https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830620#M11470 <P>Hello,</P> <P>&nbsp;</P> <P>Hope you are doing well. As mentioned on the <A href="https://www.nxp.com/docs/en/data-sheet/NT3H2111_2211.pdf" target="_blank">DataSheet</A>, As soon as this internal counter reaches the number 2AUTHLIM, any further negative password authentication leads to a <STRONG>permanent locking of the protected part</STRONG> of the memory for the specified access modes. Independently, <STRONG>whether the provided password is correct or not, each subsequent PWD_AUTH fails</STRONG>.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ricardo</P> Tue, 19 Mar 2024 02:14:17 GMT Ricardo_Zamora 2024-03-19T02:14:17Z https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830367#M11465 <P>Hi, I'm designing with the #NT3H2111/#NT3H2211</P><P>There is a register AUTHLIM that can be used to limit negative authentication attempts.</P><P>Page39 of the datasheet:</P><DIV class=""><DIV class=""><DIV class=""><P><FONT color="#3366FF"><EM>8.7.2 Limiting negative verification attempts </EM></FONT></P><P><FONT color="#3366FF"><EM>To prevent brute-force attacks on the password, the maximum allowed number of negative password authentication attempts can be set using AUTHLIM. This mechanism is disabled by setting AUTHLIM to a value of 000b, which is also the initial state of NTAG I2C plus. </EM></FONT></P><P><FONT color="#3366FF"><EM>If AUTHLIM is not equal to 000b, each negative authentication verification is internally counted. As soon as this internal counter reaches the number 2AUTHLIM, any further negative password authentication leads to a permanent locking of the protected part of the memory for the specified access modes. Independently, whether the provided password is correct or not, each subsequent PWD_AUTH fails. </EM></FONT></P><P><FONT color="#3366FF"><EM>Any successful password verification, before reaching the limit of negative password verification attempts, resets the internal counter to zero. </EM></FONT></P><P><SPAN>So here is my question:</SPAN></P><P><SPAN>How permanent is the locking of the protected part of the memory?</SPAN></P><P><SPAN>Is this "permanent locking" until the device (power-on-)reset ? Or until the next time a NFC-device (smartphone) is presenting itself?&nbsp;</SPAN></P><P><SPAN>Or is it really permanent turning the device useless?</SPAN></P><P><SPAN>I cannot find the answer in the datasheet or AN11786.</SPAN></P></DIV></DIV></DIV><P>&nbsp;</P> Mon, 18 Mar 2024 14:21:54 GMT https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830367#M11465 Paul_PVS 2024-03-18T14:21:54Z https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830620#M11470 <P>Hello,</P> <P>&nbsp;</P> <P>Hope you are doing well. As mentioned on the <A href="https://www.nxp.com/docs/en/data-sheet/NT3H2111_2211.pdf" target="_blank">DataSheet</A>, As soon as this internal counter reaches the number 2AUTHLIM, any further negative password authentication leads to a <STRONG>permanent locking of the protected part</STRONG> of the memory for the specified access modes. Independently, <STRONG>whether the provided password is correct or not, each subsequent PWD_AUTH fails</STRONG>.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ricardo</P> Tue, 19 Mar 2024 02:14:17 GMT https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830620#M11470 Ricardo_Zamora 2024-03-19T02:14:17Z https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830926#M11472 <P>Hi Ricardo,</P><P>Thank you for your answer.&nbsp; Can you then confirm the following conclusion:&nbsp;</P><P><SPAN>In applications where an accredited user in possession of a valid password must be able to write in the protected memory, the use of the AUTHLIM feature can lead to sabotage through brute force techniques. This would result in the definitive destruction of the device, as the accredited user would no longer be able to use it afterward due to the permanent locking of the protected part of the memory, which cannot be reversed.</SPAN></P><P><SPAN>Is this correct? (in which case we will not be able to use this feature - a possibility to reset the permanent locking only by the I2C-side would have been the better solution)</SPAN></P><P><SPAN>Best Regards,</SPAN></P><P><SPAN>Paul.</SPAN></P><P>&nbsp;</P> Tue, 19 Mar 2024 07:47:07 GMT https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1830926#M11472 Paul_PVS 2024-03-19T07:47:07Z https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1831309#M11474 <P>Hi Paul,</P> <P>&nbsp;</P> <P>Yes, your understanding is correct. After reaching the AUTHLIM, the protected part of the memory will be in a permanent locking, that cannot be reversed.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ricardo</P> Tue, 19 Mar 2024 16:25:42 GMT https://community.nxp.com/t5/NFC/NT3H2x11-authentication-limit-behaviour/m-p/1831309#M11474 Ricardo_Zamora 2024-03-19T16:25:42Z