NTAG424 DNA settings for security

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NTAG424 DNA settings for security

1,291 Views
long19890829
Contributor II
hi,
   we would like to use the Ntag424 DNA tag to achieve the anti-counterfeiting applications, the ios app read the ndef message from a tag which had been written a dynamic and encrypted url (as below demo url, the url is changed since every read), then send ndef message to our service for decryption and validation. We had rewritten the 5 application keys, and the file setting as below, would you help me to confirm that:
(1) is there some potential security problem for our current tag configuration, and is it ok for our anti-counterfeiting application.
(2)is there some other action to enhance the security.
(3)how can we lock the Ntag424DNA permanently like the Ntag213, the ndef region can't be written permanently.
look forward your reply, and thank you very much!
FILE setting:
pastedImage_1.pngpastedImage_2.png
Long Zhu
0 Kudos
3 Replies

1,210 Views
nxf58474
NXP Employee
NXP Employee

Hi Long Zhu,

 

I apologize for a late reply.

 

1 & 2 - Your configuration looks good.

3 - You can change the Write and Read access rights for the NDEF File to prevent unauthorized changes. These access conditions are mentioned in tables 6-9 of the Data Sheet

pastedImage_2.png

 

You need to change on the CC file and set the rights of the NDEF file

 

pastedImage_4.png

 

And please confirm that the offset values are correct according to your URL.

 

Hope this helps.

 

Best Regards,

Ricardo

0 Kudos

1,210 Views
long19890829
Contributor II

Hi Ricardo,

Thanks for your reply, the CC file INITIALIZED content is:001720010000FF0406E104010000000506E10500808283000000000000000000,and the CC file configuration is as below, could you tell me which value of the CC file content and configuration will be ok for the permanently lock. One more things I would like to double confirm with you that there is no way to read out the 5 keys in my understanding, Only can change and auth the 5 keys, is it correct?pastedImage_1.png

Thank you!

Long Zhu

0 Kudos

1,210 Views
nxf58474
NXP Employee
NXP Employee

Hi Long Zhu,

 

After the NDEF File configuration, you need to change the CC File. If you want to permanently lock the tag (just read), you need to set the Read Access Key to 0E (Free Access), and the other three Access Key to 0F (No Access). If you have this configuration, even with the keys, you can't make the authentication. If you want to be able to authenticate and change some configurations, you should select the needed key number, in the R/W, Write and Change Access Keys.

 

Best Regards,

Ricardo

0 Kudos