Next rev of NFC tag used in NFCring



  • Any chance you could work with IBM to get their new NFC tag for a future version?

    The big difference seems to be that it's a challenge-response system.

    http://www.welivesecurity.com/2013/10/18/new-ibm-system-adds-robust-security-to-smartphone-banking-and-shopping/

    http://www.networkworld.com/community/node/84053


  • Community Helper

    I'm sure anything is possible after the Kickstarter is done and dusted and John and the team have some breathing room!


  • NFC Ring Team

    The problem with introducing EMV to the rings is:
    a) Rings payment mechanism would have to expire after X years
    b) We'd need to register for EMV
    c) You lose some device compatibility.
    d) Security.

    How we propose to solve those issues:
    a) Ring replacement service (you get a replacement ring every X years before your ring expires, same as a CC), downside is cost to you.
    b) Get a sponsor bank, Bank of Turkey w/ EMV cert from Mastercard would be ideal.
    c) Top part normal NTAG IC, bottom part Java enabled IC
    d) Do security auditing *This is where things get tricky..

    The NTAG203 and in general the NTAG range from NXP works across all devices and that's what we like, also all of the IP used in the NTAG range is public domain so we can review what tech is being used.. The minute you start loading on firmware to a ring that you can't analyze the risk is that the NSA or any organization could have loaded it with malicious code. While this sounds rather tin-foil-hat we can assume from the evidence we're seeing that it's happening so I think we have to be VERY careful about the security auditing we do.. The main issue here is that it's VERY unlikely either of the two providers that handle this service (yes there are really only two that do all credit cards etc.) will entertain this request.. The banking world isn't a um, transparent place..

    Side note: I did an interview for Gemalto about exactly this last week, it's behind a paywall though so you can't see it :( Welcome to the finance world..

    We have been investigating the possibility of running larger java enabled ICs and getting setup for EMV.. The initial cost of EMV is about 0.5M$ and to do this you need a sponsor bank, we have been opening doors but unless our capital company really wants this (we will pitch it to them when we pitch our next product line proposals) it's going to be a tough slog/sale.

    The whole thing here isn't as simple as installing an app or changing the IC, you have to then provide an infrastructure around payments, Mastercard would be our preferred partner and we hope over the next 6 months or so to have conversations with this to begin momentum..

    So what can you guys do if you want to see crypto enabled rings?

    Shout abou it and help the community.. We have prototypes, we're just scared to introduce any additional complexity to our already complex product lines..

    When we initially launch we will do so with NTAG203 then move to 213 then 216 then cpryto enabled then EMV.. If anyone can help with market research on any of those tags by helping us answer the question of the best way of "Why would someone want larger storage" or "Why would someone want challenge/response" then we'd welcome conversations and thoughts in this area..

    Also if anyone can reach out to their contacts in Mastercard/Bank of Turkey that would be great, being invited into a huge company gives us a much better chance of being able to have a successful relationship..

    Another question we need to ask ourselves is do we really want to entertain old school banking or should we focus our attention on crytocurrency banking?



  • Thank you for that detailed reply. It clears up a lot in my mind and I'm really glad that someone is thinking about this! Wish I could help, but it's definitely not my area of expertise.


  • NFC Ring Team

    Nor mine :)


  • Community Helper

    It's out of my league as well, but here in Australia the Commonwealth Bank has been very progressive where new technology is concerned. When NFC became a 'thing' they were one of the first to take advantage of that and start using paywave/paypass, and to offer NFC enabled phone covers for iphone 4. Their current offering of an NFC enabled sticker for the back of your non-NFC phone is a little lacking IMO though. I have one which sits in the cover of my 5s, the tag is enabled via a 4 digit number in the bank app on the phone which then propagates through their system. It took about 3 hours from when I enabled mine to actually being able to use it.
    If they were able to implement the rings in a similar fashion (unintentional wordplay there) then that would be quite cool. You'd be able to quickly disable it in the event of a loss or theft.
    While I don't know anyone in the bank system I might start sending feedback and query emails, just to see what happens.

    • Personally I think supporting any and all methods is the best approach, as long as there is a sponsor willing to take the leap first in the conventional banking world.


  • @Lokki said:

    an NFC enabled sticker for the back of your non-NFC phone

    Maybe this sticker isn't a classical N203 but instead something with private-public crypto built-in? A decent phone should be able to read and give a good guess at what chip is used in that sticker.


  • Community Helper

    Yeah, it's a more heavy duty tag in them, the most I can get out of it is that it's an NXP ic which is "blocked" from scanning by NXP taginfo.


Log in to reply
 

Looks like your connection to NFC Ring Forum was lost, please wait while we try to reconnect.