Operating of the NTAG 413
Dynamic NDEF encryption
The NTAG 413 enables dynamic encryption of the NDEF message on an NFC chip. This means, for example, that an URL or a plain text file saved as NDEF (and is readable by any smartphone) can be created and encrypted by the chip dynamically. In this way, each time a new, individually encrypted code is created and sent – which can be authenticated by the corresponding reader or server.
SUN – Secure Unique NFC Message
The special feature of this new device is called “Secure Unique NFC Message” (SUN), which guarantees the most secure communication between an NFC card or an NFC tag and a terminal by generating a unique code. Each time the card is used, a new code is generated, which is sent and verified as a web link from the smartphone in real time to the server. This unique code is based on CMAC information “Cipher-based Message Authentication Code” and can be calculated from the chip UID and / or the counter.
CMAC – Cipher-based Message Authentication Code
To check a message or a chip or NFC card for authenticity, the CMAC standard is used. This means that both transmitter and receiver have a secret key. The transmitter (NFC card) uses this security key and its message or the content of the NDEF message to calculate a MAC code and sends the message and the MAC to the receiver (server). This receiver calculates the MAC to the received NDEF message with the previously shared key and compares the calculated MAC with the received one. With the NTAG 413, a counter (NFC Counter) is integrated in the encryption in order to generate a unique code for each read operation additionally.
NFC counter
The NTAG 413 provides complete traceability for each individual read operation. Through a counter every reading process is written on the card and so a reuse of an old code is made impossible. In addition, this feature allows tracking or determining the frequency of the tag use.