used for many things, including "smart posters and packaging", pairing devices by simply holding them together, payment, ticketing, and access control.

Telcred's solution is based on a flavor of NFC known as card emulation mode or simply secure NFC. This mode involves a special piece of hardware known as a Secure Element, which needs to be used for all NFC services that require strong security, including payments, ticketing, and access control. The secure element is a small microprocessor of the same type that is used in credit/debit cards with chip-and-pin. It provides secure storage and hardware support for cryptographic operations, and it has many different hardware features to protect access to its internals from attacks. The secure element can run small programs known as Java Card applets.

The Java Card applet wakes up when the NFC device is within range of the reader, and starts to communicate with the reader. Just as with contactless smart cards, the secure element draws its power from the electromagnetic field of the reader. The secure element behaves like a contactless card also in the way it communicates with the reader. A very nice consequence of this is that is is possible to mix NFC phones and contactless cards in the same system, since they appear identical to the readers.

The solution to offline: "tickets" instead of card-IDs

The innovation that makes it possible for Telcred's system to cope with frequently changing users and temporary access rights even when the lock controllers are offline is that each device (phone or card) carries with it its own access rights in the form of a digital "ticket".

In a traditional access control system the card communicates its ID to the reader, which compares this information to a list of allowed IDs. In Telcred's system it works the other way round - the lock controller is aware of its own ID and gets information about the device's access rights from the device at the time of access. The lock controller then compares the information in the ticket it just received to its own known ID, which does not change over time.

The tickets have a validity period, are issued for a specific device, and are cryptographically signed by Telcred's administrative system, which guarantees that they cannot be faked, copied or changed.

Distribution of tickets

So how do the tickets get onto the phone or card? In the case of NFC phones, access to the secure element is eventually controlled by the mobile operator (in most cases the secure element is actually part of the SIM). However, the mobile industry has defined a role known as a TSM, or Trusted Service Manager. The TSM acts as a broker between mobile operators and providers of services for payment, access control, ticketing etc.

Several companies have launched TSM offerings, but some mobile operators also choose to be their own TSM. In either case, there is a standardized API for service providers like Telcred to connect to a TSM. Through the TSM, we are then able to both install our Java Card applet on the secure element, and later send it tickets with updated access rights.

In the case of contactless cards, the tickets can be distributed either via an Internet connected PC with a USB accessory for reading and writing to contactless cards, or through an online reader. For example, a building owner can equip their entrance doors with online readers, which write the day's access rights to all authorized cards, and then use inexpensive offline locks inside the building.