NTAG213F/216F
NXP Semiconductors
NFC Forum T2T IC with 144/888 bytes user memory and field detection
8.9 Password verification protection
The memory write or read/write access to a configurable part of the memory can be
constrained to a positive password verification. The 32-bit secret password (PWD) and
the 16-bit password acknowledge (PACK) response shall be typically programmed into
the configuration pages at the tag personalization stage.
The AUTHLIM parameter specified in Section 8.5.7 can be used to limit the negative
verification attempts.
In the initial state of NTAG21xF, password protection is disabled by a AUTH0 value of
FFh. PWD and PACK are freely writable in this state. Access to the configuration pages
and any part of the user memory can be restricted by setting AUTH0 to a page address
within the available memory space. This page address is the first one protected.
Remark: The password protection method provided in NTAG21xF has to be intended as
an easy and convenient way to prevent unauthorized memory accesses. If a higher level
of protection is required, cryptographic methods can be implemented at application layer
to increase overall system security.
8.9.1 Programming of PWD and PACK
The 32-bit PWD and the 16-bit PACK need to be programmed into the configuration
pages, see Section 8.5.7. The password as well as the password acknowledge are written
LSByte first. This byte order is the same as the byte order used during the PWD_AUTH
command and its response.
The PWD and PACK bytes can never be read out of the memory. Instead of transmitting
the real value on any valid READ or FAST_READ command, only 00h bytes are replied.
If the password verification does not protect the configuration pages, PWD and PACK can
be written with normal WRITE and COMPATIBILITY_WRITE commands.
If the configuration pages are protected by the password configuration, PWD and PACK
can be written after a successful PWD_AUTH command.
The PWD and PACK are writable even if the CFGLCK bit is set to 1b. Therefore it is
strongly recommended to set AUTH0 to the page where the PWD is located after the
password has been written. This page is 2Bh for NTAG213F and E5h for NTAG216F.
Remark: To improve the overall system security, it is advisable to diversify the password
and the password acknowledge using a die individual parameter of the IC, which is the
7-byte UID available on NTAG21xF.
NTAG213F_216F
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2013. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.1 — 28 August 2013
262231
30 of 56
NXP [ NXP ]
