NTAG 424 DNA is a new NXP product which features Secure Unique NFC Message. From the user perspective, this is an ordinary NFC Forum Type 4 Tag that could point to some web address after it’s scanned. What is unique about this particular product is that it is able to return a different message (i.e. URL address with variable parameters) each time it gets scanned. A message may feature a read counter, which is automatically incremented after each interaction with the tag. It is also cryptographically signed, so it is protected against tag cloning and it is possible to validate if the user really interacted with the tag.

Note: NTAG — is a trademark of NXP B.V.

This could have numerous applications like:

  • second-factor authentication with proof of presence using a NFC tag,
  • special product offers which are accessible only if the user is in particular place,
  • implementing some variant of real-life treasure hunt game, where a user has to find particular points on the map, visit them and prove his presence.

In order to properly validate and decrypt SUN NFC messages, it is required to have a backend server. I have provided an example implementation on GitHub, which is MIT licensed and can be used freely. Feel free to contact me if you have any questions or comments related to the usage of the server.

PS. If you have no clue how to authenticate or sign/encrypt messages using EV2 cryptography, I provide an open source library for that as well, see ntag424-ev2-crypto on GitHub.

PS2. The abovementioned library also provides the Python 3 implementation of Leakage Resilient Primitive - LRICB and LRP-CMAC.