

Tagstand Relaunches NFC Task Launcher App, Makes NFC Way Less Geeky - kul
http://techcrunch.com/2012/03/23/tagstand-relaunches-nfc-task-launcher-app-makes-nfc-way-less-geeky/

======
dm8
On a side note, I was reading that article from Android phone and immediately
searched for their app. Surprisingly, Google Market/Play didn't return any
results. Is search broken on Market/Play (especially when accessed from
phone/tablet)? Because most of the times I search from their web based store
and download from over the air push.

By the way, congrats for releasing the app.

~~~
kul
hmm, just searched on my android using Google Market and it shows up, a long
with a free version. what were your search terms?

~~~
dm8
I searched for "NFC Task", I guess I had forgotten "launcher".

I searched once again with same term and it doesn't return your app. It
returns totally unrelated apps and only one related to NFC.

And now I searched for "NFC Task Launcher", it returns some app called
"Tasker". Ha!

However, on the web it always returns your app as first result.

~~~
kul
super weird - can you email us with screenshots to info@tagstand.com please?

------
fidotron
This looks completely brilliant! The potential for something like home
automation is immense.

~~~
kul
Thank you - car automation is happening too:
[https://twitter.com/#!/paulwcarlton/status/18294979680862208...](https://twitter.com/#!/paulwcarlton/status/182949796808622080)

------
ericwu01
Congrats Kul, solid work.

~~~
kul
Thanks Eric.

------
jcarden
Nice job Kul. Way to go.

~~~
kul
merci

------
drivebyacct2
Clicked the link, alt-tabbed and got concerned as my computer nearly crashed,
silly TechCrunch.

I got really excited about NFC before realizing that it's hard to use them for
security very well. Found some terrifying things out about the RFID cards that
my University (and apparently military bases) use for security (basically
they're trivially cloneable), and further, with enough determination and not a
whole lot of effort, most NFC "security" implementations are hardly secure at
all. Even more sad, to get anything close to a PKI setup, you have to move up
to non-contact-less "SmartCards".

If you're willing to make compromises you could do somethings with TagStand's
Ultralight C tags, hoping to do something with them soon as I've got a bag of
them on my desk.

(Not to be off topic, sorry, this is related in that Tagstand is trying to
"bring NFC to the masses" and (maybe erroneously) I had assumed they could
have access/auth uses).

~~~
kul
What sort of security implementations were you thinking of? There are
companies out there aggressively working towards "uncloneable" cards and such.

Secure elements for payments I think are pretty secure, more secure than
credit cards at least.

Edit: here's one company that claims to it:
<http://www.verayo.com/products/unclonable-rfid>

~~~
drivebyacct2
I have come up with three different ideas:

\- Ultralight tags (fun because there are cheap wristbands out there that look
fairly normal and have these embedded). You could use some sort of HMAC to
encrypt a message that is based on the unique ID of the Ultralight tag. The
reader could verify that the data on the tag is the encrypted message
corresponding to that tag's ID. This is broken if anyone decides to clone a
tag down to the serial ID. This would require custom tag fabrication or a
misbehaving supplier.

\- Ultralight C tags: 3DES encryption [skipping details] you could have better
prevention of cloning the tag. Unfortunately, 3DES encryption is symmetric and
if anyone can access the reader, they can remove the key and again clone a
tag. (This is how HID Class RFID cards work except they don't use 3DES and
there are at least 3 ways of easily retrieving the master key)

\- SmartCard: Actual PKI with assymetric encryption so that someone can
provide a challenge and the SmartCard can provide the proper response. Again,
sadly, contactless cards and they're expensive.

Other than that, I'm out of ideas. I'm a tinkerer and a student. The thing
you've linked to looks like some sort of PKI in that there is a
challenge/response scenario going on.

All of this is information I've gleaned from Wikipedia over the past weekend
and I would love to be corrected if I am wrong, even if it needs to take place
somewhere other than this thread.

