NT3H2111 Datasheet, PDF(37/77 Page) NXP Semiconductors – Designed to be the perfect enabler for NFC in home-automation

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

NT3H2111 Datasheet, PDF (37/77 Pages) NXP Semiconductors – Designed to be the perfect enabler for NFC in home-automation

◁

NXP Semiconductors

NT3H2111/NT3H2211

NFC Forum Type 2 Tag compliant IC with I2C interface

8.7.2 Limiting negative verification attempts

To prevent brute-force attacks on the password, the maximum allowed number of

negative password authentication attempts can be set using AUTHLIM. This mechanism

is disabled by setting AUTHLIM to a value of 000b, which is also the initial state of NTAG

I2C plus.

If AUTHLIM is not equal to 000b, each negative authentication verification is internally

counted. As soon as this internal counter reaches the number 2AUTHLIM, any further

negative password authentication leads to a permanent locking of the protected part of the

memory for the specified access modes. Independently, whether the provided password is

correct or not, each subsequent PWD_AUTH fails.

Any successful password verification, before reaching the limit of negative password

verification attempts, resets the internal counter to zero.

8.7.3 Protection of configuration segments

The configuration pages can be protected by the password authentication as well. The

protection level is defined with the NFC_PROT bit.

The protection is enabled by setting the AUTH0 byte (see Table 10) to a value that is

within the addressable memory space.

8.8 Originality signature

NTAG I2C plus features a cryptographically supported originality check. With this feature,

it is possible to verify that the tag is using an IC manufactured by NXP Semiconductors.

This check can be performed on personalized tags as well.

NTAG I2C plus digital signature is based on standard Elliptic Curve Cryptography (ECC),

according to the ECDSA algorithm. The use of a standard algorithm and curve ensures

easy software integration of the originality check procedure in an application running on

an NFC device without specific hardware requirements.

Each NTAG I2C plus UID is signed with an NXP private key and the resulting 32-byte

signature is stored in a hidden part of the NTAG I2C plus memory during IC production.

This signature can be retrieved using the READ_SIG command and can be verified in the

NFC device by using the corresponding ECC public key provided by NXP. In case the

NXP public key is stored in the NFC device, the complete signature verification procedure

can be performed offline.

To verify the signature (for example with the use of the public domain crypto library

OpenSSL) the tool domain parameters shall be set to secp128r1, defined within the

standards for elliptic curve cryptography SEC (Ref. 10).

Details on how to check the signature value are provided in corresponding application

note (Ref. 6). It is foreseen to offer not only offline, as well as online way to verify

originality of NTAG I2C plus.

NT3H2111/NT3H2211

Product data sheet

COMPANY PUBLIC

All information provided in this document is subject to legal disclaimers.

Rev. 3.0 â 3 February 2016

359930

37 of 77

▷