New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use cases for emulating passive NDEF tags #142
Comments
Is it possible describing this use case in a step-by-step-fashion? |
Same idea here !
The goal is to avoid having a native app and use browser to broadcast ticket number. |
@TMesot It it [quite] possible that I completely misunderstand the plot, but it seems that the ticket page is on a PC (in most cases). This use case has already been dismissed and PC vendors have [accordingly] ceased supporting NFC as well. |
Or do you mean that you buy via the mobile and then get something persistant (a cookie?) in return allowing you later use that with NFC? To me it sounds like a rather quirky solution where you manually have to get back to the purchase page. I would consider a more thought-through solution where you buy with the mobile browser, but use the resource with a generic ticket app. It should work for door locks as well. This requires a protocol and filtering so that only the right receiver gets the ticket. |
My idea for the HCE use case looks a bit different:
The basic idea is as long as the current webpage is open and in the foreground the browser can leverage the HCE implementation of the webpage. If you add the ticket id to the emulated card combined with an offline first PWA the complete access control solution would also work offline but security would be difficult to implement. |
This scheme has effectively already been solved through QR codes. It is used by airlines all over the world. You can surely do a sleeker and more efficient system using NFC, but WebNFC doesn't seem like the right tool for such work. A remaining problem with HCE, is that (for example) executing EMV inside of a browser introduces security issues since EMV was designed to be carried out in certified terminals. Note: there ARE things to be done here but it requires new protocols that are designed for the Web. The recently announced W3C WebAuthentication system is an example of that. The traditional smart card never made it on the Web which caused Google and some other entities to design a system which is compliant with the "Web Security Model". I believe this system (which also supports NFC), actually could be used "as is" for your application. That is, a ticket would be a cryptographic key for exclusive consumption by s specific domain. Yes, WebAuthentication may even have solved the disposable hotel door key problem and that using no additional software or hardware on the client side! It would work off-line as well. |
@cyberphone For us the HCE is not needed in our use case, we don't need the security needed by smartcard. The goal is only to broadcast an unique id which is validated server side by the NFC reader. QRCode works fine but you need people increase screen brightness and a good camera. With NFC, you could be able to do it whatever the environment condition are. |
@TMesot @lcarcone The WebAuthentication folks spent years on creating a "Smart card for the Web". Probably for a reason. Related: http://www.atimes.com/article/china-launch-e-id-cards-citizens-via-phone-qr-codes/ |
We just implemented NFC scanning for our Web Wallet here https://github.com/linuxserver/nano-wallet/ (thanks for all the work in the web-nfc project) Given the major use case of people transferring funds phone to phone using insecure text data ( in this case just a string containing the destination address and amount) being able to broadcast a tag from the same interface as well as scan them is extremely useful if planning to completely replace QR codes with NFC for the transaction workflow. If you are not familiar with the process or other payment platforms like WeChat pay you can see a basic demo here: |
Would it be possible to bring HCE to the web and emulate NFC Forum compliant tags?
One of many use cases would be access control in cinemas: Users can buy cinema tickets online and use their smartphone to check-in in the cinema area by touching a NFC reader device without having to install an native app.
The text was updated successfully, but these errors were encountered: