The present application claims priority to European Patent Application 16188740.1 filed by the European Patent Office on 14 Sep. 2016, the entire contents of which being incorporated herein by reference.
The present disclosure relates to an NFC device and to a reader/writer device. The present disclosure relates further to a method for authorizing an update of a NFC device and to a method for performing an update of a NFC device.
An NFC (Near Field Communication) tag device, as one embodiment of an NFC device, is an embedded device with NFC interface (also called communication unit herein). An external NFC reader device, as one embodiment of a reader/writer device, can send specific commands to invoke functions on the NFC tag device, for example to read or write memory cells. Memory cells can also be modified by the microprocessor built into the NFC tag device. Functionality can be built into the NFC tag device to accept new command code through the NFC interface, for example to replace the existing command code with a different version. Such update can modify the future behavior of the NFC tag device and may even lead to rendering the device unusable. It is thus important that command code updates are reliably authorized, e.g. can only be performed by the legitimate owner of the device.
The “background” description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventor(s), to the extent it is described in this background section, as well as aspects of the description which may not otherwise qualify as prior art at the time of filing, are neither expressly or impliedly admitted as prior art against the present disclosure.
It is an object to provide an NFC device and a reader/writer device that ensure that updates of command code of the NFC device is authorized and that malicious modifications are prevented.
It is a further object to provide a corresponding method for authorizing an update of a NFC device and a corresponding method for performing an update of a NFC device as well as a corresponding computer program for implementing said methods and a non-transitory computer-readable recording medium for implementing said methods.
According to an aspect there is provided an NFC device comprising:
According to a further aspect there is provided a reader/writer device comprising
According to a further aspect there is provided a method for authorizing an update of an NFC device comprising
According to a further aspect there is provided a method for performing an update of an NFC device comprising
According to still further aspects a computer program comprising program means for causing a computer to carry out the steps of the method disclosed herein, when said computer program is carried out on a computer, as well as a non-transitory computer-readable recording medium that stores therein a computer program product, which, when executed by a processor, causes the method disclosed herein to be performed are provided.
Embodiments are defined in the dependent claims. It shall be understood that the disclosed methods, the disclosed computer program and the disclosed computer-readable recording medium have similar and/or identical further embodiments as the respective claimed devices, as defined in the dependent claims and/or as disclosed herein.
One of the aspects of the disclosure is to require that, in case of command code updates sent to a dynamically updateable NFC device, the sender (i.e. another NFC device, in particular the reader/writer device, such as an NFC reader device) needs to provide a checksum, such as a cryptographic hash value, that is computed over at least part of the command code version that is the actual command code version of the respective function unit of the NFC device and this shall be replaced (i.e. updated). If the NFC device computes the same checksum (e.g. the same cryptographic hash value) over its presently active (i.e. actual) command code version then the update is authorized and accepted, otherwise it is rejected.
In this context, an NFC device shall be understood broadly as any user device that is able to communicate via NFC. Such NFC devices may include, but are not limited to, an NFC tag device, a wearable user device or an IoT (Internet of Things) device which senses data and transmits it to an external device.
The foregoing paragraphs have been provided by way of general introduction, and are not intended to limit the scope of the following claims. The described embodiments, together with further advantages, will be best understood by reference to the following detailed description taken in conjunction with the accompanying drawings.
A more complete appreciation of the disclosure and many of the attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings, wherein:
Referring now to the drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views,
The embodiments described in the following will be explained by referring to an application scenario, in which the NFC device is an NFC tag device (as e.g. used in a smart card, such as a Felica card) or an NFC chip (as e.g. embedded in a smartphone) and in which the reader/writer device is a NFC reader/writer for reading/writing such an NFC tag device or NFC chip. The present disclosure is, however, not limited to such application scenarios, but may generally be used with different kinds of wearable user devices and corresponding reader/writer devices, using e.g. other communication interfaces than NFC (e.g. Bluetooth or WiFi).
