WO2014009574A1 - Système et procédé de sécurité pour communications ccp - Google Patents
Système et procédé de sécurité pour communications ccp Download PDFInfo
- Publication number
- WO2014009574A1 WO2014009574A1 PCT/ES2012/070530 ES2012070530W WO2014009574A1 WO 2014009574 A1 WO2014009574 A1 WO 2014009574A1 ES 2012070530 W ES2012070530 W ES 2012070530W WO 2014009574 A1 WO2014009574 A1 WO 2014009574A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- nfc
- terminal
- transceiver circuit
- data
- encryption key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0875—Generation of secret information including derivation or calculation of cryptographic keys or passwords based on channel impulse response [CIR]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Definitions
- the present invention is related to the security of NFC (Near Field Communlcation) technology in particular, a hardware design is presented that allows resolving existing vulnerabilities in systems based on that technology.
- NFC Near Field Communlcation
- NFC technology allows two devices that are very close to each other to communicate, even closer than with Bluetooth.
- the operating range is below the 20 cm range and uses the NFCIP-1 protocol that can operate at different speeds of up to 848 Kbit / s. It works within the 13.56 Hz band, which means that it is not subject to any restrictions and no license is required to use it, which is a great advantage that differentiates this technology with other technologies used for it. finish.
- the system is perfect precisely for that, to establish a communication between two devices whose only requirement to produce is that both are close.
- NFC technology ⁇ Near Field Communication
- NFC security could be compromised.
- the security in NFC is based on the fact that communication is carried out at close range since this fact reduces the possibility of any threat but does not guarantee complete security.
- the present invention relates to a system and a security method for NFC communications.
- the system comprises an NFC terminal and an NFC mobile device, any one of them acting in an NFC communication as a terminal teacher and the other as it ends! slave. Both the NFC terminal and the NFC mobile device have a substantially identical NFC transceiver circuit.
- the master terminal is configured to:
- the slave terminal is configured to:
- each NFC transceiver circuit comprises data processing means, a magnetic field generator and a magnetic field detector.
- the NFC transceiver circuit can be integrated in the corresponding terminal or it can be external to it, being connected to it by means of a connect.
- Another aspect of the present invention relates to a security method for NFC communications between an NFC terminal and an NFC mobile device having a substantially identical NFC transceiver circuit, any one of them acting in an NFC communication as a master terminal and the other As a slave terminal.
- the method comprises:
- All applications that are transaction-based need a security system that allows them to perform operations safely. Possible applications include: making payments by simply bringing the phone closer to one of the many NFC terminals without contacts that are already in operation, obtaining information, discounts and offers from the so-called smart "posters" that have an NFC tag, storing information personnel that allow secure access to buildings, take a picture and transmit it wirelessly to any television or printer without any configuration, share business cards with other NFC phones.
- the system object of the present invention takes advantage of the fact that communication takes place at close range.
- the terminals When approaching, the terminals create a magnetic field, with an appropriate device that can measure an induced value that will be variable and only known by the two terminals in the approach process.
- This value will serve as the basis for encrypting the data exchanged between the two terminals. Since only the two devices involved in communication can have that value, it is very difficult for another person to have the same value. and therefore decrypt the data.
- the devices involved in data exchange are usually small-sized devices with limited computing capacity. This process is simple and avoids elaboration of complex encryption and decryption systems, so it does not require much computing capacity. In addition it is not possible to alter the data transmitted by a spy since that alteration destroys the indecipherable source code and the terminals in communication detect it and give the transmission as erroneous.
- Figure 1 represents the proposed security system.
- Figure 2 shows an operation diagram of the encryption algorithm.
- Figure 1 shows the proposed security system.
- the system consists of an NFC 3 mobile device (for example, any smart-phone equipped with NFC technology) and an NFC 1 terminal (which can be any terminal or device equipped with NFC technology), both incorporating a transceiver circuit Identical NFC 2, capable of generating and detecting identical field values with adequate tolerance.
