Using NFC to Protect Your System

Using NFC to Protect Your System

Everyone, and especially every design engineer, is more security-aware these days. We put our six-digit codes (or fingerprint) into our phones 20 times a day, along with passwords for various apps another 20 times, and don't even think about them. The new devices or equipment you’re designing really needs access protection, too.

If I was designing a major industrial control system, I would want to include access control and record who changed what settings on the unit. The same holds true for test equipment, vending machines, consumer wearables, area access, and so on. And it’s really pretty easy to accomplish.

A few applications of near-field communications (NFC)

To make it very easy for the user, you will want to use an NFC card reader. NFC expands on RFID to allow for two-way wireless communication and has higher data transfer rates (up to 424kbps) at the cost of a much shorter read distance of 4 to 10cm. The short read distance also yields a serious advantage in security. Note there is also a specification, ISO 15693, for a longer read range of up to one meter (mostly by using bigger antennas).

One area where NFC is used is in modern credit cards. It allows the user to simply tap their card for payment. The terribly slow U.S. conversion to chip credit cards (predecessor to NFC versions) is frustrating. Europe and South America have been using these more secure chip cards for many years. But, the U.S. has 13,000 financial institutions and they kinda need to agree on these things, which has slowed down adoption.

The chip credit cards we in the U.S. are using now employ a physical contact in the reader to the chip. EMV (which stands for Europay, Mastercard, and Visa) is a global standard for cards equipped with chips used for authentication. These EVM-enabled cards have yielded big returns for credit card companies. With people who want to commit fraud unable to easily read data from the magnetic stripe of the older cards, brick-and-mortar merchant credit card fraud losses were down almost 28% in 2017, to $3.9 billion. Online credit card fraud is holding steady, however.

New swipeable contactless credit cards are coming pretty soon.

EMV is also applicable to the next step for credit cards – which will be NFC. Many of us have already moved to our mobile phones’ NFC capability for retail payments, and someday soon our credit cards will use NFC and be swipeable.

NFC Specifications

ISO/IEC 14443 is a four-part international standard for contact-less smart cards operating at 13.56MHz in close proximity (~4cm) with a reader antenna. It describes the necessary modulation and transmission protocols. This protocol is for access control and authentication – rather than a financial transaction. ISO/IEC 18000-3 is the general specification for RFID. The best place to round-up technical specs is at the NFC Forum. But, you probably don’t have to even look these specs, as IC makers have done all the work for you and there are a number of low-cost chip sets that will do the job.

The Way It Works

For NFC, the reader side generates a 13.56MHz RF field and will poll to find other nearby devices. A tag will, upon coming within the field of another device, begin to "listen" for set-up commands. The reader will then poll the tag to find out what signaling technologies (NFC-A, NFC-B, and NFC-F) it can use. The tag will respond, and the reader will then proceed to establish a communication link using the modulation scheme, bit-level encoding, bit rate, and other parameters associated with one of the three signaling methods.

Basic NFC connection

Available Chips

The MAX66242 DeepCoverRegistered secure authenticator is a transponder IC that combines an ISO/IEC 15693 and ISO 18000-3 Mode 1-compatible RF front-end, an I2C front-end, a FIPS 180-based SHA-256 engine, and 4096 bits of user EEPROM. It provides a symmetric challenge-and-response authentication capability. The IC is automatically powered from the energy harvested from the HF field. The configurable supply output can deliver up to 5mA given adequate field strength.

The MAX66242 DeepCover secure authenticator transponder can collect data from sensors via I2C.

Each device has a factory-programmed, guaranteed unique 64-bit ID. The chip can gather information from a connected sensor or peripheral device and make that data available via the RF port. It runs from a 3.3V supply over -20° to 85°C and provides ±8kV HBM ESD protection.

Next we have the MAX66300 DeepCover secure contactless host authenticator that combines an RFID transceiver and a SHA-256 secure authenticator coprocessor. It provides the designer with four 32-Byte pages of user memory, four master secrets, multiple programmable protection options, a 76-Byte scratchpad SRAM, a hardware true random-number generator, and a unique 64-bit serial number.

The MAX66300 DeepCover contactless host authenticator pulls data from the tag.

The chip's RF power out is up to 200mW, its ASK uplink modulations index is adjustable from 7% to 30%, and it has selectable receiver low and high pass filters. Its receive gain is selectable from 0dB up to 40dB. It can operate in single- or double-antenna mode using on-off keying (OOK) modulation. The IC comes in a TQFN56 package, operates over -40° to 85°C, and has antenna short-circuit protection. It’s compatible with a 3.3 or 5V supply and has ±2kV HBM ESD protection; ±4kV on antenna connections.

And, what makes it really easy to design in is the MAX66300-24XEVKIT Reader and Tag Evaluation Kit. There is also the MAX66242EVKIT Tag Evaluation Kit to consider.

Maxim also offers many versions of its DeepCover secure microcontrollers, such as the MAX32560. This device is an ArmRegistered CortexRegistered-M3-based SoC with 384Kb of system SRAM and 8Kb of AES self-encrypted NVSRAM. It has ISO 14443 type A/B EMV-compliant contactless reader with internal transceiver, a secure boot loader with public key authentication, AES, DES and SHA hardware accelerators, a modulo arithmetic hardware accelerator, a 10-line secure keypad controller, a true random-number generator, die shield, six tamper sensors, and 256-bit battery-backup AES key storage.

Adding NFC security to any design is a straightforward and reliable way to improve your customers' security—and your success.