Abstract
In this paper we propose a new solution for mobile payments called Tap2 technology. To use it, users need only their NFC-enabled mobile phones and credentials implemented on their smart cards. An NFC device acts like a bridge between service providers and secure elements and the secure credentials (on the card) are never revealed. In this way, secure authentication can be obtained by means of anonymous credentials, implemented on a smart card to provide the functionality with minimal data disclosure. We propose to use zero-knowledge proofs based on attribute-based anonymous credentials to provide the security and privacy requirements in mobile payments. Other use cases include online shopping, easy payment, eGoverment proofs etc.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Chen, W., Hancke, G.P., Mayes, K.E., Lien, Y., Chiu, J.-H.: NFC Mobile Transactions and Authentication Based on GSM Network. In: International Workshop on Near Field Communication, pp. 83–89 (2010)
Dodson, B., Sengupta, D., Boneh, D., Lam, M.S.: Secure, Consumer-Friendly Web Authentication and Payments with a Phone. In: Conference on Mobile Computing, Applications, and Services (MobiCASE 2010), Santa Clara, CA, USA (2010)
Drimer, S., Murdoch, S.J., Anderson, R.J.: Optimised to Fail: Card Readers for Online Banking. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 184–200. Springer, Heidelberg (2009)
Dunnebeil, S., Kobler, F., Koene, P., Leimeister, J.M., Krcmar, H.: Encrypted NFC Emergency Tags Based on the German Telematics Infrastructure. In: International Workshop on Near Field Communication, pp. 50–55 (2011)
Smart Cards; UICC - Contactless Front-end (CLF) Interface; Host Controller Interface (HCI), ETSI TS 102 613 (2008)
Smart Cards; UICC - Contactless Front-end (CLF) Interface; Part 1: Physical and data link layer characteristics, ETSI TS 102 613 (2011)
Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC Peer-to-Peer Relay Attack using Mobile Phones. IACR e-print archive (April 2010)
Gauthier, V.D., Wouters, K.M., Karahan, H., Preneel, B.: Offline NFC payments with electronic vouchers. In: Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, MobiHeld 2009, pp. 25–30. ACM, New York (2009)
Machine readable travel documents (2003)
Identification cards — contactless integrated circuit(s) cards — vicinity cards, ISO/IEC 15693 (2000)
Identification cards — contactless integrated circuit cards — proximity cards, ISO/IEC 14443 (2001)
Information technology — telecommunications and information exchange between systems — near field communication interface and protocol 1 (NFCIP-1), ISO/IEC 18092 (2004)
Information technology — telecommunications and information exchange between systems — near field communication interface and protocol 2 (NFCIP-2), ISO/IEC 21481 (2005)
Information technology — telecommunications and information exchange between systems — near field communication wired interface (NFC-WI), ISO/IEC 28361 (2007)
Information technology — telecommunications and information exchange between systems — front-end configuration command for NFC-WI (NFC-FEC), ISO/IEC 16353 (2011)
Specification of implementation for integrated circuit(s) cards (JICSAP/JSA jis x 6319) (2005)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Mulliner, C.: Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones. In: Proceedings of the 1st International Workshop on Sensor Security (IWSS) at ARES, Fukuoka, Japan, pp. 695–700 (March 2009)
Technical Specification, NFC Data Exchange Format (NDEF), NDEF 1.0 (2006)
Technical Specification, NFC Record Type Definition (RTD), RTD 1.0 (2006)
Technical specification, connection handover, Connection Handover 1.2 (2010)
Technical Specification, Smart Poster Record Type Definition (2006)
Opperman, C.A., Hancke, G.P.: A Generic NFC-enabled Measurement System for Remote Monitoring and Control of Client-side Equipment. In: International Workshop on Near Field Communication, pp. 44–49 (2011)
Paquin, C.: U-Prove Cryptographic Specification V1.1. Technical report, Microsoft (February 2011), https://connect.microsoft.com/site1188/Downloads
Roland, M., Langer, J., Scharinger, J.: Security Vulnerabilities of the NDEF Signature Record Type. In: International Workshop on Near Field Communication, pp. 65–70 (2011)
IBM Research Zürich Security Team. Specification of the Identity Mixer Cryptographic Library, version 2.3.3. Technical report, IBM Research, Zürich (June 2011), https://prime.inf.tu-dresden.de/idemix/
Steffen, R., Preissinger, J., Schollermann, T., Muller, A., Schnabel, I.: Near Field Communication (NFC) in an Automotive Environment. In: International Workshop on Near Field Communication, pp. 15–20 (2010)
Verdult, R., Kooman, F.: Practical attacks on nfc enabled cell phones. In: International Workshop on Near Field Communication, pp. 77–82 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alpár, G., Batina, L., Verdult, R. (2012). Using NFC Phones for Proving Credentials. In: Schmitt, J.B. (eds) Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance. MMB&DFT 2012. Lecture Notes in Computer Science, vol 7201. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28540-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-28540-0_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28539-4
Online ISBN: 978-3-642-28540-0
eBook Packages: Computer ScienceComputer Science (R0)