FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

NT3H2x11 authentication limit behaviour

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

NT3H2x11 authentication limit behaviour

Jump to solution
‎03-18-2024 07:21 AM
197 Views
Paul_PVS
Contributor I

Hi, I'm designing with the #NT3H2111/#NT3H2211

There is a register AUTHLIM that can be used to limit negative authentication attempts.

Page39 of the datasheet:

8.7.2 Limiting negative verification attempts

To prevent brute-force attacks on the password, the maximum allowed number of negative password authentication attempts can be set using AUTHLIM. This mechanism is disabled by setting AUTHLIM to a value of 000b, which is also the initial state of NTAG I2C plus.

If AUTHLIM is not equal to 000b, each negative authentication verification is internally counted. As soon as this internal counter reaches the number 2AUTHLIM, any further negative password authentication leads to a permanent locking of the protected part of the memory for the specified access modes. Independently, whether the provided password is correct or not, each subsequent PWD_AUTH fails.

Any successful password verification, before reaching the limit of negative password verification attempts, resets the internal counter to zero.

So here is my question:

How permanent is the locking of the protected part of the memory?

Is this "permanent locking" until the device (power-on-)reset ? Or until the next time a NFC-device (smartphone) is presenting itself? 

Or is it really permanent turning the device useless?

I cannot find the answer in the datasheet or AN11786.

 

Tags (2)
0 Kudos
Reply
1 Solution

Jump to solution
‎03-19-2024 09:25 AM
175 Views
Ricardo_Zamora
NXP TechSupport
NXP TechSupport

Hi Paul,

 

Yes, your understanding is correct. After reaching the AUTHLIM, the protected part of the memory will be in a permanent locking, that cannot be reversed.

 

Regards,

Ricardo

View solution in original post

Reply
3 Replies

Jump to solution
‎03-19-2024 12:47 AM
179 Views
Paul_PVS
Contributor I

Hi Ricardo,

Thank you for your answer.  Can you then confirm the following conclusion: 

In applications where an accredited user in possession of a valid password must be able to write in the protected memory, the use of the AUTHLIM feature can lead to sabotage through brute force techniques. This would result in the definitive destruction of the device, as the accredited user would no longer be able to use it afterward due to the permanent locking of the protected part of the memory, which cannot be reversed.

Is this correct? (in which case we will not be able to use this feature - a possibility to reset the permanent locking only by the I2C-side would have been the better solution)

Best Regards,

Paul.

 

0 Kudos
Reply

Jump to solution
‎03-19-2024 09:25 AM
176 Views
Ricardo_Zamora
NXP TechSupport
NXP TechSupport

Hi Paul,

 

Yes, your understanding is correct. After reaching the AUTHLIM, the protected part of the memory will be in a permanent locking, that cannot be reversed.

 

Regards,

Ricardo

Reply

Jump to solution
‎03-18-2024 07:14 PM
183 Views
Ricardo_Zamora
NXP TechSupport
NXP TechSupport

Hello,

 

Hope you are doing well. As mentioned on the DataSheet, As soon as this internal counter reaches the number 2AUTHLIM, any further negative password authentication leads to a permanent locking of the protected part of the memory for the specified access modes. Independently, whether the provided password is correct or not, each subsequent PWD_AUTH fails.

 

Regards,

Ricardo

0 Kudos
Reply