Signature77vcd.com

AN12366NTAG5-MemoryconfigurationandscalablesecurityRev.
1.
0—9January2020Applicationnote530510COMPANYPUBLICDocumentinformationInformationContentKeywordsConfigurationandsecurity,NTAG5switch,linkandboost,plainpassword,AESmutualauthenticationAbstractGuidelinesforconfiguringNTAG5memoryandhowtosetsecuritylevels.
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305102/23RevisionhistoryRevDateDescriptionv.
1.
020200109FirstofficialreleasedversionNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305103/231AbbreviationsTable1.
AbbreviationsAcronymDescriptionI2CInter-ICcommunicationICIntegratedCircuitNFCNearFieldCommunicationPACKPasswordacknowledgePWDPasswordVCDVicinityCouplingDeviceVICCVicinityIntegratedCircuitCardNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305104/232IntroductionThisdocumentdescribesrecommendeduseoftheNTAG5dataprotectionfeatures.
NTAG5providesfeaturestoenhancesecurityandprivacy.
Tobenefitfromthesecommandsacustomerneedstomakechangesinthesystem,programmingoftheICandoperationonthereadpoints.
Asafepasswordand/orkeyhandlingproceduresarenecessarytoensuretheintegrityofaninstallationandintendedsecurityimprovements.
2.
1PotentialapplicationsProtectyourdeviceandyourdata:UseyourownoriginalitycheckUseanNDEFmessageintheread-onlyprotectedopenareaUseplainpasswordormutualAESauthenticationtoprotectyourpersonalsettingsSplitthememoryintothreeindependentlyprotectedareasNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305105/233SecurityfeaturesTherearetwo(2)securityschemesonNTAG5family:1.
PlainPasswordauthenticationmode(likeonICODESLIX2)2.
AESauthenticationmodeasperISO/IEC29167-10CryptosuiteAES-128securityservicesforairinterfacecommunications(likeonICODEDNA)Table2.
NTAG5differentsecurityontypesNTAG5nameSecuritymodeTypeNTAG5switchPasswordNTP5210NTAG5linkPasswordNTP5312NTAG5linkPasswordorAEScryptosuiteNTP5332NTAG5boostPasswordorAEScryptosuiteNTA53323.
1Authenticity3.
1.
1PasswordauthenticationPasswordauthentication(32-bitor64-bitpasswords)canbedoneifcommunicationhost(RForI2C)providesPWDtotheNTAG5andifPWDiscorrect,theNTAG5respondswithPACK(configurable).
3.
1.
2AES-128authenticationAES-128authenticationprovidesanoption,thatanInterrogator(VCD)cancheckwhethercounterpart(VICC)isauthentic-sharingthesamesecretorkey.
Aftersuccessfulauthentication,RFcommunicationisinplain(notencrypted).
Ifhigherdegreeofsecurityisneeded,itcanbeefficientlydoneonthewholesystemlevel.
Also,itcanbeachievedbyusingSRAM(volatile)ofNTAG5asatransportlayerandsecuritymeansareputtotheapplication/systemlayerincombinationwithasecureC.
3.
2LockingbytevaluesTopermanentlysetcertainUsermemorypartstoread-only,lockingmechanismispresentonNTAG5.
Configurablefrombothinterfaces,fromRFitisonewayprogrammableonly.
Inadditions,sectionsofConfigurationmemorycanbelocked.
Aftertheconfigurationdone,itisrecommendedtowritetheappropriatelockconditionsandlockthedeviceconfigurationbytes.
LOCK_BLOCK_COMMAND_SUPPORTEDneedstobesetto1binCONFIG_2byteinordertoenableLOCK_BLOCKcommand.
EachbitofNFCLockBlockConfigurationlock,locksonememoryblock.
SECTION_LOCK"freezes"NFCLockBlockConfiguration.
Seeexample[Section7.
5].
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305106/233.
3ProtectingaccesstofeaturesTable3.
