NFC chip manufacturer NXP have launched two new chips aimed at the making NFC authentication easier.
The new NTAG 413 DNA chip adds cryptographic authentication using what NXP are calling ‘Secure Unique NFC’ or SUN. This generates a secure one-time authentication code each time the NFC tag is tapped.
This is an important feature. Most secure NFC operations at this point required the mobile phone to have a pre-installed App for authentication. The App, typically on an Android phone, would access either a password protected, encrypted area or a secure area of the chip and use this information to confirm that the tag was indeed what it claimed to be.
By using a unique generated code each time the tag is tapped the NFC chip can include this dynamically into a URL (web address) on the tag. Therefore, the NFC authentication can happen over a standard web connection removing the requirement for a pre-installed App. Perhaps the easiest way to understand this process is that it’s similar to one of those bank key cards that generate a new number each time you log in.
To an extent, this isn’t new – chip manufacturer HID have had their Trusted Tag NFC product for some time. However, NXP appear to have built the framework for this around their popular, high performance and easy to use NTAG product. This is likely to allow faster market penetration and easier access to the inlay tags themselves.
Secure NFC Authentication Flaw
For the vast majority of cases, ‘App-Free’ authentication is great. It’s cost effective and barrier free. However, it’s not perfect. For example, let’s consider using NFC tags in clothing as a consumer authentication device. The new NTAG413 DNA would enable any user with an NFC enabled phone
but without a specific App, to scan the tag. A quick connection to the internet would confirm the unique ‘SUN’ and the consumer would have instant authentication that the product was genuine.
Except, the consumer doesn’t actually know what to expect when the tag is scanned. Which means that fake chips can be inserted to direct anywhere on the internet. The user will scan, see an ‘authentication’ page and be happy. Perhaps worse still, the consumer may be asked to enter personal details to register the item.
The easiest way around this is a secure gateway between the tag and the internet. In other words, an App. And then we are back where we started.
Closed Loop Authentication
The tags clearly have a large number of use cases in closed loop situations. These are instances where the person doing the scanning can trust the tag and/or knows what to expect. It removes the need for a pre-installed App which increases the device scope and perhaps enables easier working in BYOD (bring your own device) environments.
NTAG 213 Tag Tamper
The other chip being launched is a tamper proof version of the NTAG213 chip. NXP state ‘Tamper-evident NFC tags can be placed on a product’s label, seal, closure or container, and information can be accessed with a simple tap of any mobile NFC device.’
From what NFC.Today understands, these type of tags typically have additional chip connections which detect a broken wire loop. This then changes data within the tag which is passed either through a URL (web address) or within the memory blocks. It’s effective and works very well.
There’s a significant market for this type of chip not only in B2C but also with B2B. The ability to easily check that goods or packaging haven’t been tampered with along the supply chain.
Both these chips bring a lot to the table. NXP have always been at the forefront of adding new features and pushing the NFC market forward. There’s little question that both will create a whole range of exciting new applications.
“With the growth in connected IoT devices, organizations are seeking ‘real-time,’ simpler, yet trusted and secure methods to protect consumers,” said Markus Staeblein, vice president and general manager for secure mobility and retail at NXP. “We’ve added more security features and made NXP NFC NTAGs more robust and suitable for in-demand use cases, such as proximity-based authentication and integrity protection, and expanded support for every relevant operating environment, whether it’s online, offline, with or without a smartphone application.”
NXP, the NXP logo and NTAG are registered trademarks of NXP B.V.