NFC for security and convenience
NFC technology was originally developed as a neat way to help pair devices that a user wanted to securely and conveniently link via a ‘tap’ so that they could then communicate using other methods like Bluetooth or Wi-Fi. It relies on electromagnetic induction, such that devices can only work in close proximity of each other. That is why NFC is called ‘near field’ and is perfect for secure ‘communication’ via a tap (actually, a short hold nearby!).
Roll-on to where we are today: NFC technology is now integrated into most smart electronic devices, payment cards, wearable devices and identification tags. A critical piece of the NFC jigsaw puzzle is the ‘mobile wallet’: the super container app (on a smartphone, watch or tablet) that contains the items that we used to keep in physical wallets (or pockets, purses, bags or even worn!). The mobile wallet and its supporting infrastructure is complex. It securely manages the issuance and full lifecycle of all of these items, their user interface and how they can interact with the world.
The mobile wallet adoption and its limitations
The mobile wallet started out as a convenient app to store tickets and passes, typically with static QR codes or barcodes displayed on them. These static pass images can be scanned in the same way as the paper or plastic item they were replacing. These passes are now used globally for travel tickets, vouchers, loyalty passes and membership cards. These wallet passes can be opened from locked phones, use the phone biometric to unlock them for extra security and can then be selected, ready for use… that all seems fairly frictionless, right?
The part where the mobile wallet ‘frictionless’ experience failed was the actual interaction between the pass in the wallet and the reader. These passes are reliant on optical scanning of a static barcode or QR code with readers that were originally designed for physical paper not bright, reflective phone screens! Also, the user needs to open the wallet and then find the right pass before it can be scanned.
Apple and Google, in collaboration with card schemes and banks, solved this for mobile contactless payments. Apple Pay and Google Pay are becoming the de facto way to pay for many people and have set the bar for a frictionless, yet secure, mobile interactions with the physical world. This more seamless NFC interaction works without needing to open the wallet first and allows the user to choose or confirm the card they want to use.
Many other applications demand the extra speed, simplicity and security of this improved ‘just tap’ NFC experience, working within the sensible technology frameworks defined by the smartphone giants, Apple, Google and Samsung.
Apple VAS, Google Smart Tap, Apple Access/ECP2 and more
A transition from wallet barcodes and QR codes was clearly needed. Apple developed their Value-Added Services (VAS) protocol along with Enhanced Contactless Polling (ECP) to define how they wanted to user experience to work with NFC. Similarly, Google created their Smart Tap technology to support similar NFC uses on Android devices. These protocols and APIs are perfect for low to medium security applications like check-in, loyalty, ticketing, public venue access and stored value payments.
As the capabilities of the mobile wallet has evolved, NFC has become even more important as it is THE essential component for the digitisation of access control. Physical ID cards, key fobs and tokens are already using NFC chips embedded within them, so needed a way to ensure interoperability with existing access infrastructure.
Apple’s Access/ECP2 wallet capabilities support student ID cards, corporate ID cards, hotel keys, multi-family home keys and even e-scooters! These secure access services rely upon the use of space in Apple’s Secure Element (SE) which is, obviously, very carefully protected! Google and NXP (who often provide the secure chip in Android phones) offer similar capabilities for these types of applications too.
Secure digital identity cards in the mobile wallet
Passports, driving licenses and other physical identity documents, issued globally by most governments, already contain NFC chips storing digitally signed personal ID data defined by international standards like ISO18013. Part 5 of this standard defines how mobile driver’s licenses (mDLs) can be issued, managed and validated. This is a superset of functionality for more generic personal identity documents suitable for travel and proof-of-identity. Like most specifications, ISO18013-5 outlines various implementation options, including support for government apps (using QR codes) as well as smartphone wallets with NFC and Bluetooth.
It is still early days for mDL, but a growing number of US states have rolled this out and is already being used to enable frictionless travel using NFC. Inter-government interoperability has been proven by many vendors with countries, including the UK, starting to roll it out to citizens. Once it becomes more ubiquitous, business will be able to use it to support applications like proof-of-age, proof-of-identity for service enrolment, re-authentication for lost accounts, as well the obvious travel uses!
So what can you do with NFC Wallet reader technology today?
We have always been great believers in the huge potential for NFC and its wide applicability… that’s why we created our VTAP NFC Wallet reader technology! We have focused on the core applications enabled by Apple Wallet and Google Wallet (Apple VAS, Google Smart Tap and Apple Access/ECP2), but VTAP also supports many other NFC tricks too, including:
- securely reads many kinds of RFID card, tags and wearables, easing legacy migration, supporting people with disabilities and old non-smartphones!
- reads all NFC Forum tags, which can be embedded into pretty much any physical thing you can imagine, including products, packaging and wearables.
- can be switched into ‘NFC tag emulation’ mode which is great for using the same reader for enrolment/app download. Readers then have a dual purpose for both regular and new customers, replacing the need to scan QR codes for registration.
- most importantly, VTAP readers can be updated remotely and securely, enabling easy update for applications not envisioned when first installed!
The next in this series of articles will run through the primary applications of NFC Wallets and why VTAP technology makes them simple, swift and secure.