The NFC device 1 comprises a function unit 10 configured to execute a function based on related command code. The function unit 10 may e.g. be a sensor unit or a processor that are performing a respective function based on dedicated command code, which is stored in a storage unit 11. A communication unit 12 is provided to communicate with the reader/writer device 20, e.g. using NFC, Bluetooth, WiFi or any other communication technology. A processing unit 13 is provided to perform a particular processing if an update of the (active) command code of the function unit 10 shall be made by the reader/writer device 20. Generally, the processing unit 13 calculates a checksum over at least part of the command code, compares the calculated checksum with a checksum received from the reader/writer device and authorizes the update if the received checksum matches the calculated checksum, in particular only if the received checksum matches the calculated checksum. More details of a preferred embodiment of the processing will be explained below with reference to
The reader/writer device 2 comprises a storage unit 20 configured to store command code used by the NFC device 1 to execute a function, and/or a command code indicator indicating the command code, and/or a checksum over at least part of the command code. A communication unit 21 is provided to communicate with the NFC device 1, i.e. it uses the same communication technology as the communication unit 12 of the NFC device 1. A processing unit 22 is provided to perform a particular processing if an update of the command code of the function unit 10 of the NFC device 1 shall be made by the reader/writer device 20. Generally, the processing unit 22 calculates a checksum over at least part of the stored or indicated command code or to retrieve the stored checksum from the storage unit. The communication unit 21 transmits the checksum to the NFC device 1 and transmits new command code to the NFC device 1 for updating the command code if an authorization of the update is received from the NFC device 1. More details of a preferred embodiment of the processing will be explained below with reference to
One example of using the NFC user device as an NFC tag device would be to represent a temperature value sensed by the NFC tag device. The command code that determines the functionality of the NFC tag device is typically generated and provisioned at manufacturing time. However, functionality can also be built into the NFC tag device to accept new command code through the NFC interface, for example by implementation of specific NFC interface commands to replace the existing command code with a different version. Such update can modify the future behavior of the NFC tag device and may even lead to rendering the device unusable. It is thus important that command code updates are reliably authorized, e.g. can only be performed by the legitimate owner of the device, which is addressed by the present disclosure.
As shown in
In step S4 the received hash value and the computed hash value are compared by the NFC device 1 to check if they match. If they match, an acknowledgement notice (e.g. an OK message) is transmitted in step S5 to the reader/writer device 2. If they do not match, the process is ended in step S6 and optionally a non-acknowledgement notice (e.g. an NOT-OK message) is transmitted in step S7 to the reader/writer device 2.
In step S8 the reader/writer device 2 checks if it received an acknowledgement notice. If not (or if a non-acknowledgement notice has been received), the process is ended in step S9. If it received an acknowledgement notice, it transmits new command code for updating the currently active command code to the NFC device 1 in step S10 using an implemented communication technology, e.g. NFC. In step S11 the NFC device 1 activates the new command code, i.e. updates the currently active command code by replacing it with the received new command code, which is also stored in the storage unit 11 and from now on used by the function unit 10.
Compared to the first embodiment, the NFC device 3 comprises two or more (in this example three) function units 10A, 10B, 10C, which are each configured to execute a respective function based on related command code. Such function units may include one or more of a temperature sensor, a humidity sensor, a light sensor, an acceleration sensor, etc. Further, all sorts of communication capability units like WiFi, cellular radio, LoRa (Long Range), etc. may be used. The storage unit 10′ of the reader/writer device 4 comprises separate entries A, B, C for the different function units 10A, 10B, 10C, in which, per function unit, the command code used by the NFC device 1 to execute a function, and/or a command code indicator indicating the command code, and/or a checksum over at least part of the command code is stored.
