Near Field Communication
Near Field Communication or NFC, is a short-range high frequency wireless
communication technology which enables the exchange of data between devices
over about a 10 centimeter (around 4 inches) distance.
Imagine yourself using your cellphone to interact with posters, magazines, and even
with products while at the store, and with such interaction initiating a request or
search for related information in real-time.
Other usages of NFC include the electronic wallet to make payments using your
handset, the same way you do with your credit card.
With NFC all this is possible and leveraged it in your Java application by using the
Contactless Communications API. But NFC is still a young technology.
That said, NFC-enabled handsets are being introduced into the market, and
deployments and pilots around the world are occurring.
408.656.2498 email@example.com 2
The technology is a simple extension of the ISO/IEC 14443 proximity-card
standard (contactless card, RFID) that combines the interface of a smartcard and
a reader into a single device.
An NFC device can communicate with both existing ISO/IEC 14443 smartcards
and readers, as well as with other NFC devices, and is thereby compatible with
existing contactless infrastructure already in use for public transportation and
NFC is primarily aimed at usage in mobile phones.
Near-field Communication or NFC is a standard defined by the NFC Forum, a
global consortium of hardware, software/application, credit card companies,
banking, network-providers, and others who are interested in the advancement
and standardization of this promising technology.
408.656.2498 firstname.lastname@example.org 3
NFC operates on the 13.56 MHz frequency, with data transfers of up to 424 kilobits
per second and is triggered when two NFC-compatible devices are brought within
close proximity, around four centimeters. Because the transmission range is so short,
NFC-based transactions are inherently secure.
How do NFC compares
to the other short-
The following table
provides a quick
408.656.2498 email@example.com 4
Like ISO/IEC 14443, NFC communicates via magnetic field induction, where two
loop antennas are located within each other's near field, effectively forming an air-
core transformer. It operates within the globally available and unlicensed
radio frequency ISM band of 13.56 MHz, with a bandwidth of 14 kHz.
There are two modes:
Passive Communication Mode: The Initiator device provides a
carrier field and the target device answers by modulating Active Passive
existing field. In this mode, the Target device may draw its device device
operating power from the Initiator-provided electromagnetic 424
field, thus making the Target device a transponder. 212 Manchester, Manchester,
Active Communication Mode: Both Initiator and Target device kBd 10% ASK 10% ASK
communicate by alternately generating their own field. A 106
kBd 10% ASK
device deactivates its RF field while it is waiting for data. In 100% ASK
this mode, both devices typically need to have a power
408.656.2498 firstname.lastname@example.org 5
• Working distance with compact standard antennas: up to 20 cm
• Supported data rates: 106, 212, 424 or 848 kbit/s
• NFC employs two different codings to transfer data. If an active device transfers
data at 106 kbit/s, a modified Miller coding with 100% modulation is used. In all
other cases Manchester coding is used with a modulation ratio of 10%.
• NFC devices are able to receive and transmit data at the same time. Thus, they
can check the radio frequency field and detect a collision if the received signal
does not match with the transmitted signal.
408.656.2498 email@example.com 6
The NFC Forum has released eleven specifications to date
• NFC Data Exchange Format (NDEF) - Common data format for devices and tags
• NFC Tag Types 1,2,3 &4 Operation - Defines RW operation for NFC tags
• NFC Record Type Definition (RTD) - Standard record types used in messages
• Smart Poster RTD - For posters with tags with text, audio or other data
• Text RTD - For records containing plain text
• Uniform Resource Identifier (URI) RTD - For records that refer to an Internet
• Generic COntrol Record Type Definition (RTD) - Ways to request an action
• Connection Handover Specification - How to establish a connection with other
408.656.2498 firstname.lastname@example.org 7
Uses and applications
NFC technology is currently mainly aimed at being used with mobile phones.
There are three main use cases for NFC:
card emulation: the NFC device behaves like an existing contactless card
reader mode: the NFC device is active and read a passive RFID tag, for
example for interactive advertising
P2P mode: two NFC devices are communicating together and exchanging
408.656.2498 email@example.com 8
Uses and applications
Plenty of applications are possible, such as:
Mobile ticketing in public transport — an extension of the existing
Mobile payment — the device acts as a debit / credit payment card.
