Depending on the target application, there are few totally different approaches for designing NFC tags. Naturally, the higher are the feature requirements for the NFC tag platform, the higher would be the price for a single tag.

As of mid 2021, the market of NFC tags is dominated with the solutions that are either using symmetric cryptography (AES) or are missing cryptographic features at all. It is possible to cover lots of possible applications with these products. However, in some cases it is necessary to actually use RSA/ECC in order to provide best security and user experience.

NTAG® 424 DNA is a new NXP product which features Secure Unique NFC Message. From the user perspective, this is an ordinary NFC Forum Type 4 Tag that could point to some web address after it’s scanned. What is unique about this particular product is that it is able to return a different message (i.e. URL address with variable parameters) each time it gets scanned. A message may feature a read counter, which is automatically incremented after each interaction with the tag. It is also cryptographically signed, so it is protected against tag cloning and it is possible to validate if the user really interacted with the tag.

When studying MIFARE® DESFire® EV1 communication, one may notice that these cards offer both secure AES authentication and the Secure Messaging feature. This means that some operations (sometimes) could be performed securely even when there are some untrusted proxies/sniffers between the communication sides (namely the card and the readers).

In this article, we will present how to estabilish communication between Android HCE (Host-based Card Emulation) and a legacy microprocessor system. In our case it was a chinese CV520 NFC Transceiver which was feature-compatible with MFRC522 chips (or RC522 family).