Thursday, 29 August 2013

NFC near field communication

What is NFC?

Near Field Communication (NFC) technology makes life easier and more convenient for consumers around the world by making it simpler to make transactions, exchange digital content, and connect electronic devices with a touch.

Near Field Communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 4cm or less to initiate a connection. NFC allows you to share small payloads of data between an NFC tag and an Android-powered device, or between two Android-powered devices.

Tags can range in complexity. Simple tags offer just read and write semantics, sometimes with one-time-programmable areas to make the card read-only. More complex tags offer math operations, and have cryptographic hardware to authenticate access to a sector. The most sophisticated tags contain operating environments, allowing complex interactions with code executing on the tag. The data stored in the tag can also be written in a variety of formats, but many of the Android framework APIs are based around a NFC Forum standard called NDEF (NFC Data Exchange Format).

NFC Basics
This document describes how Android handles discovered NFC tags and how it notifies applications of data that is relevant to the application. It also goes over how to work with the NDEF data in your applications and gives an overview of the framework APIs that support the basic NFC feature set of Android.
Advanced NFC
This document goes over the APIs that enable use of the various tag technologies that Android supports. When you are not working with NDEF data, or when you are working with NDEF data that Android cannot fully understand, you have to manually read or write to the tag in raw bytes using your own protocol stack. In these cases, Android provides support to detect certain tag technologies and to open communication with the tag using your own protocol stack.

A standards-based connectivity technology, NFC harmonizes today's diverse contactless technologies, enabling current and future solutions in areas such as:  
  • Access control
  • Consumer electronics
  • Healthcare
  • Information collection and exchange
  • Loyalty and coupons
  • Payments
  • Transport

Developers can learn more about NFC in the section on interoperability.

Key Benefits of NFC

NFC provides a range of benefits to consumers and businesses, such as:
  • Intuitive: NFC interactions require no more than a simple touch
  • Versatile: NFC is ideally suited to the broadest range of industries, environments, and uses
  • Open and standards-based: The underlying layers of NFC technology follow universally implemented ISO, ECMA, and ETSI standards
  • Technology-enabling: NFC facilitates fast and simple setup of wireless technologies, such as Bluetooth, Wi-Fi, etc.)
  • Inherently secure: NFC transmissions are short range (from a touch to a few centimeters)
  • Interoperable: NFC works with existing contactless card technologies
  • Security-ready: NFC has built-in capabilities to support secure applications

Friday, 16 August 2013

Secure E-Mail Services Shuttered over Fears of Government PRISM Reprisals

Secure E-Mail Services Shuttered over Fears of Government PRISM Reprisals

Image courtesy of Bev Sykes, via Flickr
Revelations of the U.S. National Security Agency’sPRISM program continue to have worldwide ripple effects. Nearly two months after U.S. federal prosecutors charged NSA whistleblower Edward Snowden with espionage and theft of government property for blowing the lid off of the clandestine surveillance program, the company that secured Snowden’s electronic communications with journalists and international officials has shut down its encrypted e-mail services.
Texas-based Lavabit LLC announced August 8 that it was suspending operations due to unspecified legal pressures. The move prompted another company, Silent Circle, to likewise drop its own encrypted e-mail service on August 9 before becoming the target of similar legal scrutiny. Meanwhile, concerns over the NSA’s snooping have prompted the opposite reaction in Germany, where two of that country’s biggest Internet service providers—Deutsche Telekom AG and United Internet AG—say they will now encrypt customers’ emails by default.
In a note posted to Lavabit’s homepage, owner and operator Ladar Levison suggested that a long, secretive turn of events led to his decision to scuttle the service. “As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests,” the site says. He also notes that, a “favorable decision” by the Fourth Circuit Court of Appeals would allow him to “resurrect Lavabit as an American company.”
Levison launched Lavabit in 2004 under the name Nerdshack. By 2009 the site boasted 140,000 registered users with more than 260,000 email addresses. Most of those accounts belonged to individual users, although the company did provide corporate e-mail services to about 70 companies.
Lavabit developed its secure e-mail platform around asymmetric encryption. This means that incoming e-mail messages were encrypted before being saved on the company’s servers and could be decrypted only by someone with a password for that e-mail account.
Most e-mail programs support encryption via Secure Sockets Layer (SSL) protocol, developed in the mid-1990s as a cryptographic tool to encode communications over TCP/IP networks. SSL uses a cryptographic system with two keys—a public key to encrypt the data and a private key, known only to a message’s recipient, to decipher it. SSL encrypts messages sent from the user’s machine to their ISP. As messages move through the core of the Internet, they are usually unencrypted, however. “Unless somebody is doing something intentionally to put encryption on the messages, the messages are decrypted at each hop along the way and are visible there,” cryptographer Paul Kocher, president and chief scientist of Cryptography Research,recently told Scientific American.
Silent Circle posted a note to its homepage Friday implying the company has shut down its secure Silent Mail service—which encrypts messages sent between Silent Circle customers—before being forced to comply with any government subpoenas, warrants, security letters or other legal demands for customer information. Phil Zimmermann, creator of the Pretty Good Privacy (PGP) program to encrypt and decrypt e-mail messages, co-founded the Washington, D.C., company, which claims to have its network located in Canada.
Silent Circle points out in the same note that its “end-to-end” cryptography meant that it had “nil” exposure to customer data. Yet the company’s FAQ states that, if the company is managing a client’s encryption keys (the other option would be for customers to manage their own keys), then Silent Circle can hand over client messages to law enforcement when legally compelled to do so. Silent Circle will continue to offer secure voice and text services because it has control over the infrastructure supporting them and can guarantee that messages were not intercepted or tampered with en route, the BBC reported Friday.
Zimmerman’s company apparently anticipated run-ins with the law. A Web page recounting Silent Circle’s history states: “We believe in honest transparency, and protecting individual and business privacy. We will post the requests we get from Government, Law Enforcement and worldwide legal entities for users data.” It goes on to declare: “We know that we’ll have a target painted on us from day one.”
The NSA crafted PRISM as a means for collecting data on people suspected of plotting terrorist attacks, spying or other forms of malfeasance. The government claims that information gathered via PRISM has disrupted dozens of potential terrorist attacks. Yet the program’s legacy is having other, likely unintended consequences on electronics communication. Lavabit’s Levison notes that, unless changes are made to current U.S. surveillance policies, “I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.”