Research security requirements

[miguelcardo]

We need to investigate new threats caused by creating a BLE interface towards the NFC and how to eliminate or minimize them. For example, some applications (e.g. U2F) require the user to tap an NFC reader with the token (an NFC card) - the action of tapping the reader can be considered a user presence verification, equivalent to pressing a button on the device. Since BLE can be always on, the U2F confirmation would always be given, thus defeating the purpose of the second authentication factor.