NTAG5SecurityfeaturesFeatureNTAG5switchNTAG5linkNTAG5linkNTAG5boostTypeNTP52101NTP5312NTP5332NTA5332LockblockyesyesyesyesPasswordprotectEASyesyesyesyesPasswordprotectAFIyesyesyesyesPasswordprotectionofread/writeEEPROMyesyesyesyesPasswordprotectionofPRIVACYyesyesyesyesPasswordprotectionofDESTROYyesyesyesyesTagauthentication--yes(1)yes(1)Mutualauthentication--yes(1)yes(1)NegativeauthenticationcounteryesyesyesyesSRAMprotection-yesyesyesConfigurationAreaprotectionyesyesyesyesSessionRegistersprotectionyesyesyesyes(1)AvailableafterPWDtoAESmodeswitch.
3.
4DifferentmemoryareasprotectionUserEEPORMmaybesplitintothreeareas.
Highestpriohasthe16-bitPP_AREA_1pointer.
ItdefinesthestartoftheAREA_1anditisthesameblockaddressfromNFCandI2Cperspective.
Onlyifthe8-bitNFC_PP_AREA_0-HblockaddressislowercomparedtothePP_AREA_1,thelowerpartissplitintoNFCAREA_0-LandNFCAREA_0-H.
Maximumdivisionscanbe1kBasthepointeraddressis8bit.
ThepageAREA_0-LandAREA_0-HcanbedefinedindependentlyfromRFandI2Cperspective.
AlsoaccessrestrictionscanbedifferentbetweenRFandI2C.
TosplittheuserEEPROMfromI2Cperspectivethe8-bitI2C_PPneedtobesetaccordingly.
Theconceptisillustratedbelow.
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305107/23aaa-035479NFCAREA_0-LI2CAREA_0-LI2CAREA_0-L8-bitNFC_PP_AREA_0-H8-bitI2C_PP16-bitPP_AREA_1NFCAREA_0-HAREA_1COUNTERFigure1.
ConceptofmemoryareasNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305108/23Table4.
NTAG5DifferentmemoryareasprotectionpossibilitiesMemoryareaNFC/RFI2CEEPROMyes(NFC_PP_AREA_0-H)yes(I2C_PP)EEPROM-Restrictedareayes(PP_AREA_1)SRAMyes(PWDorAuthenticationaccessprotection)noUserConfigyes(PWDorAES)yes(PWD)Registersyes(some)no3.
5ReprogrammableoriginalitysignatureNXPofferstoeitherlockthepre-programmedNXPoriginalitysignature,ortoallowcustomerstore-programmandlocktheoriginalitysignature.
FollowingstepsforOriginalitySignaturegeneratingandreprogrammingarerecommended:1.
Generateapublicandprivatekeyfortheparameterssecp128r12.
CreateandSignOriginalitySignaturewithprivatekey3.
VerifytheOriginalitySignaturewithpublickey4.
ProgramtheOriginalitySignatureintoICmemory5.
LocktheOriginalitySignatureMoredetailswithminoradoptionchangeneededcanbefoundin[Applicationnote].
MoredetailsonverifyingOriginalitySignaturecanbefoundin[Applicationnote].
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC5305109/234NFC(RF)perspectivesecurity4.
1PlainpasswordAuthenticationisdonebysharingpasswordinplainoverairinterface.
Aftersuccessfulauthentication,respectiveaccessrightsaregranted.
Itisapossibilitytoswitchfromdefault32-bitPWDlengthto64-bitPWDlength.
4.
2AESmodeAuthenticationmodeasdefinedinISO/IEC15693-3Amendment4andISO/IEC29167-10[Internationalstandard].
AES-128cryptoalgorithminCBCmodeisused.
Interrogatorisallowedtoperformtwo(2)auth.
procedures:Tagauthentication(TAM)Mutualauthentication(MAM)SwitchfromPWDtoAESmodeisavailableonlyonNTAG5link(NTP5332)andNTAG5boost(NTA5332)bysettingDEV_SEC_CONFIGbyteonblockaddress3Fh(RF)or103Fh(I2C).
InAuthenticationprocedurekeysareusedonlyforencryption/decryptionandareneverexchangedonairinterface.
Fornumericalexamplesreferto[Applicationnote].
4.
2.
1TagAuthenticationIsusedtoprovetheoriginalityofthetappedNTAG5(endapplication,productetc.
)withcryptographicauthentication.
