Gartner Blog Network


iPhone X, NFC and Authentication: What Does It All Mean?

by Mark Diodati  |  September 14, 2017  |  8 Comments

It seems like everyone is focused on this week’s iPhone announcement. I will not be buying one anytime soon, due to the expected price tags of the iPhone 8 and X.

But the new NFC support caught my attention. I’ve been waiting for years for iPhone support of user authentication via NFC (near-field communication). Here’s my blog on the topic from 2012. Many Android phones have this capability. The user’s credentials are accessed via the iPhone’s secure enclave (a separate hardware storage area) for authenticating over the air—within a distance of 20 cm or so. Think Apple Pay for authentication to buildings and IT systems. The secure enclave allows for high assurance authentication and high usability—a difficult combination to achieve with user authentication.

But Apple did not implement NFC authentication. Rather, the new iPhones can scan NFC tags. NFC tags are typically powerless microchips embedded in plastic or paper. The chips store a bit of text in them. The NFC reader shines electromagnetic waves at the tag, which enables the reader to access the text. In the case of the new iPhones, you will likely need a third-party application to take some action based upon the tag’s text.

For example, you can scan an NFC tag near your front door to turn off your iPhone’s WiFi before you leave home. Or scan an NFC tag in your car to turn on Bluetooth before you play your Pantera and Bee Gees jams through your car audio. Both tags would help with your iPhone’s battery life .

The hacker in me loves the iPhone’s NFC tag capability, but the identity guy will need to wait a little bit longer.

Category: authentication  iam  iphone  mobile  nfc  

Mark Diodati
Research VP
6 years at Gartner
21 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include mobility, authentication, cloud idenitity, federation, directory services, provisioning, identity services, Active Directory interoperability, Web access management…Read Full Bio


Thoughts on iPhone X, NFC and Authentication: What Does It All Mean?


  1. Niall Cook says:

    Unfortunately I think the hacker in you will have to wait too. I don’t believe any app will have the ability to control core OS functions like WiFi or Bluetooth simply by scanning an NFC tag.

  2. Mark Diodati says:

    Hi Niall! Thanks for the timely comment! NFC tag reading is isn’t worth much if you cannot take action upon them. I hope that Apple opens up at least some capability.

  3. Niall Cook says:

    Thanks Mark. You’ll certainly by able to take action, but we see the immediate use case being for promotions – and possibly mobile payments via digital wallets. That said, it could also be possible to have a tag that controls an internet-connected ‘smart’ device like a thermostat or light via a web interface. The challenge for most people will be programming the tags, as there’s no way to do this directly via the iPhone.

  4. Jim Ducharme says:

    Mark – completely agree – I too have been waiting for authentication via NFC and I feel like I’m reliving the years (ok decade) of begging Microsoft to open up their authentication layer to AD which we finally have with Windows Hello. Now Apple has a great opportunity between the secure enclave and the NFC capability to, as you said, provide a significant authentication assurance which in combination with other factors behind the scenes can lead to a level of identity assurance and ease of use that we’ve dreamed of for decades. There is a real opportunity here to not have to sacrifice security for ease of use.

  5. Thanks for the marvelous posting! I certainly enjoyed reading it, you happen to be a great author.I will ensure that I bookmark your blog and will come back down the road. I want to encourage you to definitely continue your great work, have a nice weekend!

  6. Mark Diodati says:

    Hi Jim,
    I share the exact same memories that you have regarding multi-factor authentication with Windows AD. Smart cards were the only game in town, but they are painful to deploy.

  7. Mark,
    Thank you very much for bringing this topic to attention.
    Apple seems to keep the secure NFC functionality for ApplePay exclusively.
    We already tested iOS 11 capabilities on available iPhones and can tell you this:
    – NFC is available in unlocked mode only and with an active app in front.
    – If an app wants to use NFC, it needs to actively start listening to NFC. The listing is limited to max 60 seconds. Which limits the user experience.
    – Only reading is possible from an app. No writing / bidirectional mode. This would be necessary for secure authentication.
    Basically, the current iOS NFC API provides a similar experience like “reading a QR-Code” with you app – no more.
    Maybe there will be more possible with the new hardware, but since there is no API disclosed with iOS 11 we do not expect that.
    So for the moment – secure user authentication has to be done by BLE.
    Best,
    Philipp

  8. Mark Diodati says:

    Phillip,

    This is great information!

    Mark



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.