Previously, we’ve talked about the the password protection feature found on NXP’s NTAG21X family of NFC cards. While our Tappy NFC readers have supported this feature for years, previously it was only available as part of a custom solution; however, there is a new public command family exposing this functionality that is now supported on Tappies with firmware version 0.76 or newer, which corresponds to ship dates of September 2018 or later for Tappies ordered directly from TapTrack (other distributors may have slightly older stock). In this post, we’re going to explore the key features and capabilities of this new command family; for additional details, we recommend that interested parties either consult the Tappy Command Reference or contact us.
As of version 1.0 of the command family, the password protected command family supports four operations - write text NDEF, write URL NDEF, write custom NDEF, and read NDEF. When using these commands, you can specify if you would like authentication to be required in order to read the NDEF message or if it should only be required in order to rewrite the tag.
Password/Password Acknowledgement (PACK) Specification
The Tappy supports two different methods of specifying the password and PACK to be used for a password-protected operations - either a binary password/PACK pair can be directly specified or you can supply a human-readable password. If a human readable password is supplied, the Tappy generates a password/PACK pair from it using a pseudorandom cryptographic key derivation function.
If you wish to write NTAGs with password protection, the batch encoding feature of our Windows-based Tappy utility supports configuring tags to require authentication in order to be rewritten using a human-readable password that you provide.