AftersuccessfulTagAuthentication,theVCD(Interrogator)hasaproofthatacounterpartVICC(NTAG5)isauthentic-sharesthesamekey.
4.
2.
1.
1SingleNTAG5expectedinthefieldFornumericalexamplefollow[Applicationnote].
aaa-033629TagReader/InterrogatorAuthenticate(lchallenge)ENC(lchallenge)DEC(ENC(Ichallenge)==lchallengegreenline=NTAG5isAuthenticFigure2.
SingletagAuthenticationflowNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051010/234.
2.
1.
2MultipleTagsexpectedinthefieldVCD(Interrogator)sendsIChallengecommandtoNTAG5orNTAG5s.
AfterreceivingavalidCHALLENGEcommandtheNTAG5startswiththecryptocalculationandstoresthedataintoit'sbuffer.
Ifthecalculationisfinalized,theNTAG5willrespondtoavalidREADBUFFERcommandwiththeresultofthecryptocalculation.
VCD(Interrogator)decideswhichNTAG5toaddress(INVENTORY)beforereadingtheparticularNTAG5'sbuffer(READBUFFER).
aaa-033824Tag0,Tag1,.
.
.
Reader/InterrogatorChallenge(lchallenge)(Broadcast)ReadBuffer(Addressed)lnventoryUIDENC(Ichallenge)ENC(Ichallenge)ReadBufferDEC(ENC(Ichallenge)==lchallengegreenline=NTAG5isAuthenticFigure3.
TagauthenticationwithmultipleNTAG5expectedinthefield4.
2.
1.
3Timingmeasurements4.
2.
1.
3.
1SingleTagAuthenticationNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051011/23aaa-0336318.
5msw/ocounter4mswithcounter>7ms*25.
1or>28.
1ms*7ms4ms0.
3msTag1*)actualEEPROMprogrammingtimedependsonavailablepowerReaderInventoryAuthenticateUIDAESResponse1.
3mscounter=NegativeAuthenticationCounterFigure4.
SingleTagAuthenticationtimings4.
2.
1.
3.
2Multipletags-TagAuthenticationaaa-0336327.
3msn*12.
1ms4.
5ms8.
5msw/ocounter4mswithcounter>7ms*12.
5msor>15.
5ms*0.
3msTagn.
.
.
*)actualEEPROMprogrammingtimedependsonavailablepowerReaderTag1Tag2AnticollisionChallengeReadBufferResponseAESAESAESFigure5.
MultipleNTAG5s-TagAuthenticationtimings4.
2.
2MutualAuthenticationIsusedtoprotectagainstunauthorizeddataaccessorunauthorizedmanipulation.
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051012/23aaa-033630TagReaderAuthenticate(lchallenge)Authenticate(DEC(Tchallenge))Read(ProtectedAddress)ENC(lchallenge),TchallengeERRORProtectedDataSTATE:SELECTEDSECURESTATE:TagisauthenticDEC(ENC(Ichallenge)==lchallengeOKFigure6.
MutualauthenticationflowNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051013/235I2CperspectivesecurityI2CSlavecommunicationmaybeprotectedbyplainpasswordauthentication.
I2CHostneedstoauthenticateprioraccessingI2Cprotectedareasbywritingrelatedpasswordtotherelatedblock(blocks1096hto1099h).
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051014/236PasswordsorKeysgenerationTheNTAG5useseither32-bit,64-bitpasswords,128-bitAESkeys.
Thisoffersareasonablelevelofsecurity.
Thereareseveralwaystogenerateapassword:1.
Customergeneratesonesetofsecretpasswords/keysusedinallNTAG5(e.
g.
batch)2.
Customergeneratesdifferentpasswords/keysforeachNTAG5andstorestheminadatabase.
3.
CustomerusestheUIDoftheICandasecurealgorithm(freeofchoice)tocalculatediversifiedpasswords/keysforallICs.
(recommended)[Applicationnote]NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051015/237Example:SecurityprotectionforthefieldInfollowingexamplememorywillbeorganizedasonthefigurebelow.
