Easiest way to have uniquely identifiable tags to be read by mobile (iPhone and Android)?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Easiest way to have uniquely identifiable tags to be read by mobile (iPhone and Android)?

747 Views
dev_ranade8
Contributor I

Hi,

I am looking to implement sticker tags in my workplace which will be placed on employee desks and meeting rooms. I would like the employee to use their company phone (either iPhone and Android) to scan these tags to 'check in' or 'check out' for work and meetings. I know this is easy to do with Android using NTAG 213 as you could just read the UID of the tags. However, it is impractical to replace all the current iPhones. I want to implement tags so that employees can't just copy the tags and check in wherever/whenever they would like.

I have heard recently about the NTAG 424 tag which uses different keys on each access and can share NDEF info with iPhones. Would that be sufficient to serve my purpose? Note that I don't want to have to put microcontrollers at each desk (or I would be looking into the NTAG I2C tags). I am looking for a tag which whose contents cannot be accessed by outsiders but which can trigger events/protocols within a mobile app.

Any help is much appreciated. Thanks in advance!

(Also if i go down the NTAG 424 route, would I be able to set-up the authentication server to be wirelessly accessible through wifi so it can just sit in the company office? That way, the tags themselves would still only be stickers placed onto employee desks.)

Labels (1)
0 Kudos
Reply
1 Reply

630 Views
Jonathan_Iglesias
NXP TechSupport
NXP TechSupport

Dear Devansh Ranade,

Regarding to your question I think that NTAG 424 is a good option for this product is a good option I think most of the security should be implemented on the server side to check if the phone is connected to a VPN maybe  or specific place so noone can access to the link outside the company the tag UID can be practical so you know the place where the checked or the room they accessed, the think here is that if you create an application that adds a employee number or something like that to the  URL so you can know who is the person, since the tag is static is hard for you to  know who is checking  in the tag, most of the logic will be implemented on the server so the server should know which parts of the URL are encrypted  you can add counters mirroring so if someone else is cloning the tag, your concern about copying the tag url is  called the Replay attack. As Long as the system/application makes sure that it retrieves and checks the MACs at the appropriate times, this risk of attack is lowered. Anyhow backend Service shall know all the time Status of the product in logistic chain (production, in the store, sold, ...).

Have a great day !!

BR

Jonathan

0 Kudos
Reply