The NFC Forum Thursday announced the public availability of the Signature Record Type Definition (RTD) 2.0 technical specification following approval by the Board of Directors. Formerly a candidate technical specification, Signature RTD 2.0 provides developers with a way for users to verify the authenticity and integrity of data within NFC Data Exchange Format (NDEF) messages, the means by which NFC devices and tags exchange information, according to a press release. The specification is available for download from the NFC Forum website.

The NFC Forum said companies are embedding NFC tags in all sorts of products, including smart posters, restaurant menus, event badges, and interactive displays. The integrity of tag data is vital to many NFC tag applications and use cases. Use of Signature RTD 2.0 protects the integrity of URLs for brand owners and users, and it provides added assurance to customers that tag data is authentic, according to the announcement.

Signature RTD 2.0 works by specifying the format used when signing NDEF records and provides a list of suitable signature algorithms and certificate types that can be used to create signatures, according to the announcement. It adds to the features of Signature RTD Technical Specification 1.0 (published in 2010) by supporting compact certificate formats to accommodate most tag types, and increasing security strength by supporting National Institute of Standards and Technology (NIST) and Federal Office of Information Security (BSI) recommended algorithms. Signature RTD 2.0 is designed to be open to all Certificate Authorities (CA), such as those issuing certificates for Transport Layer Security (TLS).

When NDEF records are signed in accordance with the Signature RTD 2.0 specification, malicious hackers cannot tamper with trusted messages, according to the announcement. In addition, the signature record identifies the signer by name, and signers who act in bad faith can have their privileges quickly revoked.

Certificate Authorities TrustPoint Innovation and DigiCert have issued test certificates for Signature RTD 2.0 for NFC Forum interoperability testing of all functionality, including issuing certificates and signing, reading, and verifying tags, as well as all failure modes. The interoperability testing was conducted using applications supplied by NFC Forum members Broadcom, Sony, and TrustPoint Innovation. TrustPoint Innovation and DigiCert are expected to issue production certificates now that the specification has been published.

The Signature RTD Certificate Policy defines the procedural and operational requirements that the NFC Forum expects CAs to adhere to when issuing and managing certificates to create signatures for NDEF messages. The Certificate Policy provides users with the possibility of verifying the authenticity and integrity of data within the NDEF message, and specifies the format used when signing single or multiple NDEF records.

"Secure NFC Tags will be deployed on products to enhance the consumer experience while utilizing smart phones," said Sherry Shannon Vanstone, president and CEO, TrustPoint Innovation. "TrustPoint’s new BlackSeal Authenticity Service uses Signature RTD 2.0 to protect consumers from hackers and product manufacturers from counterfeiting. This standard provides a significant foundation for securing the Internet of Things."