Previously, we’ve talked about the the password protection feature found on NXP’s NTAG21X family of NFC cards. While our Tappy NFC readers have supported this feature for years, previously it was only available as part of a custom solution; however, there is a new public command family exposing this functionality that is now supported on Tappies with firmware version 0.76 or newer, which corresponds to ship dates of September 2018 or later for Tappies ordered directly from TapTrack (other distributors may have slightly older stock). In this post, we’re going to explore the key features and capabilities of this new command family; for additional details, we recommend that interested parties either consult the Tappy Command Reference or contact us.

Supported Operations

As of version 1.0 of the command family, the password protected command family supports four operations – write text NDEF, write URL NDEF, write custom NDEF, and read NDEF. When using these commands, you can specify if you would like authentication to be required in order to read the NDEF message or if it should only be required in order to rewrite the tag.

Password/Password Acknowledgement (PACK) Specification

The Tappy supports two different methods of specifying the password and PACK to be used for a password-protected operations – either a binary password/PACK pair can be directly specified or you can supply a human-readable password. If a human readable password is supplied, the Tappy generates a password/PACK pair from it using a pseudorandom cryptographic key derivation function.

Utility Support

If you wish to write NTAGs with password protection, the batch encoding feature of our Windows-based Tappy utility supports configuring tags to require authentication in order to be rewritten using a human-readable password that you provide.

SDK Support

Currently, only the .NET C# SDK has been updated to include the NTAG21x password protection command family (v0.7.0, June 2018). Our AndroidiOS, and JavaScript SDKs will be updated soon to add support for the NTAG21x password protected tag reading/writing command family, but if you would like to use this command family with one of the SDKs that does not support it yet, please contact us and let us know.