Signature RTD 2.0 works by specifying the format used when signing NDEF records and provides a list of suitable signature algorithms and certificate types that can be used to create signatures. It adds to the features of Signature RTD Technical Specification 1.0 (published in 2010) by supporting compact certificate formats to accommodate most tag types, and increasing security strength by supporting National Institute of Standards and Technology (NIST) and Federal Office of Information Security (BSI) recommended algorithms. Signature RTD 2.0 is designed to be open to all Certificate Authorities (CA), such as those issuing certificates for Transport Layer Security (TLS).
When NDEF records are signed in accordance with the Signature RTD 2.0 specification, malicious hackers cannot tamper with trusted messages. In addition, the signature record identifies the signer by name, and signers who act in bad faith can have their privileges quickly revoked.
Certificate Authorities TrustPoint Innovation and DigiCert have issued test certificates for Signature RTD 2.0 for NFC Forum interoperability testing of all functionality, including issuing certificates and signing, reading, and verifying tags, as well as all failure modes. The interoperability testing was conducted using applications supplied by NFC Forum members Broadcom, Sony, and TrustPoint Innovation. TrustPoint Innovation and DigiCert are expected to issue production certificates now that the specification has been published.
The Signature RTD Certificate Policy defines the procedural and operational requirements that the NFC Forum expects CAs to adhere to when issuing and managing certificates to create signatures for NDEF messages. The Certificate Policy provides users with the possibility of verifying the authenticity and integrity of data within the NDEF message, and specifies the format used when signing single or multiple NDEF records.
„Secure NFC Tags will be deployed on products to enhance the consumer experience while utilizing smart phones,“ said Sherry Shannon Vanstone, president and CEO, TrustPoint Innovation. „TrustPoint’s new BlackSeal Authenticity Service uses Signature RTD 2.0 to protect consumers from hackers and product manufacturers from counterfeiting. This standard provides a significant foundation for securing the Internet of Things.“
„DigiCert commends the work of the NFC Forum to approve an interoperable standard that helps ensure NFC integrity, and we’re pleased to lend our expertise to help develop and advance this important initiative,“ said Jeremy Rowley, vice president of business development at DigiCert. „The increasingly mobile and connected world in which we operate requires strong authentication and encryption solutions to make sure that consumers and enterprises are protected from fraud as part of a more trustworthy future, and the Signature RTD 2.0 specification is an important step in the right direction.“
„NFC tags are instrumental to a wide range of NFC use cases,“ said Koichi Tagawa, chairman of the NFC Forum. „With just a tap of their mobile phones, consumers can access loyalty offers, special deals, and discounts, read about a wine’s history and vintage before purchase, and experience talking statues that bring history to life. With the publication of the Signature RTD 2.0 specification, NFC developers and users alike can be confident that their interactions with NFC tags are trustworthy and incorporate the most sophisticated encryption methods available. We thank our Security Working Group and Technical Committee for bringing this important specification to fruition.“