DOT Android NFC library
v1.0.0
Introduction
DOT Android NFC as a part of DOT Android libraries family provides the NFC Travel Document Reader component. Supported documents are those which implement Machine Readable Travel Document (MRTD) standards as specified by International Civil Aviation Organization (ICAO).
Components overview
DOT Android NFC provides a non-UI component for Travel Document reading. You may build your own UI using the DOT Android NFC functionality.
List of Non-UI Components
- NFC TRAVEL DOCUMENT READER
The component for reading NFC enabled travel documents.
Distribution
The library is distributed as an *.aar
package stored in Innovatrics public Maven repository. It can be easily integrated into Android Studio project. The first step is to include Innovatrics Maven public repository and Google repository to your top level build.gradle
file.
allprojects {
repositories {
jcenter()
google()
maven {
url 'http://maven.innovatrics.com/releases'
}
}
}
You must specify the dependency on the DOT Android NFC library in module build.gradle
file. Dependencies of this library are downloaded alongside the library. The version x.y.z
must be replaced with the current version.
dependencies {
…
implementation 'com.innovatrics.android:dot-nfc:x.y.z'
…
}
Sample Project
The usage and configuration are demonstrated in DOT Android Kit Sample project. To run the Sample, import it into Android Studio.
Permissions
DOT Android NFC declares the following permission in AndroidManifest.xml
:
<uses-permission android:name="android.permission.NFC" />
Logging
Although logging is disabled by default, it can be enabled explicitly by using the following method from com.innovatrics.android.commons.Logger
class.
Logger.setLoggingEnabled(true);
Appropriate place for this call is within the onCreate()
method of your subclass of android.app.Application
. Each TAG
of a log message starts with the prefix dot-nfc:
.
This setting enables logging for all DOT Android libraries. |
Keep in mind that logging should be used just for debug purposes as it might produce a lot of log messages. |
Reading Process
Travel document reading process consists of three steps: Access Establishment, Passive Authentication, Active Authentication.
Access Establishment
There are two Access Establishment protocols Basic Access Control - BAC and Password Authenticated Connection Establishment - PACE. DOT Android NFC supports both BAC and PACE. To establish access, first PACE is used, if PACE fails BAC is used.
BAC
In order to access document using BAC, MRZ Key
is required. This MRZ Key
is created from the document number, date of birth and date of expiry.
PACE
PACE is the newer and more secure version of Access Establishment protocols. It uses MRZ Key
(weak password with low entropy) and generates cryptographically strong session keys.
Passive Authentication
The purpose of Passive Authentication is to validate the integrity of data stored on NFC chip. In other words, it verifies that data stored on NFC chip has not been altered. Passive Authentication has the following steps:
extract and validate Document Signing Certificate with CSCA Certificates from master list
verify that Security Data (EF.SOD) has been correctly signed by Document Signing Certificate
verify that hashes stored in EF.SOD are valid, i.e. hashes stored in EF.SOD are equal to hashes computed from data groups present on the document
Active Authentication
The purpose of Active Authentication is to verify that document is genuine, i.e. it is not a copy. Active Authentication has the following steps:
generate random challenge
request a signature for this challenge from the NFC chip
verify the signature using the public key stored in Data Group 15 (DG15)
The public key stored in DG15 can be RSA or ECDSA. DOT Android NFC supports both RSA and ECDSA.
Non-UI Components
NFC Travel Document Reader
In order to read NFC enabled travel document use the NfcTravelDocumentReader
class.
You can adjust travelDocument reading timeout in constructor:
public NfcTravelDocumentReader(int timeout)
In order to successfully execute Passive authentication, you need to provide Country Signing Certificate Authority certificate to NfcTravelDocumentReader
constructor:
public NfcTravelDocumentReader(Collection<X509Certificate> cscaCertificates)
To start reading the travelDocument call read()
function, it has two parameters: Tag
, NfcKey
. Tag
represents NFC Tag discovered by NfcAdapter
. If travelDocument reading was successful, read()
function returns TravelDocument
object.
public TravelDocument read(Tag tag, NfcKey nfcKey) throws NfcTravelDocumentReaderException, TravelDocumentAccessFailedException, MissingDataGroupException;
Common classes
NfcKey
NfcKey
is created from the travel document number, date of birth and date of expiry.
public NfcKey(String documentNumber, String dateOfExpiry, String dateOfBirth)
TravelDocument
This object contains data read successfully from the NFC enabled travel document and it contains the resulting status for Passive authentication and Active authentication.
Appendix
type: redirect redirect: https://developers.innovatrics.com/digital-onboarding/docs/latest-version-matrix/ robots: noindex ---
Changelog
Unreleased
Changed
Update target Android SDK version to 30 (Android 11).
Update documentation.
1.0.0 - 2020-05-27
Added
First major release.