UID:E00401581A003F00NDEF-URIrecord:Block[hex]Byte0Byte1Byte2Byte3Area0000E110800000010313D10100020F55046E00037461673500042E6E787000052E636F6D00062FFE0000AREA_0_L000700000000000811223344000955667788005F99AABBCCAREA_0_H00600000000000615555555500624444444401FE33333333AREA_101FFcounter7.
1Write/Store(derived)PWDNewWRITEPWDvalue:"11223344h"WRITEPASSWORD(passwordidentifier02h)commandcode:B4h(Note:PWDvaluescanbewrittenalsousingdirectWRITECONFIG)PutNTAGintoSELECTEDstateoruseAddressedmode(UIDprovidedincommandpayload)Procedure:1.
GETRANDOMNUMBERVCD→VICC:12B204(1BB9)VICC→VCD:C273+CRC2.
VCDcalculatesXOR_Password[31:0]=Password[31:0]XOR{Random_Number[15:0],Random_Number[15:0]}.
Note:defaultPWDis00000000h.
C273C2733.
SETPASSWORD(AuthenticatewithdefaultPWD)VCD→VICC:12B30402C273C273(6CF8)VICC→VCD:00NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051016/234.
WRITEPASSWORD(WritenewPWD)VCD→VICC:12B4040211223344(121B)VICC→VCD:007.
2SetProtectionPointerandPointerConditionsWriteprotectionpointerconfiguration:NFC_PP_AREA_0-Htovalue(07h)AREA_0_Lis:–notreadprotected–notwriteprotectedAREA_0_His:–notreadprotected–writeprotectedVCD→VICC:02C1045807200000(RF-PP,RF-PPC)7.
3DeviceSecurityconfigurationThelevelofsecuritycanbedefiedwiththedevicesecurityconfiguration(DEV_SEC_CONFIG)andcanbewrittenbybothinterfaces.
Iflockedbysecuritylockcannotbeupdatedanymorebyanyoftheinterfaces.
TheICRFsecurityfeaturescanbechosenbetweenAEStag/mutualauthenticationorplainpasswordforNTAG5boost(NTA5332)andNTAG5link(NTP5332)only.
NTAG5switch(NTP5210)andNTAG5link(NTP5312)onlyofferplainpassword.
FormRFperspectivetherearethreelevelsofsecurity:32-bitplainpassword64-bitplainpasswordAES:AvailableonNTAG5boost(NTA5332)andNTAG5link(NTP5332)SecuritymodescanbeconfiguredinDEV_SEC_CONFIG(3Fh).
ForI2Cperspectiveonlyplainpasswordprotectionisimplemented.
7.
4RESTRICTEDareaconfigurationRestrictedareaprotectionpointer(PP_AREA_1)setto60h.
Restrictedareaisalwaysprotectedfromboththeinterfaces.
Areacanbedefinedby16-bitaddress.
AsrestrictedareahashighestpriorityandoverlapswithanyofthepageL(AREA_0-L)orpageH(AREA_0-H),thisuserareaisconsideredasRestrictedarea.
VCD→VICC:02C1043FA5006000Afterthiscommand,therestrictedareaisautomaticallyreadandwriteprotectedbytheNFC_PWD5(AREA_1ReadPassword)andNFC_PWD6(AREA_1WritePassword).
NOTE:WhenusingAESsecurityscheme,thekey(s)fortherestrictedareais/aredefinedwiththerelatedNFCKeyPrevilegies(NFC_KPx).
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051017/237.
5Lockmemoryarea(read-onlystate)NDEFarea(block0000h-0006h)settoread-only.
Itcanbedoneeither:LOCKBLOCKcommand(alsoNFCForumdefined)directlywritingtoConfigurationbytes(faster)Thereforefirst7bitsofNFC_LOCK_BL0needstobeset.
Table5.
BitsetBit7Bit6Bit5Bit4Bit3Bit2Bit1Bit0bytevaluein[hex]NFC_LOCK_BL0011111117FProcedure:1.
WRITECONFIGcmdVCD→VICC:12C1046A7F000000(A118)VICC→VCD:00+CRCNXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051018/238References[1]NTP5210-NTAG5switch,NFCForum-compliantPWMandGPIObridge,doc.
no.
5477xxhttps://www.
nxp.
com/docs/en/data-sheet/NTP5210.
pdf[2]NTP53x2-NTAG5link,NFCForum-compliantI2Cbridge,doc.
no.
