Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags

Fernando Kaway Carvalho Ota, Michael Roland, Michael Hölzl, Rene Mayrhofer, Aleardo Manacero

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


Traditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.
Original languageEnglish
Article number81
Pages (from-to)1-18
Issue number3
Publication statusPublished - 6 Jul 2017


  • secure channel
  • two-factor authentication
  • Near Field Communication (NFC)
  • Android
  • mobile security
  • Near field communication (NFC)
  • Two-factor authentication
  • Mobile security
  • Secure channel


Dive into the research topics of 'Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags'. Together they form a unique fingerprint.

Cite this