An Application Security Framework for Near Field Communication

Abstract

Smart phones equipped with Near Field Communication (NFC) provide a simple way to initiate contactless transactions and data exchange without having the need to carry additional items such as credit cards, personal IDs, and access keys. To prevent unauthorized NFC transactions in the case of lost or stolen devices, the user needs to be authenticated before each transaction, which adds extra burden on users. In this paper we propose an NFC security framework that simplifies the initiation of secure NFC transactions. The framework calculates a current measure of device security based on user activities and behavior. NFC transactions are authorized if the current device security measure meets the minimum requirement of the application. The framework uses a combination of authentication methods such as password, pin, pattern, finger print, voice and face recognition. In addition, we propose adjusting the device security level dynamically based on user activities, behavior, and background face and voice authentication. As a case study, the framework has been implemented on the Google Android platform. The NFC security framework minimizes the need to intrusively authenticate the user for every NFC transaction thus maintaining the simplicity of using NFC while enhancing its security.