Hello @Cihan29, Good Day!
Thank you very much for your interest in our products.
Regarding the SUN/SDM feature of the NTAG 424, you will find that it offers a protected data exchange between the tag and the NFC Reader Device, and what happens is that it mirrors stored values from the NTAG memory onto the NDEF message which can be an URL. Some of these mirrored values include for example the tag's UID, an NFC tap counter and a unique authentication code (CMAC/MAC) for each tap and are attached as ASCII encoded text at the end of the URL. With this in mind, it makes sense that the data attached at the end of the link examples you provide changes, because in these cases we are seeing the CMAC followed by the MAC and these are codes that will change with every tap.
Please refer to section 3 of the NTAG 424 DNA Application Note to get a deeper understanding on Secure Dynamic Messaging and find some examples of URLs with mirrored data attached.
When it comes to encrypting and decrypting the data mentioned above, you may find guidance in section 3.4.2.1 of the same document. You will find as well that you can handle the decrypting stage using a backend server, as you mentioned, one that shall know the keys used for the encryption. However, if you are trying to make the link accessible only after a successful decryption, you could consider encrypting the message as plain text and handle its decryption separately. For a detailed description of the encryption processes, please take a look at section 9.1.4 of the NTAG 424 DNA Data Sheet.
For testing purposes, you may use the PEGODA Contactless Smart Card Reader as well as software applications such as RFIDDiscover or NFC TagWriter App by NXP.
My best regards,
Daniel.
