[size=150:7de1m2xq]Rolling challenge/response code stored in the ring[/size:7de1m2xq]
Since it is not a [b:7de1m2xq]static[/b:7de1m2xq] datastore, we can update the data it in whenever we like. An oversimplified sequence -
[list=1:7de1m2xq][:7de1m2xq]Door NFC sensor reads two values from the ring's private tag:
[list=a:7de1m2xq][:7de1m2xq] a consistent ID number that doesn't change (so it's not just any NFC tag)[/:m:7de1m2xq]
[:7de1m2xq]A "doorkey" response value [/:m:7de1m2xq][/list:o:7de1m2xq] [/:m:7de1m2xq]
[:7de1m2xq]Sensor checks a database via wifi to confirm the doorkey code for this specific ring ID is valid[/:m:7de1m2xq]
[:7de1m2xq]Values match, door unlocks [/:m:7de1m2xq]
[:7de1m2xq]Door sensor creates a new code, which writes to ring before it leaves the sensor[/:m:7de1m2xq]
[:7de1m2xq]On successful write, sensor updates the central database[/:m:7de1m2xq][/list:o:7de1m2xq]
Additional thoughts, if someone duplicates the ring's private tag -
[list=A:7de1m2xq][:7de1m2xq] If they hurry and get home before you, they'll get in. After which:
[list=i:7de1m2xq][:7de1m2xq] Your smartphone gets a notification of successful access, but turns into an alarm when it detects you're not at home - whether by GPS or not in range of wireless devices (home Wifi or maybe home stereo's Bluetooth).[/:m:7de1m2xq]
[:7de1m2xq]Ignoring the alarm, you'll know there's an issue, since your own ring won't get you in your house[/:m:7de1m2xq]
[:7de1m2xq]A smartphone app will let you reset the challenge code on the database (meaning a 1-time access where only the ID portion is required)[/:m:7de1m2xq]
[:7de1m2xq]As soon as you're in, your ring now has the right code and the duplicate is invalid[/:m:7de1m2xq][/list:o:7de1m2xq] [/:m:7de1m2xq]
[:7de1m2xq] If you get home first, your ring works fine, gets updated with a new code, and the duplicate won't work at all[/:m:7de1m2xq]
[:7de1m2xq] Depending on the technology within the NFC private tag (and I don't know enough about NFC to know if this is feasible), but perhaps at step 1A [b:7de1m2xq]also[/b:7de1m2xq] check a read-only record containing the manufacturer's product code, verifying the tag [u:7de1m2xq]is[/u:7de1m2xq] actually an NFC Ring and not just a random tag someone wrote NDEF records to.[/:m:7de1m2xq][/list:o:7de1m2xq]
While a completely clean door without anything on it would be cool - the technology isn't ready, in my opinion. It needs more proving and maybe something like credit card's "secure element" and various private/public key stuff can help prevent the simple duplication of data being read on the ring by any other sensor. Once that's fixed though, I totally want to embed the sensor in the door (or even the wall next to it), paint over it and have it simply look like you're pushing on the door to open it (when in fact you're unlocking it with your open palm just before you push).
[size=150:7de1m2xq]A second ring?[/size:7de1m2xq]
Put two hands on the door to open it? A bit painful, but obviously a bit harder to duplicate both ring's private tags at the same time. Even more complicated if you combine it with #1 above.
[size=150:7de1m2xq]Supporting Proximity Verification[/size:7de1m2xq]
Depending on the technology in the door sensor, it could also detect the Bluetooth device on your phone is in range. A bit risky, since your phone might have a flat battery or lost. Other items like the car's Bluetooth being in range, or even your credit card - although the latter can't be "used" by non-payment devices, it can still be detected as an NFC tag; I don't know if the readable data would be considered unique though. These could all be fallback methods if there's a problem, kind of like a 100 point ID check in the event of not being able to get in using other methods.
[size=150:7de1m2xq]Protect the Ring[/size:7de1m2xq]
Another idea I had was a small metal cover on the ring - one that either flips open or rotates around to expose the private tag.