The methods according to the second embodiment as shown in
It shall be noted that generally the storage unit 20, 20′ of the reader/writer device 2, 4 may store a local copy of command code that is active at the NFC device 1, 3. However, alternatively, the storage unit 20, 20′ stores an indicator to the local copy of the command code, that may actually be stored somewhere else, e.g. on a server or another external memory. Hence, if an update shall be made, the corresponding indicator is taken from the storage unit 20, 20′ and used to retrieve the corresponding command code, which is then used for calculating the checksum.
In another embodiment, the storage unit 20, 20′ stores only the checksum of the command code that is currently active at the NFC device 1, 3. This checksum may be computed at the reader/writer device 2, 4 each time a new command code is activated at the NFC device 1, 3 and is then stored in the storage unit 20, 20′. If an update shall be made, the corresponding (previously computed) checksum is then taken from the storage unit 20, 20′ (in step S1) and transmitted to the NFC device 1, 3 in step S2 for subsequent use as described above.
Examples of functionality changes that can be achieved by command code updates of a same embedded device (i.e. the NFC device) with a temperature sensing capability are the realization of a temperature sensor device (as an example of a function unit) that returns the current temperature to an NFC-enabled smartphone whenever touched, a temperature logger device that returns historical temperature values, or a device that returns time intervals during which a critical temperature was exceeded.
A further embodiment concerns the ability to update the command code of different function units on the embedded device. For example, the embedded device may have NFC and another wireless radio frequency communication unit such as Bluetooth, and the desire is to update, through NFC, the command code of the Bluetooth communication unit (as one function unit) independently from the command code that realizes the NFC functionality (representing another function unit). This can be achieved by selecting a function unit e.g. with appropriate metadata when providing the checksum (e.g. a cryptographic hash value) for authentication.
The disclosed verification process is rather simple and does not require any preset shared secret. The only requirement is that both the sender and receiver apply the same checksum function (e.g. cryptographic hash function), for example the commonly known SHA-256 algorithm, or one of SHA-384, SHA-512, SHAKE128, SHAKE256 algorithms. If such a dynamically updatable wearable user device, e.g. an NFC tag device, is manufactured and distributed with an empty or documented command code version, the customer can easily provide its own command code version and thereby take ownership of the device for any future updates.
Thus, malicious modifications are avoided by providing that an update of command code is only possible as explained above, in particular by the legitimate owner of the NFC device (who preferably is also the owner of the reader/writer device) or by a person/entity who is authorized to update the function. Another domain of application of the present disclosure is in the field of IoT scenarios, in which the update of home sensors without the need to expose them to the Internet can be achieved. Even for Internet connected sensors it could be advantageous to perform updates through a local interface instead of the public Internet with a much larger attack vector.
Thus, the foregoing discussion discloses and describes merely exemplary embodiments of the present disclosure. As will be understood by those skilled in the art, the present disclosure may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. Accordingly, the disclosure of the present disclosure is intended to be illustrative, but not limiting of the scope of the disclosure, as well as other claims. The disclosure, including any readily discernible variants of the teachings herein, defines, in part, the scope of the foregoing claim terminology such that no inventive subject matter is dedicated to the public.
In the claims, the word “comprising” does not exclude other elements or steps, and the indefinite article “a” or “an” does not exclude a plurality. A single element or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
In so far as embodiments of the disclosure have been described as being implemented, at least in part, by software-controlled data processing apparatus, it will be appreciated that a non-transitory machine-readable medium carrying such software, such as an optical disk, a magnetic disk, semiconductor memory or the like, is also considered to represent an embodiment of the present disclosure. Further, such a software may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems.
The elements of the disclosed devices, apparatus and systems may be implemented by corresponding hardware and/or software elements, for instance appropriated circuits. A circuit is a structural assemblage of electronic components including conventional circuit elements, integrated circuits including application specific integrated circuits, standard integrated circuits, application specific standard products, and field programmable gate arrays. Further a circuit includes central processing units, graphics processing units, and microprocessors which are programmed or configured according to software code. A circuit does not include pure software, although a circuit includes the above-described hardware executing software.