Smart poster — the mobile phone is used to read RFID tags on outdoor
billboards in order to get info on the move.
Bluetooth pairing — in the future pairing of Bluetooth 2.1 devices with NFC
support will be as easy as bringing them close together and accepting the
pairing. The process of activating Bluetooth on both sides, searching,
waiting, pairing and authorization will be replaced by a simple "touch" of the
408.656.2498 firstname.lastname@example.org 9
Uses and applications
Other applications in the future could include:
Electronic ticketing — airline tickets, concert/event tickets, and others
Electronic keys — car keys, house/office keys, hotel room keys, etc.
NFC can be used to configure and initiate other wireless network
connections such as Bluetooth, Wi-Fi or Ultra-wideband.
408.656.2498 email@example.com 10
Uses and applications
A patent licensing program for NFC is currently under development by Via
Licensing Corporation, an independent subsidiary of Dolby Laboratories.
A Public platform independent Near Field Communication (NFC) library is
released under the free GNU General Public License by the name libnfc.
In December 2008 the application eCL0WN was released which allows you to
read and copy the chip content of biometric passports.
408.656.2498 firstname.lastname@example.org 11
NFC vs Bluetooth
NFC and Bluetooth are both short-range communication technologies which have
recently been integrated into mobile phones.
The significant advantage of NFC over Bluetooth is the shorter set-up time. Instead
of performing manual configurations to identify Bluetooth devices, the connection
between two NFC devices is established at once (under a tenth of a second).
To avoid the complicated configuration process, NFC can be used for the set-up of
wireless technologies, such as Bluetooth.
The maximum data transfer rate of NFC (424 kbit/s) is slower than Bluetooth (2.1
With less than 20 cm, NFC has a shorter range, which provides a degree of security
and makes NFC suitable for crowded areas where correlating a signal with its
transmitting physical device (and by extension, its user) might otherwise prove
408.656.2498 email@example.com 12
NFC vs Bluetooth
In contrast to Bluetooth, NFC is compatible with existing RFID structures.
NFC uses significantly less power than Bluetooth, and NFC can also work when one
of the devices is not powered (e.g. on a phone that may be turned off, a
contactless smart credit card, a smart poster, etc.).
Network Type Point-to-point Point-to-multipoint
Range < 0.2 m 10 m
Frequency 13.56 MHz 2.4-2.5 GHz
Bit rate 424 kbit/s 2.1 Mbit/s
Set-up time < 0.1 s 6s
Compatible with RFID Yes No
408.656.2498 firstname.lastname@example.org 13
NFC was approved as an ISO/IEC standard on December 8, 2003 and later as
an ECMA standard.
NFC is an open platform technology standardized in ECMA-340 and ISO/IEC
18092. These standards specify the modulation schemes, coding, transfer
speeds and frame format of the RF interface of NFC devices, as well as
initialization schemes and conditions required for data collision-control during
initialization-for both passive and active NFC modes. Furthermore, they also
define the transport protocol, including protocol activation and data-exchange
methods. Air interface for NFC is standardized in: ISO/IEC 18092 / ECMA-340 :
Near Field Communication Interface and Protocol-1 (NFCIP-1) ISO/IEC 21481 /
ECMA-352 : Near Field Communication Interface and Protocol-2 (NFCIP-2)
408.656.2498 email@example.com 14
NFC incorporates a variety of pre-existing standards including ISO/IEC 14443
both Type A (normal) and Type B (banking/short range), and FeliCa. NFC
enabled phones thus show basic interoperability with the preexisting reader
infrastructure. Especially in "card emulation mode" a NFC device should at least
transmit a unique ID number to a pre-existing reader.
In addition, NFC Forum has defined a common data format called NDEF, which
can be used to store and transport different kinds of items, ranging from any
MIME-typed object to ultra-short RTD-documents, such as URLs.
