NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Rev. 3.0 — 31 January 2019
Product data sheet
465430
COMPANY PUBLIC
1 General description
1.1 Introduction
NTAG 424 DNA (NT4H2421Gx) sets a new standard in secure NFC and IoT
applications, introducing a new NTAG DNA chip generation with state-of-the-art features
for security and privacy protection. It comes with AES-128 cryptographic operation
and a new Secure Unique NFC (SUN) Message feature to generate tap-unique data
authentication upon each read-out by an NFC enabled mobile device. This enables
most advanced product and content protection, plus secured exclusive user experiences
served in real time.
NTAG 424 DNA is fully compliant with the NFC Forum Type 4 Tag IC specification
(Certification ID: 58562), with the contactless proximity protocol according to ISO/
IEC14443-4 and the ISO/IEC 7816-4 based file system and command frames, to ensure
maximum interoperability within the NFC infrastructure. Its NFC performance supports
superior user interaction and reading distances of up to 10 cm.
Using AES-128 cryptography, the tag generates a Secure Unique NFC (SUN) message
for the authentication each time it is being tapped. An NFC mobile device reads this
tap-unique URL with the SUN authentication message, sends it to the host where tag
and message authentication take place, and returns the verification result. The SUN
authentication mechanism is guaranteed to work on Android (without a dedicated app)
and iOS11 (with an app). This way, NTAG 424 DNA offers tag authentication, as well as
data assurances on authenticity, integrity and even confidentiality, while also securing
physical tag presence, see also Section 9.3.
The chip has a file-based memory structure of totally 416 bytes (compliant to NFC
Forum Type 4 Tag and ISO/IEC 7816-4) with a Capability Container (CC) file to specify
the NFC Forum tag operation, an NDEF file as well as an extra data file to protect
sensitive content. Configurable access rights per file support different use cases of brand
product manufacturers and service providers to meet specific security and operational
requirements. With 5 customer defined AES keys, NTAG 424 DNA enables advanced
cryptographic functionalities – for the CMAC, optionally combined with encrypted data,
for SUN, mutual authentication (secure host or reader authentication) and for secure
access to the NDEF file and the extra data file.
NTAG 424 DNA contains configurable features like optionally encrypting part of the
NDEF file, and the fully encrypted communication mode to address privacy sensitive
applications. The optional Random ID together with the encrypted chip UID/data that
can be mirrored in the NDEF file, enables compliance with latest user data protection
regulations.
Besides the standard AES-128 implementation, NTAG 424 DNA can also offer an
alternative AES-based protocol for authentication and secure messaging using a