5476xxhttps://www.
nxp.
com/docs/en/data-sheet/NTP53x2.
pdf[3]NTA5332-NTAG5boost,NFCForum-compliantI2Cbridgefortinydevices,doc.
no.
5475xxhttps://www.
nxp.
com/docs/en/data-sheet/NTA5332.
pdf[4]AN11859-MIFAREUltralightandNTAGGeneratingOriginalitySignaturehttps://www.
docstore.
nxp.
com/products[5]AN11350-NTAGOriginalitySignatureValidationhttps://www.
nxp.
com/confidential/AN11350[6]AN11808-ICODEDNAKeyinitialization,tag/mutualauthenticationhttps://www.
docstore.
nxp.
com/products[7]AN11807-ICODEDNAKeydiversification,doc.
no.
3680xxhttps://www.
docstore.
nxp.
com/products[8]ISO/IEC29167-10,Informationtechnology—Automaticidentificationanddatacapturetechniques,Part10:CryptosuiteAES-128securityservicesforairinterfacecommunications,ISO/IEC29167-10:2015(E)NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051019/239Legalinformation9.
1DefinitionsDraft—Thedocumentisadraftversiononly.
Thecontentisstillunderinternalreviewandsubjecttoformalapproval,whichmayresultinmodificationsoradditions.
NXPSemiconductorsdoesnotgiveanyrepresentationsorwarrantiesastotheaccuracyorcompletenessofinformationincludedhereinandshallhavenoliabilityfortheconsequencesofuseofsuchinformation.
9.
2DisclaimersLimitedwarrantyandliability—Informationinthisdocumentisbelievedtobeaccurateandreliable.
However,NXPSemiconductorsdoesnotgiveanyrepresentationsorwarranties,expressedorimplied,astotheaccuracyorcompletenessofsuchinformationandshallhavenoliabilityfortheconsequencesofuseofsuchinformation.
NXPSemiconductorstakesnoresponsibilityforthecontentinthisdocumentifprovidedbyaninformationsourceoutsideofNXPSemiconductors.
InnoeventshallNXPSemiconductorsbeliableforanyindirect,incidental,punitive,specialorconsequentialdamages(including-withoutlimitation-lostprofits,lostsavings,businessinterruption,costsrelatedtotheremovalorreplacementofanyproductsorreworkcharges)whetherornotsuchdamagesarebasedontort(includingnegligence),warranty,breachofcontractoranyotherlegaltheory.
Notwithstandinganydamagesthatcustomermightincurforanyreasonwhatsoever,NXPSemiconductors'aggregateandcumulativeliabilitytowardscustomerfortheproductsdescribedhereinshallbelimitedinaccordancewiththeTermsandconditionsofcommercialsaleofNXPSemiconductors.
Righttomakechanges—NXPSemiconductorsreservestherighttomakechangestoinformationpublishedinthisdocument,includingwithoutlimitationspecificationsandproductdescriptions,atanytimeandwithoutnotice.
Thisdocumentsupersedesandreplacesallinformationsuppliedpriortothepublicationhereof.
Suitabilityforuse—NXPSemiconductorsproductsarenotdesigned,authorizedorwarrantedtobesuitableforuseinlifesupport,life-criticalorsafety-criticalsystemsorequipment,norinapplicationswherefailureormalfunctionofanNXPSemiconductorsproductcanreasonablybeexpectedtoresultinpersonalinjury,deathorseverepropertyorenvironmentaldamage.
NXPSemiconductorsanditssuppliersacceptnoliabilityforinclusionand/oruseofNXPSemiconductorsproductsinsuchequipmentorapplicationsandthereforesuchinclusionand/oruseisatthecustomer'sownrisk.
Applications—Applicationsthataredescribedhereinforanyoftheseproductsareforillustrativepurposesonly.
NXPSemiconductorsmakesnorepresentationorwarrantythatsuchapplicationswillbesuitableforthespecifiedusewithoutfurthertestingormodification.
CustomersareresponsibleforthedesignandoperationoftheirapplicationsandproductsusingNXPSemiconductorsproducts,andNXPSemiconductorsacceptsnoliabilityforanyassistancewithapplicationsorcustomerproductdesign.
