What NFC Does For Your Phone

Sep 8th 2015 Tony Rosati

Could your smartphone replace your entire wallet?

The most common use for NFC technology is to turn a smartphone into a digital wallet. It can collect and store the data from credit and debit cards, and any other card with an NFC tag. The phone can then be used to complete financial transactions at businesses and banks equipped with NFC capable machines.

Some apps, like Android Beam, allow two phones to share and transfer contact files, photos, and even games.

There are a few forward thinking businesses, like the Museum of London, who have started integrating NFC tags into some of their displays. Visitors can touch their phones to a display's tag to get more information about the exhibit and even interact with it.

As the technology becomes more widely implemented, there are numerous arrays of possible applications for smartphones.

Anywhere a card is used to interact with an object, an NFC tag can replace the card. It is conceivable that a smartphone could one day replace library cards, customer rewards cards, hotel key cards, driver's licenses, passports, health cards, and even fobs for keyless access to cars.

In addition to museum displays, why not use a smartphone to interact with marketing displays in a store, ads in a magazine, bus schedules, or subway maps?

But what is NFC?

NFC is a new use for old radio technology — more specifically radio frequency identification (RFID), which uses electromagnetic fields to communicate with other devices in close proximity.

How close do the devices have to be to communicate? They should be 10 centimeters apart or less (under 4 inches). Since it is a radio frequency, it does not require any sort of connection to the Internet or any server.

Radio chips, more commonly referred to as tags, hold small amounts of read-only memory. These tags are becoming more and more common. They originated with shipping labels, but can now be found on designer clothing, credit cards, and advertisements.

There is another component to NFC technology; the applications and programs that tell tags what to do with the data. An active tag in a machine, such as a debit machine at the grocery store, requires the proper software to tell it how to handle the financial data stored on the passive tag on a credit card.

Most importantly, you need to be careful with your security. Almost any software company can make NFC tags; few of them are properly secured. It's a very simple process to “clone” a tag, hiding vicious malware or a virus for your device. Instead of hiding from this technology, simply make sure that the tag is protected by security encryption. Find an app, like BLACKSEAL, that will ensure your phone connects with protected tags.

NFC has the potential to reduce the size of wallets, save on paper and plastic, and enhance customer and patron interactions. So what is NFC currently doing for your phone?

How is NFC Revolutionizing Advertising Campaigns?

Jul 22nd 2015 Tony Rosati

The options for using NFC tags in advertising are endless. NFC (or near field communication) is a wireless technology that facilitates fast and efficient transferral of data between two enabled devices. A consumer with an NFC-enabled smartphone can quickly scan a tag on a product or promotional poster simply by touching their phone against it.

Marketers have revolutionized advertising campaigns by adding this technology to their promotional kit. NFC has created exciting possibilities by using a wide range of cross-media functionality.

Consumers expect rapid data speeds, and they are often unwilling to wait. NFC helps facilitate the exchange of information, and because of its numerous functions, it is likely to become an even larger part of every consumer's life very soon. NFC tags are small and inexpensive, making them the perfect fit for small items like business cards, stickers, and prescription bottles, and they are also tough enough to withstand outdoor use.

NFC has a huge potential for every commercial industry, for a wide range of reasons:

Target Websites

Print signage has been taken to new heights. As the amount of NFC-enabled smartphones is predicted to reach 1.2 billion shipments by 2018, the technology provides an innovative solution for marketers that want to remain ahead of the curve.

When links are used in NFC advertising campaigns, users are directly transported to the product websites. In our fast-paced world, consumers are constantly swamped with a range of advertisements on a daily basis. Even if they have interest in a product they can easily forget the information they have seen when they try and recall it later.

NFC allows them to save this website for future use and provide the opportunity to learn more about the product, service, or campaign they find interesting.

Mobile Applications

NFC tags also link consumers to certain mobile applications. This is a great way for service providers to stay in contact with their customers, providing updates and further information on popular items. Mobile applications often promise exclusive content, making them attractive to users who want to receive the latest news on their favourite products.

In the summer of 2013, Domino's Pizza launched a campaign to promote its new mobile app by using NFC-enabled advertisements outdoors. People can download the app by tapping a tag. Their campaign was highly successful during a usually slow time for pizza retailers, the summer.

Pizza is not the only food industry capitalizing on NFC advertising: many dine-in restaurants are adding these tags to their menus. Diners can view the menu using an NFC tag before they make their decision. They can book tables, order their meals, and even pay for their food using the technology.

Social Media

On the consumer side, NFC advertising campaigns have made good use of social media. Users can tap a tag to check-in at a location using Foursquare, connect to a company's Facebook page, update their Facebook status, friend or follow a company or person on Facebook, and follow someone on Twitter.

Almost every commercially active individual is connected to social media, which is why these advertising campaigns make intelligent use of the technology. Beyond social media, NFC tags are also used to map locations, make phone calls, send text messages, and share contacts.

For businesses running these marketing campaigns, this technology can provide them with the analytics to determine consumer preferences and product success. This will allow marketing teams to tailor the products and experiences to offer to specific consumers.