It follows a list of further embodiments of the disclosed subject matter:
1. An NFC device comprising:
2. The NFC device as defined in embodiment 1,
3. The NFC device as defined in any preceding embodiment,
4. The NFC device as defined in any preceding embodiment,
5. The NFC device as defined in any preceding embodiment,
6. The NFC device as defined in embodiment 5,
7. The NFC device as defined in any preceding embodiment,
8. The NFC device as defined in any preceding embodiment,
9. A method for authorizing an update of an NFC device, the method comprising:
10. A reader/writer device comprising:
11. The reader/writer device as defined embodiment 10,
12. The reader/writer device as defined in any one of embodiments 10 to 11,
13. The reader/writer device as defined in any one of embodiments 10 to 12,
14. The reader/writer device as defined in any one of embodiments 10 to 13,
15. The reader/writer device as defined in embodiment 14,
16. The reader/writer device as defined in any one of embodiments 10 to 15,
17. The reader/writer device as defined in any one of embodiments 10 to 16,
18. A method for performing an update of an NFC device, the method comprising:
19. A non-transitory computer-readable recording medium that stores therein a computer program product, which, when executed by a processor, causes the method according to embodiment 9 or 18 to be performed.
20. A computer program comprising program code means for causing a computer to perform the steps of said method according to embodiment 9 or 18 when said computer pro-gram is carried out on a computer.
Number | Date | Country | Kind |
---|---|---|---|
16188740 | Sep 2016 | EP | regional |
Number | Name | Date | Kind |
---|---|---|---|
9811644 | Ahmed | Nov 2017 | B1 |
10277283 | Tiedemann | Apr 2019 | B2 |
10511972 | Nagamatsu | Dec 2019 | B2 |
20050073417 | Mathewson, II | Apr 2005 | A1 |
20120092137 | Buscemi | Apr 2012 | A1 |
20120280783 | Gerhardt | Nov 2012 | A1 |
20120322370 | Lee | Dec 2012 | A1 |
20120322371 | Lee | Dec 2012 | A1 |
20140227976 | Callaghan et al. | Aug 2014 | A1 |
20150072616 | Rong | Mar 2015 | A1 |
20150082427 | Ivanchykhin | Mar 2015 | A1 |
20150116095 | Chadbourne | Apr 2015 | A1 |
20150134970 | Jang et al. | May 2015 | A1 |
20150188712 | Teuwen | Jul 2015 | A1 |
20150261521 | Choi | Sep 2015 | A1 |
20150318894 | Shimohata | Nov 2015 | A1 |
20160106070 | Schreurs | Apr 2016 | A1 |
20160275492 | Brickell | Sep 2016 | A1 |
20160360417 | Lee | Dec 2016 | A1 |
20160364223 | Vandikas | Dec 2016 | A1 |
20170005996 | Yu | Jan 2017 | A1 |
20170035327 | Yuen | Feb 2017 | A1 |
20170171949 | Kim | Jun 2017 | A1 |
20170188238 | Nagamatsu | Jun 2017 | A1 |
20170200031 | McCann | Jul 2017 | A1 |
20170201650 | Mikami | Jul 2017 | A1 |
20170272591 | Odaira | Sep 2017 | A1 |
20180006739 | Kumabe | Jan 2018 | A1 |
20180076855 | Tiedemann | Mar 2018 | A1 |
20180131408 | Austad | May 2018 | A1 |
20180146367 | Altin | May 2018 | A1 |
20180285234 | Degaonkar | Oct 2018 | A1 |
20180293204 | Packer Ali | Oct 2018 | A1 |
20190014176 | Tormasov | Jan 2019 | A1 |
20190311092 | Carey | Oct 2019 | A1 |
Number | Date | Country | |
---|---|---|---|
20190215033 A1 | Jul 2019 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15681511 | Aug 2017 | US |
Child | 16299166 | US |