As of mid 2021, the market of NFC tags is dominated with the solutions that are either using symmetric cryptography (AES) or are missing cryptographic features at all. It is possible to cover lots of possible applications with these products. However, in some cases it is necessary to actually use RSA/ECC in order to provide best security and user experience.
One of the most important features of an RSA/ECC tag would be the possibility to perform tag authentication using challenge-response protocol. The below diagram explains how such procedure could work.
Such verification scheme using RSA/ECC has a lot of advantages over authentication with a symmetric ciphers (e.g. AES). The most important is that with RSA/ECC, the verifier side doesn’t need to hold any secret keys. Contrary, with AES it would be required to have the same authentication key both on the NFC tag and on the reader.
Although currently there are no NFC tags on the market that would support asymmetric authentication out-of-the-box, it is possible to build such solution using JavaCard technology. Cards like J2A080, J3H145, ACS ACOSJ 40K or similar may be used to create a RSA/ECC NFC tag. All of the mentioned cards are compatible with Android, iOS and conventional NFC readers.