Itiscustomer'ssoleresponsibilitytodeterminewhethertheNXPSemiconductorsproductissuitableandfitforthecustomer'sapplicationsandproductsplanned,aswellasfortheplannedapplicationanduseofcustomer'sthirdpartycustomer(s).
Customersshouldprovideappropriatedesignandoperatingsafeguardstominimizetherisksassociatedwiththeirapplicationsandproducts.
NXPSemiconductorsdoesnotacceptanyliabilityrelatedtoanydefault,damage,costsorproblemwhichisbasedonanyweaknessordefaultinthecustomer'sapplicationsorproducts,ortheapplicationorusebycustomer'sthirdpartycustomer(s).
Customerisresponsiblefordoingallnecessarytestingforthecustomer'sapplicationsandproductsusingNXPSemiconductorsproductsinordertoavoidadefaultoftheapplicationsandtheproductsoroftheapplicationorusebycustomer'sthirdpartycustomer(s).
NXPdoesnotacceptanyliabilityinthisrespect.
Exportcontrol—Thisdocumentaswellastheitem(s)describedhereinmaybesubjecttoexportcontrolregulations.
Exportmightrequireapriorauthorizationfromcompetentauthorities.
Non-automotivequalifiedproducts—UnlessthisdatasheetexpresslystatesthatthisspecificNXPSemiconductorsproductisautomotivequalified,theproductisnotsuitableforautomotiveuse.
Itisneitherqualifiednortestedinaccordancewithautomotivetestingorapplicationrequirements.
NXPSemiconductorsacceptsnoliabilityforinclusionand/oruseofnon-automotivequalifiedproductsinautomotiveequipmentorapplications.
Intheeventthatcustomerusestheproductfordesign-inanduseinautomotiveapplicationstoautomotivespecificationsandstandards,customer(a)shallusetheproductwithoutNXPSemiconductors'warrantyoftheproductforsuchautomotiveapplications,useandspecifications,and(b)whenevercustomerusestheproductforautomotiveapplicationsbeyondNXPSemiconductors'specificationssuchuseshallbesolelyatcustomer'sownrisk,and(c)customerfullyindemnifiesNXPSemiconductorsforanyliability,damagesorfailedproductclaimsresultingfromcustomerdesignanduseoftheproductforautomotiveapplicationsbeyondNXPSemiconductors'standardwarrantyandNXPSemiconductors'productspecifications.
Evaluationproducts—Thisproductisprovidedonan"asis"and"withallfaults"basisforevaluationpurposesonly.
NXPSemiconductors,itsaffiliatesandtheirsuppliersexpresslydisclaimallwarranties,whetherexpress,impliedorstatutory,includingbutnotlimitedtotheimpliedwarrantiesofnon-infringement,merchantabilityandfitnessforaparticularpurpose.
Theentireriskastothequality,orarisingoutoftheuseorperformance,ofthisproductremainswithcustomer.
InnoeventshallNXPSemiconductors,itsaffiliatesortheirsuppliersbeliabletocustomerforanyspecial,indirect,consequential,punitiveorincidentaldamages(includingwithoutlimitationdamagesforlossofbusiness,businessinterruption,lossofuse,lossofdataorinformation,andthelike)arisingouttheuseoforinabilitytousetheproduct,whetherornotbasedontort(includingnegligence),strictliability,breachofcontract,breachofwarrantyoranyothertheory,evenifadvisedofthepossibilityofsuchdamages.
Notwithstandinganydamagesthatcustomermightincurforanyreasonwhatsoever(includingwithoutlimitation,alldamagesreferencedaboveandalldirectorgeneraldamages),theentireliabilityofNXPSemiconductors,itsaffiliatesandtheirsuppliersandcustomer'sexclusiveremedyforalloftheforegoingshallbelimitedtoactualdamagesincurredbycustomerbasedonreasonablerelianceuptothegreateroftheamountactuallypaidbycustomerfortheproductorfivedollars(US$5.
00).
Theforegoinglimitations,exclusionsanddisclaimersshallapplytothemaximumextentpermittedbyapplicablelaw,evenifanyremedyfailsofitsessentialpurpose.
