When you enable the nfc dictionary in the pass what does that pass do? It emulates an MIFARE card or simply extends Apple Pay with some extra data?
Yes, it certainly is possible to get an NFC certificate. However, the details of the implementation are protected by an NDA. There is a link where you can apply for a certificate here
Related
First, forgive my complete ignorance. I've tried to research this, but I clearly don't know the correct terminology for what I'm trying to accomplish.
I'm trying to set up NFC chips that link to separate, unique profiles. The profiles will be to a web app, but I want to hide the hyperlink to prevent someone from being able to copy the direct link to the profile and put it into another NFC Chip.
Example: A Plastic Business Card with an NFC chip that takes someone to a unique web app profile on their phone. I want to make sure someone can't create a new card and copy/paste the profile link into the new card on their own.
Note: The NFC Chip at this current moment will NOT be used for contactless payments.
Thanks.
So first point, security on NFC is hard, you can make it more difficult but not impossible to get the data from the card depending on how tightly you can control access to readers etc.
But from the sounds of it you are looking just to prevent casual copying.
It also sounds that you want the reading device to be a reading device.
So there are various techniques you can use to prevent casual copying, below I'll list a few in some order of complication (some can be used in combination with others):-
There is a common theme and drawbacks to some of these techniques.
You have to write your own phone App and get it to display the web App in it's own webview as you do not want the URL shown in a standard web browsers address bar.
Any protections you put in the phone App can be extracted from it by reverse engineering the phone App.
Use a NFC Tag like the Ntag21x range that has read password protection. You would write a phone App that knows the password to read the URL and then the App displays it
Encrypt the data on the card using standard encryption method and write an phone App that knows how to decrypt it and has the encryption keys to read the URL
Don't use a standard data format like Ndef but use your own data format again you phone app needs to know how you formatted the data to display
You can make reverse engineering of item 1 and 2 harder by not storing the "secrets" in the App itself but have it get it across the network at run time, but getting the secret can be reverse engineered or sniffed from the network.
I successfully created a pass with PassKit. But I want to add NFC capability to this pass to, when other smartphone (NFC reader) read the card, an URL will be opened to this smartphone.
I don't know if I need to do an NFC Certificate request for Apple Pay, because I don't want to use NFC for Apple Pay (https://developer.apple.com/contact/passkit/) ?
Can I achieve this without a certificate ?
No, you absolutely must have a certificate authorizing the use of NFC even if it is not a payment.
To obtain a certificate, contact Apple: http://developer.apple.com/contact/passkit.
But they rarely answer
Is there a public specification for the NFC part of the new-for-2020 App Clip? Is it just an External NDEF record? I'm asking as someone who is responsible for encoding NFC and RFID chips, not as an app developer.
As #Gereon said they are just URL's and for NFC they would be URI records and the NFC specification for URI's is available at https://github.com/haldean/ndef/blob/master/docs/NFCForum-TS-RTD_URI_1.0.pdf
We are developing mobile app in which customers can access multiple loyalty programs. The most convenient way for customers is to use nfc loyalty card and we are in search of ways to implement it via google pay passes and apple wallet passes
However, we are quite not familiar with the pipeline and user—>PoS—>etc interactions.
Could someone explain, please:
What process is happening after card is submitted to PoS terminal? (Interactions with GPay/Wallet and our backend).
Any information is appreciated!
For the Google Pay Passes side the protocol to transmit loyalty card payload through NFC is called Smart Tap. The design is as follows:
The phone with Google Pay and loyalty passes (enabled with Smart tap) loaded into the wallet is tapped on the terminal.
The terminal through Smart Tap Protocol presents a unique collector ID and signed information to the Google Pay app.
The Google Pay app uses this signed information to verify the identity of the terminal and that collector id is used to determine which passes it transmits.
Google Pay transmits the pass payload through Smart Tap from the wallet.
The terminal then decrypts the payload and passes upstream, to the POS.
The best way to think about NFC transmission is as an encrypted alternative to transmitting a value using barcode.
I am working on a project where i want to emulate Credit/Debit card using pn532 NFC module.
I tried to find out the protocol to in which i can send the credit/debit information to the Credit/debit card reader. I tried to search about this but didn't get proper document.
I need help on this.
What all information should i send to reader?
Exchange protocol in Credit card emulation mode.
You can find an explanation of how to put a PN532 into card emulation mode in this answer.
The protocols for (contactless) credit cards are specified by EMVCo. You can find their specifications on their website.