Despite the numerous benefits, security is still a concern. NFC tags can be cloned, compromised, or even infected with malware. Apps like BlackSeal provide users with the assurance that the tag they tap has been certified safe with ECC encryption technology. You wouldn't download information from an unsecured website; tapping your phone onto an unsecured tag is equally dangerous.

Yet the potential for the growing NFC technology in advertising is too great to be ignored. Traditional media campaigns cannot compare to the amount of data going to both the consumer and the organizers. When used properly in advertising, NFC provides the consumers with the product knowledge they need, and businesses with the market research they crave.

How To Get Signatures On Smaller NFC Tags

Jun 22nd 2015 Jason Smith

BlackSeal currently requires NFC tags with about 500 bytes of memory available to be able to fit a URL plus a signature on the tag. But is it possible to use a lower cost tag with less memory available? The theoretical answer is yes, however, it does come with some caveats. Let's look into some of the technical details.

At a high level, a BlackSeal NFC tag contains two things: (1) a URL and (2) a signature. The size of the URL for BlackSeal is a fixed length since it uses a URL redirect service. So at a minimum all URLs look something like this:


However, to protect against tag cloning, we also include some hardware attributes of the tag you are writing to. So URLs will actually look more like this:


The amount of memory required to store the URI record breaks down as follows:

            =  4 bytes - NDEF Header
            = 15 bytes - URL
            ~ 15 bytes - Hardware Attributes
~ 34 bytes - Total

The larger portion of the data is the signature record. The signature record contains a few things: (1) a version, (2) a signature and (3) a certificate chain. The version field is always a fixed length of 1 byte. The signature itself is 68 bytes — 64 bytes for the signature* plus 4 bytes of metadata. And finally, the certificate chain contains the certificates of the entities used to create the signature, minus the root certificate. In the case of BlackSeal, the certificate chain contains two certificates, an issuer certificate and a signer certificate. For the BlackSeal trial period, all messages are signed by the same entity resulting in the certificate chain being 301 bytes — 141 bytes for the signing certificate, 155 bytes for the issuing certificate and 5 bytes of metadata.

The amount of memory required to store the signature record breaks down as follows:

            =   9 bytes - NDEF Header
            =   1 byte  - Version
            =  68 bytes - Signature
                          64 bytes - Signature
                           4 bytes - Metadata
            = 301 bytes - Certificate Chain
                          141 bytes - Certificate #1
                          155 bytes - Certificate #2
                            5 bytes - Metadata
= 379 bytes - Total

So in total, for the complete NDEF message we get the following:

            ~  34 bytes - URI Record
            = 379 bytes - Signature Record
~ 413 bytes - Total

So how can we make this smaller? The solution is in the details of the Signature RTD specification. There are a couple of things we can change to use less data: (1) how we store the signature and (2) how we store the certificate chain. In both cases, the Signature RTD specification shows that a URI reference can be used instead of the raw data. So if we use a short URL, like above – assuming a URL can fit into 22 bytes, we can reference the Signature and the Certificate Chain with a URL resulting in each of those values reducing from 68 bytes and 301 bytes to 26 bytes and 23 bytes, respectively. Total savings = 323 bytes! The signature record now breaks down as:

            =  6 bytes - NDEF Header
                         Saved 3 bytes here for it
                         becoming a short record
            =  1 byte  - Version
            = 26 bytes - Signature
                         22 bytes - URI reference
                          4 bytes - Metadata
            = 23 bytes - Certificate Chain
                         22 bytes - URI reference
                          1 byte  - Metadata
= 56 bytes - Total

So we can store an equivalent BlackSeal NDEF message in 90 bytes instead of the current 413 bytes. So why isn't this the default storage mechanism? It comes down to verification. The current format allows you to verify a message offline since the message itself contains all the required data to do the verification. By changing the signature and certificate chain to use URI references, verification can only be done online since the data needs to be fetched from those URLs before verification can be done.

* The signature is 64 bytes due to using curve P-256.

Alibaba Group Sued Again Over Alleged Counterfeits

May 22nd 2015 Tony Rosati

The mainstream press was buzzing this week over the lawsuit launched by Kering, the parent company for luxury brands Gucci, Yves Saint Laurent and Bottega Veneta. Kering accused Alibaba Group, a Chinese ecommerce company, for encouraging counterfeiting of its products.

Kering's lawsuit states that Alibaba “provided the marketplace advertising and other essential services necessary for counterfeiters to sell their counterfeit products to customers in the United States.”

It's no secret that 70% of all counterfeit goods seized globally come from China.  If it's a high-end brand, the chances are high that you can buy a knockoff from China through Alibaba. Don't take my word for it. Go ahead and search Alibaba for yourself; it's amazing what you can find. For example, I found a Foscarini pendant light for $110 with free shipping included. The normal retail price for the authentic product is $1200.00. Considering these vastly different price points, it is no surprise that Kering wants to crack down on counterfeit goods that are edging into their profits.