NDEF is conceptually very similar to MIME. It is a dense binary format of so-
called "records", in which each record can hold a different type of object. By
convention, the type of the first record defines the context of the entire
408.656.2498 firstname.lastname@example.org 15
The Forum is a non-profit industry association announced on March 18, 2004
by NXP Semiconductors, Sony and Nokia to advance the use of NFC short-range
wireless interaction in consumer electronics, mobile devices and PCs.
The NFC Forum promotes implementation and standardization of NFC
technology to ensure interoperability between devices and services.
In September 2008, there were over 150 members of the NFC Forum.
408.656.2498 email@example.com 16
The GSM Association (GSMA) is the global trade association representing 700 mobile
phone operators across 218 countries of the world.
They have launched two initiatives:
the Mobile NFC initiative: fourteen mobile network operators, who together
represent 40% of the global mobile market back NFC and are working together to
develop NFC applications. They are Bouygues Télécom, China Mobile, AT&T, KPN,
Mobilkom Austria, Orange, SFR, SK Telecom, Telefonica Móviles España, Telenor,
TeliaSonera, Telecom Italia Mobile (TIM), Vodafone and 3
On 13 February 2007, they published a white paper on NFC to give the point of view
of mobile operators on the NFC ecosystem.
the Pay buy mobile initiative seeks to define a common global approach to using
Near Field Communications (NFC) technology to link mobile devices with payment
and contactless systems. To date, 30 mobile operators have joined this initiative.
408.656.2498 firstname.lastname@example.org 17
StoLPaN (‘Store Logistics and Payment with NFC’) is a pan-European consortium
supported by the European Commission’s Information Society Technologies
program. StoLPaN will examine the as yet untapped potential for bringing
together the new kind of local wireless interface, NFC and mobile
Other standardization bodies
Other standardization bodies that are involved in NFC include:
ETSI / SCP (Smart Card Platform) to specify the interface between the SIM card
and the NFC chipset.
GlobalPlatform to specify a multi-application architecture of the secure element.
EMVCo for the impacts on the EMV payment applications.
408.656.2498 email@example.com 18
The NFC forum defines three communication modes, as illustrated next:
Peer-to-Peer mode is defined
for device to device link-level
communication. Note that this
mode is not supported by the
Contactless Communication API.
Read/Write mode allows
applications for the transmission
of NFC Forum-defined messages.
Note that this mode is not secure.
This mode is supported the
Contactless Communication API.
NFC Card Emulation mode allows the NFC-handset behave as a standard
Smartcard. This mode is secure. This mode is supported by the Contactless
408.656.2498 firstname.lastname@example.org 19
Bluetooth Short-range (10–100m) wireless communication protocol
GSM Global System for Mobile communication
NFC Near Field Communication
PDA Personal Digital Assistant
RF Radio Frequency
RFID Radio Frequency Identification
SoC System on Chip
UWB Ultra Wide Band
WCDMA Wideband Code Division Multiple Access
WiFi Wireless Fidelity – wireless networking technology based on IEEE 802.11
408.656.2498 email@example.com 20
NDEF - NFC Data Exchange Format - standard exchange formats for URI, Smart
RTD - Record Type Definition - An NFC-specific record type and type name which
may be carried in an NDEF record
NDEF message - Basic message construct defined by this specification. An NDEF
message contains one or more NDEF records
NDEF record - Contains a payload described by a type, a length, and an optional
NDEF payload - The application data carried within an NDEF record
408.656.2498 firstname.lastname@example.org 21
Although the communication range of NFC is limited to a few centimeters, NFC alone
does not ensure secure communications. In 2006, Ernst Haselsteiner and Klemens
Breitfuß described different possible types of attacks.
NFC offers no protection against eavesdropping and is also vulnerable to data
modifications. Applications have to use higher-layer cryptographic protocols (e.g., SSL)
to establish a secure channel.
The RF signal for the wireless data transfer can be picked up with antennas. The
distance from which an attacker is able to eavesdrop the RF signal depends on
numerous parameters, but is typically a small number of meters. Also, eavesdropping
is extremely affected by the communication mode. A passive device, which does not
generate its own RF field is much harder to eavesdrop on than an active device. An
Open source device which is able to eavesdrop passive and active NFC
communications is the Proxmark instrument.
