Saturday, February 18, 2017

Consider Appler's security issue with NFC

Apple wants yo restrict use of NFC,presumably because NFC is the money port and Apple wants security over that port.  But as a general computing device, we want all applications to use the IO ports.

The contradiction is resolved when we imagine a simple credit card talking NFC for cash use only.  At the check out counter, any customer around is free to use their own NFC port under the comm protocol.  The credit card must tokenize, and that is where security comes from.

Apple has the right idea, wrong approach. The better idea is to keep secret keys protected, then let protected code use those keys to generate validating tokens, usable on any port.

The only reason smart card would use NFC is convenience, it is better than price beacon and Wi Fi is overkill. Security for cisco and Apple is all about end points holding protected keys which no human, including the holder, can ever see.

No comments: