阻止从NFC获得的URL进行远程共享或访问 [英] Prevent URL obtained from NFC from being shared or accessed remotely

问题描述

NFC vs QR码的一个优点是，与QR码不同，QR码可以在以后从任何地方拍照和访问，而NFC会绑定您从近距离扫描NFC芯片以访问信息.

one advantage of NFC vs QR code is that unlike QR code which can be photographed and accessed from anywhere later, an NFC binds you to scan the NFC chip from close distance in order to access the info.

但是，一旦进行扫描并且您的浏览器已准备好打开URL，就会阻止用户共享URL，以便其他人可以使用它并远程访问它(或者已经离开NFC标签两次使用). ?

But, once scanned and your browser is ready to open the URL, what prevents the user from sharing the URL so that others can use it and access it remotely (or to use it twice, when already away from the NFC tag)?

我的用例是让物理上靠近的人通过扫描NFC所获得的URL提交一些输入.

My use case is to let a person who is physically near the NFC device, to submit some input, via a URL obtained from scanning the NFC.

但是，我不想允许其他人访问相同的URL，因为这将使他们能够远程提交数据(例如虚假数据)，并且这将污染"我尝试收集的信息

However, I don't want to allow other persons to access that same URL, since this will enable them to submit data remotely (such as false data), and this will "contaminate" the info I'm trying to gather.

• 没有方法可以动态更改URL，因为将URL一次写入到NFC标签就可以了(例如，要每分钟更改URL，必须通过物理访问来重写NFC，因此这是不可行的.)

• There is no way to dynamically change the URL as it is written once onto the NFC tag and that's it (to alter the URL every minute for example, the NFC must be re-written by physically accessing it, so this is not feasible).

我想不出可以在此处应用的一些额外令牌，因为我无法物理上将此类令牌传递给用户，而且我也不想让用户难以使用该系统，方法是引入另一个安全层并要求他采取其他措施.

I can't think of some extra token that can be applied here, since I can't physically pass such token to the user, and I also don't want to make it hard for the user to use the system, by introducing another security layer and ask him to make another action.

推荐答案

我能想到的唯一方法不是使用NFC卡，而是使用运行自定义主机卡仿真(HCE)软件的启用NFC的设备(可能在Android设备，并且可能通过PC和USB读卡器实现)

The only way I can think of doing this is not with an NFC card but with an NFC enabled device running Custom Host Card Emulation (HCE) software (Possible on an Android Device and may be possible with a PC and USB card reader)

当另一台设备进入NFC范围时，由于该设备正在模拟NFC卡，因此HCE设备将像是一张卡一样进行响应，并发送带有自定义URL的NDEF消息.

As the device is emulating an NFC card when another device comes in to NFC range the HCE device will respond as if it was a card and send out an NDEF message with the custom URL.

在给定正确的NDEF消息的情况下，URL将在标准手机启动的浏览器中可见，但是这些URL可以一次使用，因为一旦HCE设备发送了NDEF消息，它就可以使用时间或其他方法生成一个新的URL，供下次有人尝试读取它的模拟卡时使用.

The URL will be visible in the browser that a standard phone will launch given the right NDEF message but these URL's can be one time use as once the HCE device has sent the NDEF message, it can use the time or another method to generate a new URL for the next time somebody tries to read it's emulated card.

我可以想到其他方法，这些方法需要扫描设备的自定义软件才能隐藏URL. 或者我认为，对于某些高级NFC卡，可能可以在卡上运行应用程序以为NDEF消息生成唯一的URL，但这是非常高级的东西.

I can think of other methods that would require custom software of the scanning device to work either to hide the URL. Or I think it might be possible with some of the Advanced NFC cards you can run applications on the card to generate a unique URL for the NDEF message, but that is very advanced stuff.

主机卡仿真很复杂，但对于非专业程序员来说是可能的.唯一的问题是，您留给人们扫描的物品需要固定并供电.

Host Card Emulating is complicated but possible for a non specialist programmer. The only problem is the item you are leaving for people to scan needs to be secured and powered.

更新
如我的评论中所述，使用JavaCard可以动态生成NFC数据，最近我遇到了 https://github.com/OpenJavaCard/openjavacard-ndef ，这是Java卡动态生成NFC数据的代码.

Update
As mentioned in my Comment that using a JavaCard could dynamically Generate the NFC Data and recent I came across https://github.com/OpenJavaCard/openjavacard-ndef which is the code for a Java Card to dynamically generate NFC Data.

这篇关于阻止从NFC获得的URL进行远程共享或访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！