Since 1992, Legic is driven by the vision to enhance a secure and simpler everyday life for people and organisations. The company represents an international network of companies and experts for contactless people identification and designs hardware, software and services for ID applications from access control, time & attendance and cashless payment through to biometrics and eTicketing. At the Sicherheit 2013 trade fair in Zurich, Heiko Baumgartner did talk to ­Oliver Burke, Legic's Vice President Corporate Projects, about three letters that make the headlines again: NFC. Oliver Burke started his smart card career in 1999. His expertise is recognized within the industry and his passion for developing strategies, new markets and regions is well known. Prior to his commitments at Legic, ­Oliver Burke belonged to the executive management team of Bell ID.

GIT-SECURITY.com: As simple as these three letters NFC may sound, as vast are the possible uses of this technology. What possible usage do you see for NFC in the security field?

Oliver Burke: Near Field Communication now is an internationally recognised technology for the contactless exchange of data. The technology was already making its advance in 2007, only it couldn't assert itself at the time because the mobile telephone industry was occupied trying to find an answer to the iPhone. Right from the start, we believed that this novelty would take hold, which is why Legic made its reader chips in the 2000 and 4000 series NFC-abled as early as 2007. This strategy paid off, and today nearly all smartphones are equipped with NFC and even iPhones can easily become NFC-abled with sleeve solutions. With this technology, smartphones become multi-purpose employee IDs which open doors or pay for snacks. Now it is possible to safely and easily integrate time & attendance recording and access control into the daily business processes using NFC.

The idea of being able to do with a mobile telephone everything you can do with a contactless chip card is not new. What happened on the technology side that made NFC usable for security applications?

Oliver Burke: An important factor was the implementation of mobile eco-systems by Mobile Network Operators (MNOs). Nearly all MNOs have developed so-called MNO Trusted Service Management (TSM) services in recent years, which make it possible to use the SIM as a secure element. This is an important technical pre-requisite for encoding and securely storing security-critical applications such as payment or ID applications in the smartphone. Vodafone, Deutsche Telekom, Telefonica, AT&T, Verizon, Sprint and Swisscom have already adopted these MNO TSMs or will be putting such systems into operation in the near future. In general, MNOs provide a wallet which allows the end user to switch between different NFC services.

What service do you offer your partners to take advantage of the NFC technology for their products and service?

Oliver Burke: We are developing Legic IDConnect, a cloud-based Trusted Service Platform which allows our partners and end users to use contactless card applications via NFC-abled smartphones. We have carried out our own trial to gain feedback in dealing with NFC and got a better idea of end users' experience. With IDConnect we are going a step further. Legic IDConnect automates handling with NFC. It makes using NFC "a walk in the park". Integrators, application providers and end users will be able to easily and securely implement NFC smartphones into their current business processes. IDConnect users are spared from lengthy proceedings and integrations with the different MNOs and this allows broad NFC use in the ID environment.

Can you give us an example for an IDConnect project?

Oliver Burke: In Switzerland, we have just announced the cooperation between Swisscom and Legic. As the biggest Swiss mobile service provider, Swisscom is working hard to develop a platform for NFC services of different card issuers under the name "Tapit". With IDConnect, it is possible to enable all kinds of additional applications on Tapit-smartphones. Furthermore, with Kaba, we have a first partner for access control, hospitality and time & attendance applications. Kaba will link its products to Legic IDConnect and therefore make the usage of NFC for any Kaba customer a matter of a simple product update. This means that users of Kaba solutions can also use their smartphone e.g. to gain access to the building. Kaba was our first partner, but the Legic IDConnect platform is open for other application providers and partners who will gradually be connected.

A difficult question: How ­secure is NFC technology?

Oliver Burke: NFC devices can function in three different ways. In the simple reader/writer mode, it is possible for smartphone users to read and write information on a contactless NFC tag. This mode does not contain any secure element, the application's focus is on simply making information available, for example an internet address or a business card.
The NFC Peer-to-Peer mode builds a bidirectional data connection between two NFC devices. This mode relies on the security of the phone apps which want to exchange data. But the card emulation mode works with installed reader infrastructure in the same way as existing cards. In this mode, a high level of security is achieved by using so called secure elements - specially secured chips in the phone.

What are the benefits for the end users that use NFC technology like it is used in your IDConnect projects?

Oliver Burke: They can rely on the existing infrastructure but with improved user-friendliness. As mentioned before, security is improved through quick remote wipe if the phone is lost. Forgotten badges are past, a dynamic, real-time allocation of segments and rights are today's technology. The deletion or alteration of rights via the phone network is secure and extremely easy for the administrators. Imagine how easy it is to give temporary access rights to temporary employees or external workers. Two mouse clicks and the administrator can grant temporary access via a smartphone.

What are the benefits for the end users that use NFC technology?

Oliver Burke: The biggest advantage of NFC is to use existing reader infrastructure but with the improved user-friendliness of a mobile device. The alteration of credentials via the phone network is extremely easy for the administrators. Imagine how easy it is to give temporary access rights to temporary employees or external workers. Two mouse clicks and the administrator can grant temporary access via a smartphone. This also helps to increase security, because credentials could be given on demand-only and could also be disabled remotely after use.

We have to ask again. How secure is this?

Oliver Burke: We use the most secure element of the smartphone - the SIM. The SIM is the No. 1 security element in smartphones. It is the place where the MNO store their information and which is trusted by the banks for their banking transactions.