Phone and credit card may soon become phone or credit card thanks to near field communication (NFC). And that's just the beginning — NFC could very well usher in the long anticipated "Internet of Things."
For the layperson, how does NFC work?
Tom Igoe: NFC is basically a form of radio communication, but it uses very low-power radios. It's related to radio-frequency identification (RFID) as well.
In its simplest form, you have two electronic devices. Each has a battery, a radio, and a processor on-board. One sends a stream of data to the other, and the other responds. They transmit with such low power that the signal is lost after only a few inches. So in order for them to communicate, you have to basically touch them together.
RFID can also be classified as Near Field Communication, though not all forms of RFID use the same data protocols as NFC devices. RFID comes in two flavors: active and passive.
Active RFID works just as NFC does: two powered devices, two radios, and a transmission between them. The range doesn't need to be short; it can be as long as you have power to transmit. The EZ-Pass system you see on toll roads is a good example of active RFID — it can cover several meters.
Passive RFID, on the other hand, is generally very short range, because there is only one powered device. The RFID reader sends out a radio signal. When an RFID tag is in range, it receives the signal, and uses the energy of the radio transmission to power itself. The amount of energy isn't great, so the RFID tag can only power itself long enough to send a signal back to the reader, then it shuts down.
How significant will NFC technology be in the coming years?
Brian Jepson: NFC, coupled with RFID tags, creates a really cool channel for devices and objects to talk to one another. Tom and I have done lots of freaky projects with Bluetooth, XBee/ZigBee, Wi-Fi — all things that communicate over a reasonable distance. But NFC and RFID give us the ability to have objects that are close to one another talk to each other. And one thing I love is that the RFID side of the equation lets un-powered objects — anything you can embed a tag in — play in this game of networked objects.
That, to me, is the starting point for all this. I don't want to worry about whether NFC payments are going to take off, or if NFC will replace the business card. What I love about this is that it gives us another way for objects to participate in the "Internet of things."
Are there any impressive or unique ways that NFC is being used right now?
Jepson: There's one story that seems to dominate the headlines, and that's about using NFC for payments. But for me, the more interesting application is replacing QR codes. Imagine you're standing outside a restaurant, and there's a sticker in the window with a QR code that takes you somewhere for reviews. How long does that take? Half a minute to fire up your QR code scanner, two minutes of cursing because there's not enough light or there's glare on the glass, and when you eventually get it working, your friends have already searched for it on Google and read the reviews. And that's assuming you're enough of a power user to already have an app like Barcode Scanner or Red Laser installed.
Compare that to NFC. I can tap the sign with my Nexus S, and it will fire up the built-in Tags app (see video below), and take me right to the URL. It's really fast. Tap your phone to the thing you want to create a relationship with, and you're done.
NFC security is a concern for some. How well is this issue being addressed?
Igoe: When people ask that question, I find that they haven't done enough research to know why they should be concerned. Why are you not worried about Wi-Fi security? Or mobile phone security? Both of them use the same technology: radio transmission. Yet no one raises concerns about those.
I think the confusion stems from the fact that people think an RFID tag or an NFC device actually contains secret data about them. In fact, most of the time the only data on an RFID tag or NFC device is a serial number. In order for that number to mean anything, it has to be associated with other data in a database, and the database has to be attached to an RFID reader. The same is true of magnetic stripe credit cards — the data is not on the card. It's a serial number that associates that card with your record in the database. It's possible to record more than just the serial number on your card, but in order to extract that information, a more complex transaction involving encryption and passkeys has to happen.
Unlike mag-stripe cards, however, you don't need to swipe an RFID or NFC card through a reader in order to read it. You merely need to bring it within a few centimeters of your reader. So people often ask, "Does that mean you can read my card in my wallet or my purse?" Sure, if you touch your wallet or purse to my reader. But if I get that close to you, I might as well just steal your whole wallet!
Practically speaking, it's as difficult — or more so — to steal your credit card number off your RFID-enabled credit card as it is off your traditional credit card, assuming you handle your card with the same amount of basic caution. Practice some common sense, and you're not in danger.
What are the most significant obstacles NFC faces?
Igoe: The biggest issues at this point are compatibility — there are several different protocols that are incompatible with each other — and documenting the technologies in such a way that industrial designers know how to make them work best. Timo Arnall, Einar Martinussen, and the folks at BERG studios have done some good work on this at nearfield.org.
Jepson: If you were to implement a solution today using RFID, you'd have some good choices at your disposal for secure solutions. However, there are insecure, first-generation — and probably second-generation and beyond — systems still in use that should be replaced.
That said, in our book, we're using some of the oldest RFID tags, the MIFARE Classic 1K. They are vulnerable to attacks, so we don't suggest you use these to store anything sensitive. But we're not trying to show you how to implement a payment or authentication system with this book — although you certainly could use a newer, more secure tag if you were doing something more serious. In the book, the RFID tags are basically being treated like tiny flash disks that don't require electronic contacts to read or write.
Igoe The main reason I'm writing this book is to give people first-hand experience of the technology. Whether it's useless because it's insecure, or it's the greatest thing ever, I hope our writing will give people the tools to evaluate that first-hand rather than to speculate and fear monger.