Signature Record Type Definition


In near field communications the NFC Forum Signature Record Type Definition is a security protocol used to protect the integrity and authenticity of NDEF Messages. The Signature RTD is an open interoperable specification modeled after Code signing where the trust of signed messages is tied to digital certificates.
Signing NDEF records prevents malicious use of NFC tags. For example, smartphone users tapping NFC tags containing URLs. Without some level of integrity protection an adversary could launch a phishing attack. Signing the NDEF record protects the integrity of the contents and allows the user to identify the signer if they wish. Signing certificates are obtained from third party Certificate Authorities and are governed by the NFC Forum Signature RTD Certificate Policy.

How it works

The NDEF signing process

Referring to the diagrams. An author obtains a signing certificate from a valid certificate authority. The author's private key is used to sign the Data Record. The signature and author's certificate comprise the signature record. The Data Record and Signature Record are concatenated to produce the Signed NDEF Message that can be written to a standard NFC tag with sufficient memory. The NDEF record remains in the clear so any NFC tag reader will be able to read the signed data even if they cannot verify it.
Data RecordSignature Record
NDEF RecordSignature, Certificate Chain

The NDEF Verification Process

Referring to the diagram. Upon reading the Signed NDEF Message, the Signature on the Data Record is first cryptographically verified using the author's public key. Once verified, the Author's Certificate can be verified using the NFC Root Certificate. If both verifications are valid then one can trust the NDEF record and perform the desired operation.

Supported certificate formats

The Signature RTD 2.0 supports two certificate formats. One being X.509 certificate format and the other the . The M2M Certificate format is a subset of X.509 designed for limited memory typically found on NFC tags. The author's certificate can optionally be replaced with a URI reference to that certificate or Certificate Chain so that messages can be cryptographically verified. The URI certificate reference designed to save memory for NFC tags.

Supported cryptographic algorithms

The Signature RTD 2.0 uses industry standard digital signature algorithms. The following algorithms are supported:
Signature Type/HashSecurity Strength
RSA_1024/SHA_25680 bits
DSA_1024/SHA_25680 bits
ECDSA_P192/SHA_25680 bits
RSA_2048/SHA_256112 bits
DSA_2048/SHA_256112 bits
ECDSA_P224/SHA_256112 bits
ECDSA_K233/SHA_256112 bits
ECDSA_B233/SHA_256112 bits
ECDSA_P256/SHA_256128 bits

On the security of the Signature RTD

The Signature RTD 2.0's primary purpose is the protect the integrity and authenticity of NDEF records. Thus NFC tag contents using the Signature RTD 2.0 is protected. The security of the system is tied to a certificate authority and the associated Certificate Chain. The NFC Forum Signature RTD Certificate Policy defines the policies under which certificate authorities can operate in the context of NFC. Root certificates are carried in verification devices and are not contained in the signature record. This separation is important for the security of the system just as web browser certificates are separated from web server certificates in TLS.