Translations—Anon-English(translated)versionofadocumentisforreferenceonly.
TheEnglishversionshallprevailincaseofanydiscrepancybetweenthetranslatedandEnglishversions.
Security—WhileNXPSemiconductorshasimplementedadvancedsecurityfeatures,allproductsmaybesubjecttounidentifiedvulnerabilities.
Customersareresponsibleforthedesignandoperationoftheirapplicationsandproductstoreducetheeffectofthesevulnerabilitiesoncustomer'sapplicationsandproducts,andNXPSemiconductorsacceptsnoliabilityforanyvulnerabilitythatisdiscovered.
Customersshouldimplementappropriatedesignandoperatingsafeguardstominimizetherisksassociatedwiththeirapplicationsandproducts.
9.
3LicensesPurchaseofNXPICswithNFCtechnologyPurchaseofanNXPSemiconductorsICthatcomplieswithoneoftheNearFieldCommunication(NFC)standardsISO/IEC18092andISO/IEC21481doesnotconveyanimpliedlicenseunderanypatentrightinfringedbyimplementationofanyofthosestandards.
PurchaseofNXPSemiconductorsICdoesnotincludealicensetoanyNXPpatent(orotherIPright)coveringcombinationsofthoseproductswithotherproducts,whetherhardwareorsoftware.
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051020/239.
4TrademarksNotice:Allreferencedbrands,productnames,servicenamesandtrademarksarethepropertyoftheirrespectiveowners.
I2C-bus—logoisatrademarkofNXPB.
V.
ICODEandI-CODE—aretrademarksofNXPB.
V.
NTAG—isatrademarkofNXPB.
V.
NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051021/23TablesTab.
1.
Abbreviations3Tab.
2.
NTAG5differentsecurityontypes5Tab.
3.
NTAG5Securityfeatures6Tab.
4.
NTAG5Differentmemoryareasprotectionpossibilities8Tab.
5.
Bitset17NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityAN12366Allinformationprovidedinthisdocumentissubjecttolegaldisclaimers.
NXPB.
V.
2020.
Allrightsreserved.
ApplicationnoteRev.
1.
0—9January2020COMPANYPUBLIC53051022/23FiguresFig.
1.
Conceptofmemoryareas7Fig.
2.
SingletagAuthenticationflow9Fig.
3.
TagauthenticationwithmultipleNTAG5expectedinthefield10Fig.
4.
SingleTagAuthenticationtimings11Fig.
5.
MultipleNTAG5s-TagAuthenticationtimings11Fig.
6.
Mutualauthenticationflow12NXPSemiconductorsAN12366NTAG5-MemoryconfigurationandscalablesecurityPleasebeawarethatimportantnoticesconcerningthisdocumentandtheproduct(s)describedherein,havebeenincludedinsection'Legalinformation'.
NXPB.
V.
2020.
Allrightsreserved.
Formoreinformation,pleasevisit:http://www.
nxp.
comForsalesofficeaddresses,pleasesendanemailto:salesaddresses@nxp.
comDateofrelease:9January2020Documentidentifier:AN12366Documentnumber:530510Contents1Abbreviations32Introduction42.
1Potentialapplications43Securityfeatures53.
1Authenticity53.
1.
1Passwordauthentication53.
1.
2AES-128authentication53.
2Lockingbytevalues53.
3Protectingaccesstofeatures63.
4Differentmemoryareasprotection63.
5Reprogrammableoriginalitysignature84NFC(RF)perspectivesecurity94.
1Plainpassword94.
2AESmode94.
2.
1TagAuthentication94.
2.
1.
1SingleNTAG5expectedinthefield94.
2.
1.
2MultipleTagsexpectedinthefield104.
2.
1.
3Timingmeasurements104.
2.
2MutualAuthentication115I2Cperspectivesecurity136PasswordsorKeysgeneration147Example:Securityprotectionforthefield.
.
.
.
.
.
157.
1Write/Store(derived)PWD157.
2SetProtectionPointerandPointerConditions167.
3DeviceSecurityconfiguration167.
4RESTRICTEDareaconfiguration167.
5Lockmemoryarea(read-onlystate)178References189Legalinformation19