408.656.2498 email@example.com 22
Data destruction is relatively easy to realize.
One possibility to perturb the signal is the usage of an RFID jammer.
There is no way to prevent such an attack, but if the NFC devices check the RF field
while they are sending, it is possible to detect it.
Unauthorized modification of data, which results in valid messages, is much more
complicated and demands a thorough understanding.
In order to modify the transmitted data an intruder has to deal with the single bits of
the RF signal.
The feasibility of this attack, i.e., if it is possible to change the value of a bit from 0 to
1 or the other way around, is amongst others subject to the strength of the
If data is transferred with the modified Miller coding and a modulation of 100%, only
certain bits can be modified.
408.656.2498 firstname.lastname@example.org 23
A modulation ratio of 100% makes it possible to eliminate a pause of the RF signal,
but not to generate a pause where no pause has been. Thus, only a 1 which is
followed by another 1 might be changed. Transmitting Manchester encoded data
with a modulation ratio of 10% permits a modification attack on all bits.
Because NFC devices are usually also implementing ISO/IEC 14443 functionality, the
relay attack described are also feasible on NFC.
For this attack the adversary has to forward the request of the reader to the victim
and relay back its answer to the reader in real time, in order to carry out a task
pretending to be the owner of the victim’s smart card.
One of libnfc code examples demonstrates a relay attack using only two stock
commercial NFC devices.
408.656.2498 email@example.com 24
Java specification, led
by Nokia and defined
Java Community Process as JSR-257
, defines a set of APIs
408.656.2498 firstname.lastname@example.org 25
Anatomy of a Contactless
Communication API MIDlet
Where we have the following
The Java Runtime with JSR-257
the MIDlet application running on a
RFID/NFC transponder, controllers,
a SIM card, as well as secure and
408.656.2498 email@example.com 26
Nokia 6216 Classic
Nokia 6212 Classic
Nokia 3220 + NFC Shell
Samsung SGH-X700 NFC
SAGEM my700X Contactless
LG 600V contactless
An NFC mobile phone interacting
Motorola L7 (SLVR) with a 'smart poster'
408.656.2498 firstname.lastname@example.org 27
Using the Contactless
The Contactless Communication API allows
you to discover and exchange data with
supported contactless radio and visual
Applications using the Contactless
Communication API typically follow the
flow illustrated next:
The first step is for the application to
query the implementation to discover the
target types that are supported by the
408.656.2498 email@example.com 28
Using the Contactless
For each supported target type, the application can register a target listener to
receive activity notifications. Alternatively, the application can register with the
PushRegistry for activation due to target activity; supported target activities are
NDEF and secure element in card emulation mode activities,
As targets come into proximity, they are detected (discovered) by the
implementation, which in turn notifies the application(s) by invoking the
appropriate activity listeners. Alternatively the PushRegistry activates the MIDlet,
For each discovered target, the application can learn the target's properties,
The application can connect to, read, write and exchange data with the
When done, to release resources, the application closes any opened
408.656.2498 firstname.lastname@example.org 29
As NFC becomes more widely adopted as a mass-market technology, the
advantages of SoC implementations become more compelling. Bluetooth chipset
manufacturers have already shown that Bluetooth/FM integration provides a
successful business model in the mobile phone market. If anything, the business
case for Bluetooth/NFC integration is even better, across a broader range of
applications – and this model applies equally well to other chipsets.
Designing and implementing NFC SoC circuitry requires detailed knowledge and
experience. Mistakes or late changes in the design of a Bluetooth or WiFi chipset
could cost hundreds of thousands of dollars to put right.
It therefore makes sense for chipset manufacturers considering on-chip
implementations of NFC to seek expert help and guidance in the design process.
Innovision Research & Technology has been in the business of developing NFC IP
for many years – since its inception, in fact – and is now helping several key
industry players add integrated NFC to their offerings.
408.656.2498 email@example.com 30