Forum › MIFARE SDK › Creating app that can read mifare desfire card and then emulate card from phone › Reply To: Creating app that can read mifare desfire card and then emulate card from phone
Hi Bryan,
I can hand-over special questions to one of my colleagues if you want. You can write to our team at: taplinx@nxp.com.
Please let me point it out, why a simple “emulation app” cannot be a solution. If you choose a NXP product, let say a MIFARE DESFire, then you want a reliant product which offers high security and protect your credentials. You can issue it to your end-users and you can be sure, card data cannot be read out if you protect the access. So, you can be confident using the MIFARE DESFire in your business with payment and access systems.
A card emulation app which does not use a Secure Element or other special hardware can be easily installed on any Android device. All credentials reside inside of the app. Please note, any installed Android app can be easily copied to another device. Any Android app can be analyzed easily, and your credentials can be read. Even if you think to encrypt the credential for protecting it, it must be decrypted if you want to use it. This decryption can be analyzed by an attacker and your credentials are lost. So, you would never use such app for payment or access systems.
Therefore, you must use special hardware to protect your data. For a respectable solution you must either take a third-party product or design your own wristband with a NXP NFC reader with a combined Secure Element. In this case you are the product owner and able to create a virtual MIFARE DESFire on this hardware. This approach is serious and secure.
The TapLinx team
I can hand-over special questions to one of my colleagues if you want. You can write to our team at: taplinx@nxp.com.
Please let me point it out, why a simple “emulation app” cannot be a solution. If you choose a NXP product, let say a MIFARE DESFire, then you want a reliant product which offers high security and protect your credentials. You can issue it to your end-users and you can be sure, card data cannot be read out if you protect the access. So, you can be confident using the MIFARE DESFire in your business with payment and access systems.
A card emulation app which does not use a Secure Element or other special hardware can be easily installed on any Android device. All credentials reside inside of the app. Please note, any installed Android app can be easily copied to another device. Any Android app can be analyzed easily, and your credentials can be read. Even if you think to encrypt the credential for protecting it, it must be decrypted if you want to use it. This decryption can be analyzed by an attacker and your credentials are lost. So, you would never use such app for payment or access systems.
Therefore, you must use special hardware to protect your data. For a respectable solution you must either take a third-party product or design your own wristband with a NXP NFC reader with a combined Secure Element. In this case you are the product owner and able to create a virtual MIFARE DESFire on this hardware. This approach is serious and secure.
The TapLinx team
+ 0
|
- 0