Hoverkey: Unlock Apps by Touching a Smart Card to Your Android NFC devices

Hoverkey-smart-card-unlock-apps-Android-NFC-devices-rfid-blogA London-based startup has launched a system called Hoverkey, which uses a contactless smart card as a key to secure NFC-enabled Android devices.

Users can use Hoverkey to automatically enter a complex password into a mobile login screen by touching a card to the device rather than typing it in. According to the company, this means IT departments can mandate strong passwords to protect enterprise apps and data without meeting the usual user resistance.

On first use users need to register credentials with the Hoverkey app, which then transmitted over the secure channel to a Java Card applet running on the card, where they are encrypted. The resulting encrypted object is returned to the app for storage.

On subsequent uses when the card is tapped against the device, the encrypted object is passed to the card, which then verifies its integrity and decrypts it before returning plaintext credentials over the secure channel to the app.

“Hoverkey is fast, authenticating in just a couple of seconds,” says the company. And, since it does not require a data connection, it continues to work even when devices are offline or outside wireless coverage areas.

The app and card combination can be used as a password store for third party mobile apps that have been Hoverkey-enabled, which involves integrating a Hoverkey Button user interface widget.

App developers can encrypt data stored on the device with keys derived from very complex passwords and let Hoverkey do the hard work of remembering and entering these passwords on behalf of the user.

A developer kit containing two Hoverkey cards is available for £79 (US$99) from the company’s website, along with a free SDK. Support for Windows Phone 8 is planned, with iOS devices getting Hoverkey “as soon as Apple integrates NFC hardware into their devices.”