It seems like everyone is focused on this week’s iPhone announcement. I will not be buying one anytime soon, due to the expected price tags of the iPhone 8 and X.
But the new NFC support caught my attention. I’ve been waiting for years for iPhone support of user authentication via NFC (near-field communication). Here’s my blog on the topic from 2012. Many Android phones have this capability. The user’s credentials are accessed via the iPhone’s secure enclave (a separate hardware storage area) for authenticating over the air—within a distance of 20 cm or so. Think Apple Pay for authentication to buildings and IT systems. The secure enclave allows for high assurance authentication and high usability—a difficult combination to achieve with user authentication.
But Apple did not implement NFC authentication. Rather, the new iPhones can scan NFC tags. NFC tags are typically powerless microchips embedded in plastic or paper. The chips store a bit of text in them. The NFC reader shines electromagnetic waves at the tag, which enables the reader to access the text. In the case of the new iPhones, you will likely need a third-party application to take some action based upon the tag’s text.
For example, you can scan an NFC tag near your front door to turn off your iPhone’s WiFi before you leave home. Or scan an NFC tag in your car to turn on Bluetooth before you play your Pantera and Bee Gees jams through your car audio. Both tags would help with your iPhone’s battery life .
The hacker in me loves the iPhone’s NFC tag capability, but the identity guy will need to wait a little bit longer.
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed
8 Comments
Unfortunately I think the hacker in you will have to wait too. I don’t believe any app will have the ability to control core OS functions like WiFi or Bluetooth simply by scanning an NFC tag.
Hi Niall! Thanks for the timely comment! NFC tag reading is isn’t worth much if you cannot take action upon them. I hope that Apple opens up at least some capability.
Thanks Mark. You’ll certainly by able to take action, but we see the immediate use case being for promotions – and possibly mobile payments via digital wallets. That said, it could also be possible to have a tag that controls an internet-connected ‘smart’ device like a thermostat or light via a web interface. The challenge for most people will be programming the tags, as there’s no way to do this directly via the iPhone.
Mark – completely agree – I too have been waiting for authentication via NFC and I feel like I’m reliving the years (ok decade) of begging Microsoft to open up their authentication layer to AD which we finally have with Windows Hello. Now Apple has a great opportunity between the secure enclave and the NFC capability to, as you said, provide a significant authentication assurance which in combination with other factors behind the scenes can lead to a level of identity assurance and ease of use that we’ve dreamed of for decades. There is a real opportunity here to not have to sacrifice security for ease of use.
Thanks for the marvelous posting! I certainly enjoyed reading it, you happen to be a great author.I will ensure that I bookmark your blog and will come back down the road. I want to encourage you to definitely continue your great work, have a nice weekend!
Hi Jim,
I share the exact same memories that you have regarding multi-factor authentication with Windows AD. Smart cards were the only game in town, but they are painful to deploy.
Mark,
Thank you very much for bringing this topic to attention.
Apple seems to keep the secure NFC functionality for ApplePay exclusively.
We already tested iOS 11 capabilities on available iPhones and can tell you this:
– NFC is available in unlocked mode only and with an active app in front.
– If an app wants to use NFC, it needs to actively start listening to NFC. The listing is limited to max 60 seconds. Which limits the user experience.
– Only reading is possible from an app. No writing / bidirectional mode. This would be necessary for secure authentication.
Basically, the current iOS NFC API provides a similar experience like “reading a QR-Code” with you app – no more.
Maybe there will be more possible with the new hardware, but since there is no API disclosed with iOS 11 we do not expect that.
So for the moment – secure user authentication has to be done by BLE.
Best,
Philipp
Phillip,
This is great information!
Mark