Articles
FIDO Alliance adds authentication support for NFC and BLE | NFC World
From the horse’s mouth
FIDO Alliance
My Comments
Soon it will be feasible for Bluetooth and NFC “touch-and-go” authentication to play a part in open-frame multiple-factor authentication thanks to FIDO Alliance. This is primarily to court those of us who are using mobile devices and want the same level of security as valued with regular computers.
The main goal of the FIDO Alliance was to get the USB transport interface working properly but then to have it work across other transports like Bluetooth and NFC? This is due to most mobile devices including an increasing number of laptops and “2-in-1” computers, coming with Bluetooth including Low-Energy (Bluetooth Smart Ready) and NFC functionality along with Android and Windows exploiting NFC functionality fully at the operating system level.
Example applications made feasible with Bluetooth and NFC in the second-factor authentication sphere include:
- use of a “touch-and-go” card or a Bluetooth keyfob as your second factor for authenticating to a service from your regular computer or your mobile device – the device doesn’t need a standard USB socket
- a smartphone that uses a software “second-factor” authentication program like Authy could transmit the second-factor code to your regular computer or tablet by Bluetooth or NFC “touch-and-go”.
As well, the fact that smartphones have a hardware (SIM-based) or software secure element means that they can become as much a strong partner in your data-security arsenal. The concept is also being extended to the idea of devices like smart locks and cars having the Bluetooth and / or NFC abilities along with an onboard secure element of some form.
Similarly the U2F and UAF specifications could earn their keep as a transport for other dedicated-purpose devices like smart locks which typically are implementing Bluetooth Low Energy and/or NFC technology as part of their presence in the Internet Of Everything. This can open up paths of innovation for integrating such devices in a personal-security web of trust.