Alibaba reports that they are taking steps to combat counterfeiting such as:

  1. Removing products that are in violation of copyrights. Prior to their IPO, Alibaba said they removed 100 million potentially counterfeit products, providing an indication of the size of the problem. Alibaba clearly removed these products for the IPO.
  2. Placing proprietary QR Codes on products. This solution comes from Israeli startup Visualead. This proprietary QR code requires Alibaba's Taobao mobile app to scan the one time code. The code can only be scanned once to test the authenticity; subsequent scans would presumably indicate a copy. Why can't a counterfeiter simply copy the QR code and claim the item is authentic and that it was scanned by accident? What can Alibaba or the end user do?

It's unclear if the actions they have taken so far are having an impact. Kering clearly doesn't think so. This raises some interesting questions:

  1. Does Alibaba actively seek to find copyright infringing products on their platform and remove them? I would guess the answer is yes, if it's blatantly obvious. On the other hand, they don't want to alienate their clients, so there is no real incentive to dig too deep. I would also guess that infringers just have to make it a little apparent. My quick search shows that it's fairly clear what they're doing.
  2. Is it up to brand owners like Kering to identify counterfeit products and to make Alibaba aware so they can delist them? Given the current state of affairs in China, the answer is YES, but it's not working that well. Counterfeiters likely just relist a product so that it's not as obvious.
  3. Can QR codes solve this problem? QR codes are easily copied. Even if a mobile client detects a copy, Alibaba won't know if it's a counterfeit or not. It can be the real item scanned more than once, so it's unclear how this helps.

There are clearly several problems with Alibaba's system. But what is the solution? Here is where TrustPoint's BLACKSEAL can help. So how is TrustPoint's BLACKSEAL different?

BLACKSEAL uses NFC tags, where a fingerprint of the hardware is cryptographically signed so that any attempts to copy would be detected as a true counterfeit. In addition, BLACKSEAL analytics give brand owners a window into clone attempts, including the location of the clone attempts. Check it out to see how one can detect counterfeits, and how it provides a promising future to help companies like Kering protect the authenticity of their brands.

QR Codes vs. NFC Tags

Mar 26th 2015 Tony Rosati
QR Codes vs. NFC Tags

In the context of brand marketing, Quick Response (QR) codes are used to conveniently connect interested mobile users to a brand (usually a mobile landing page). That connection gives the brand information through analytics, while offering the consumer product information, promotions, contests, etc. Ultimately, the brand wants to offer the most optimal consumer experience at any point in time, pre-sale or post-sale.

QR Codes are established

Much has been written about the effectiveness of QR codes. They are ugly and are a pain to scan for the consumer (you need to download an app and fiddle with your phone in the right light), but they are free and very recognizable. Today, QR codes are used extensively in retail. Printed on labels and/or the product, ideally, they link the consumer to product information, a promotion, or some other useful information on a mobile optimized landing page. Here are a few QR code success stories.

QR Code Pros

QR codes stand out. Consumers know exactly what to do. If a consumer is going to the trouble to scan a QR code then they are probably very interested in the product.

QR Code Cons

The main complaint is that they are hard to scan. Many consumers give up or don't bother. They must open an app and scan in sometimes-difficult lighting conditions. Thus, they are not as effective as they could be. As well, QR codes can be easily modified, and thus are not secure; they can be used to launch phishing attacks.

Enter Near Field Communication (NFC) tags

NFC is short-range, low-power, wireless technology, available in most smartphones. It enables consumers to interact with the world around them with a simple touch or tap, and NFC tags are low-cost passive memory devices powered directly by the smartphone when tapped.

The first major rollout of NFC is in mobile payments: Apple Pay and Google Wallet. Most new Point of Sale (POS) terminals now support NFC. The NFC symbol shown above or the Visa payWave symbol symbol is found on most NFC enabled POS terminals. I would expect that it will become familiar to most consumers over time.

NFC Tag Pros

NFC tags are really easy to use — just tap the tag. No special application to open, it's built into the smartphone, and NFC tags are much more secure than QR codes. The NFC Forum Signature RTD 2.0 adds integrity and authenticity to NFC tag data so it can't be tampered with. Here's how it works, for those interested.

NFC Tag Cons

Firstly, NFC tags are new, so the symbol won't be widely recognized for some time. Secondly, Apple does not support NFC tag reading. Everyone else supports it, but Apple is likely to start supporting NFC tag reading, as they already use NFC for Apple Pay. Thirdly, NFC tags are more expensive (on the order of $0.10) than printed QR codes, which are essentially free. The first two issues will most likely be a non-issue over time.

The Verdict

QR codes could be replaced with the more convenient NFC tags; however, there is an additional cost. It is reasonable to assume that product manufacturers would want to take advantage of consumer convenience and security. A reasonable prediction is that NFC tags will be used on higher value items that can bear the cost and would demand higher levels of security. It is also reasonable to assume that QR codes and NFC tags will be used together until NFC tag reading appears in Apple iPhones.

Getting the most of QR Codes or NFC tags

These technologies are all about connecting interested consumers conveniently to the brand. To get the most out of these technologies, brands have to manage both QR codes and NFC tags over their useful life. Read more about how TrustPoint's new NFC tag management platform, BlackSeal, can make this easier, and offer brands new insight into consumer behavior.

Recent Posts