- the NFC 2 transceiver circuit consists of an electromagnetic field generator (for example, an electromagnet 4) and an electromagnetic field detector (for example, a coil or resonant circuit 5 and a galvanometer 6), in addition to the necessary electronics (microcontroller and other electronic components) to govern the device.
- an electromagnetic field generator for example, an electromagnet 4
- an electromagnetic field detector for example, a coil or resonant circuit 5 and a galvanometer 6
- the invention is based on implementing a circuit (hardware design) and including it in each device with NFC technology (the NFC 2 transceiver circuit contains the necessary circuitry; this circuit can be integrated in the mobile or can be external, connected for example via a connector ), so that a much more reliable and secure communication is allowed when it is required.
- the NFC 2 transceiver circuit contains the necessary circuitry; this circuit can be integrated in the mobile or can be external, connected for example via a connector ), so that a much more reliable and secure communication is allowed when it is required.
- special attention is paid to the arrangement of the components, since it is spice! interest its placement for the generation and detection of fields in the different devices as similar as possible, with a relative error between them minimum, practically null.
- a magnetic field generator is included in the design of each device, NFC 3 mobile device and NFC 1 terminal. With this it is possible to generate a magnetic flux in the emitting device and, in the receiving device, variable induced currents according to the position of both devices, their distance, approach speed and orientation. This is why, with the corresponding field detectors, the parameters mentioned above are obtained, of equal magnitude in both elements and totally unknown before communicating, since they are only known at the time of pairing. In addition, despite the screening that is carried out to avoid other undesirable electromagnetic field sources, before establishing communication between both devices, it would be further adjusted by eliminating the offset due to external fields such as those present in the near environment or the magnetic field.
- FIG 2 shows an operation diagram of the communication between two terminals, master terminal 7 and slave terminal 8, and the encryption algorithm thereof.
- the master 7 and slave 8 terminals can change their roles during communication; that is, initially the master terminal may be the NFC 3 mobile device and this will then become the slave terminal, or vice versa. It can be considered, for example, that the master terminal 7 that initiates the communication is the mobile device NFC 3 and that the slave terminal 8 is the NFC terminal 1, but could be considered the other way around.
- NFC 3 mobile device can be a active NFC system, or even both.
- This approach produces an electromagnetic induction 101 that allows the creation of a random IV induced voltage value in the NFC 2 transceiver circuits, known only to the two terminals, master 7 and slave 8.
- the data is encrypted following an algorithm represented in Figure 2.
- the slave terminal 8 also obtains (109) the value of induced voltage IV.
- the master terminal 7 obtains 102 an MK encryption key stored in a memory. With this MK encryption key 105 the original DATA data is encrypted, obtaining the DT encrypted data to be transmitted. In order for the slave terminal 8 to have the same key and to be able to decrypt the data, the master terminal 7 obtains 103 and transmits 104 a Cft value containing the key and in which the induced voltage value IV is also entered, known only by The two terminals.
- the key encryption values MK and induced voltage value IV are numbers, arithmetic or binary operations can be applied (in the case of Figure 2 a simple operation has been chosen - the sum - but the XOR operation can be chosen , for example).
- the receiver After transmitting 104 the Cft value, 106 the data encrypted with the encryption key MK (encrypted data DT) is transmitted.
- the receiver (slave terminal 8) has for S
Abstract
Système et procédé de sécurité pour communications en champ proche (CCP). Le système comprend un terminal CCP (1) et un dispositif mobile CCP (3) fonctionnant l'un comme un terminal maître (7) et l'autre comme un terminal esclave (8), et disposant respectivement d'un circuit émetteur-récepteur CCP (2) sensiblement identique. Le terminal maître (7) obtient (100) la valeur de tension induite (IV) dans son circuit émetteur-récepteur CCP (2) causée par l'induction électromagnétique (101) produite par une proximité mutuelle, chiffre (105) les données originales (DATA) avec une clé de chiffrement (MK), obtenant ainsi les données chiffrées (DT), transmet (104, 106) au terminal esclave (8) les données chiffrées (DT) et une valeur (Cft), fonction (f) de la clé de chiffrement (MK) et de la valeur de la tension induite (IV). Le terminal esclave (8) obtient (107, 109) la valeur de tension induite (IV) dans son circuit émetteur-récepteur CCP (2) et la clé de chiffrement (MK), à partir de la valeur (Cft) reçue et de la valeur de tension induite (IV), et déchiffre (108) à l'aide de la clé de chiffrement (MK) les données chiffrées (DT) reçues, obtenant ainsi les données d'origines (DATA).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/ES2012/070530 WO2014009574A1 (fr) | 2012-07-12 | 2012-07-12 | Système et procédé de sécurité pour communications ccp |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/ES2012/070530 WO2014009574A1 (fr) | 2012-07-12 | 2012-07-12 | Système et procédé de sécurité pour communications ccp |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014009574A1 true WO2014009574A1 (fr) | 2014-01-16 |
Family
ID=49915442
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/ES2012/070530 WO2014009574A1 (fr) | 2012-07-12 | 2012-07-12 | Système et procédé de sécurité pour communications ccp |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2014009574A1 (fr) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020123325A1 (en) * | 2001-03-01 | 2002-09-05 | Cooper Gerald M. | Method and apparatus for increasing the security of wireless data services |
US20100082481A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | Peer-to-peer financial transaction devices and methods |
US20100328027A1 (en) * | 2009-06-25 | 2010-12-30 | Stmicroelectronics (Rousset) Sas | Authentication of an electromagnetic terminal-transponder couple by the terminal |
-
2012
- 2012-07-12 WO PCT/ES2012/070530 patent/WO2014009574A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020123325A1 (en) * | 2001-03-01 | 2002-09-05 | Cooper Gerald M. | Method and apparatus for increasing the security of wireless data services |
US20100082481A1 (en) * | 2008-09-30 | 2010-04-01 | Apple Inc. | Peer-to-peer financial transaction devices and methods |
US20100328027A1 (en) * | 2009-06-25 | 2010-12-30 | Stmicroelectronics (Rousset) Sas | Authentication of an electromagnetic terminal-transponder couple by the terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102340616B1 (ko) | 인증 장치 및 방법 | |
US11818681B2 (en) | Methods and architectures for secure ranging | |
US10552645B2 (en) | Method for secure communications using NFC cryptographic security module | |
CN104704769B (zh) | 无线通信系统 | |
ES2279225T3 (es) | Comunicaciones seguras. | |
Chattha | NFC—Vulnerabilities and defense | |
JP7232816B2 (ja) | 資産を認証する認証システム及び認証方法 | |
JP5260528B2 (ja) | 認証方法および認証のための通信システム | |
CN102196375A (zh) | 保护带外消息 | |
CN103136668A (zh) | 终端支付方法、终端和支付平台 | |
CN101116284A (zh) | 无线电通信网络中的防克隆相互鉴权 | |
Thammarat et al. | A secure lightweight protocol for NFC communications with mutual authentication based on limited-use of session keys | |
RU2677233C2 (ru) | Система связи через тело | |
Baek et al. | Secure and lightweight authentication protocol for NFC tag based services | |
CN104980280B (zh) | 一种基于蔡氏多涡卷混沌序列的rfid安全认证方法 | |
WO2014009574A1 (fr) | Système et procédé de sécurité pour communications ccp | |
ES2931507T3 (es) | Control de acceso electrónico que aplica un intermedio | |
Gudymenko et al. | Security in the Internet of Things | |
Panda | Preventing Man-in-the-Middle Attacks in Near Field Communication by Out-of-Band Key Exchange | |
Fan et al. | A Near Field Communication (NFC) security model based on OSI reference model | |
CN113260997A (zh) | 具有经认证加密的近场通信论坛数据交换格式(ndef)消息 | |
Al Jurdi et al. | Dcs-securing short-range wireless communication | |
GB2508157A (en) | Induction charging with secure wireless communication | |
Jurdi et al. | Dual channel security | |
Churaev et al. | NFC payment security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12880866 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27/05/2015) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12880866 Country of ref document: EP Kind code of ref document: A1 |