NT4H2421GX [NXP]
NTAG 424 DNA â Secure NFC T4T compliant IC;型号: | NT4H2421GX |
厂家: | NXP |
描述: | NTAG 424 DNA â Secure NFC T4T compliant IC |
文件: | 总97页 (文件大小:946K) |
中文: | 中文翻译 | 下载: | 下载PDF数据表文档文件 |
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Rev. 3.0 — 31 January 2019
Product data sheet
465430
COMPANY PUBLIC
1 General description
1.1 Introduction
NTAG 424 DNA (NT4H2421Gx) sets a new standard in secure NFC and IoT
applications, introducing a new NTAG DNA chip generation with state-of-the-art features
for security and privacy protection. It comes with AES-128 cryptographic operation
and a new Secure Unique NFC (SUN) Message feature to generate tap-unique data
authentication upon each read-out by an NFC enabled mobile device. This enables
most advanced product and content protection, plus secured exclusive user experiences
served in real time.
NTAG 424 DNA is fully compliant with the NFC Forum Type 4 Tag IC specification
(Certification ID: 58562), with the contactless proximity protocol according to ISO/
IEC14443-4 and the ISO/IEC 7816-4 based file system and command frames, to ensure
maximum interoperability within the NFC infrastructure. Its NFC performance supports
superior user interaction and reading distances of up to 10 cm.
Using AES-128 cryptography, the tag generates a Secure Unique NFC (SUN) message
for the authentication each time it is being tapped. An NFC mobile device reads this
tap-unique URL with the SUN authentication message, sends it to the host where tag
and message authentication take place, and returns the verification result. The SUN
authentication mechanism is guaranteed to work on Android (without a dedicated app)
and iOS11 (with an app). This way, NTAG 424 DNA offers tag authentication, as well as
data assurances on authenticity, integrity and even confidentiality, while also securing
physical tag presence, see also Section 9.3.
The chip has a file-based memory structure of totally 416 bytes (compliant to NFC
Forum Type 4 Tag and ISO/IEC 7816-4) with a Capability Container (CC) file to specify
the NFC Forum tag operation, an NDEF file as well as an extra data file to protect
sensitive content. Configurable access rights per file support different use cases of brand
product manufacturers and service providers to meet specific security and operational
requirements. With 5 customer defined AES keys, NTAG 424 DNA enables advanced
cryptographic functionalities – for the CMAC, optionally combined with encrypted data,
for SUN, mutual authentication (secure host or reader authentication) and for secure
access to the NDEF file and the extra data file.
NTAG 424 DNA contains configurable features like optionally encrypting part of the
NDEF file, and the fully encrypted communication mode to address privacy sensitive
applications. The optional Random ID together with the encrypted chip UID/data that
can be mirrored in the NDEF file, enables compliance with latest user data protection
regulations.
Besides the standard AES-128 implementation, NTAG 424 DNA can also offer an
alternative AES-based protocol for authentication and secure messaging using a
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Leakage Resilient Primitive, or LRP – a wrapper around the AES cryptography to
enhance side-channel attack resistance.
Thanks to its high input capacitance of 50 pF, NTAG 424 DNA tag IC is well suited for
smart product applications requiring smaller footprint antennas, without compromise
on performance. Smaller NFC tags can more easily be embedded in product labels,
modules, caps and closures, and other packaging formats.
2 Features and benefits
2.1 RF Interface & Communication Protocol
• Fully compliant to the NFC Forum Tag 4 Type technical specification [15]
• Fully compliant to NDEF data structure configurations [16]
• Contactless interface compliant to ISO/IEC 14443A-2/ -3/ -4, see [1] , [2], [3]
• Support of ISO/IEC 7816-4 communication frames for highest interoperability with
mobile and wearables
• Low power consumption (Hmin) enabling operating distances of up to 10 cm
• Support of fast data rates: 106 kbit/s, 212 kbit/s, 424 kbit/s, and 848 kbit/s
• Support of double size (7-byte) Unique Identifiers (UID) and optionally Random ID
(RID) according to ISO 14443-3 [2]
• Communication frame size to support up to 128 bytes
• Support of ISO 7816-4 wrapped commands
2.2 Memory Organization
• 416 bytes user memory
• Data retention of 50 years and write endurance of minimum 200.000 cycles
• File system compliant to ISO/IEC 7816-4 with one predefined Directory File (DF) and a
set of Elementary Files (EF)
– Three standard data files, one with 32 byte for the capability file, one with 256 bytes
for NDEF storage and one with 128 bytes for protected data
• File system compliant with ISO 7816
2.3 Security and Privacy
• Common Criteria certification: EAL4 for both Hardware and Software
• Secure Unique NFC (SUN) message featuring integrity protection, authenticity and
confidentiality
• The SUN feature is enabled by the Secure Dynamic Messaging (SDM) which is
mirrored as text (ASCII encoded) into the NDEF message
• Incremental NFC Counter, which counts each tap
• Secure messaging compliant to standard AES according to NIST Special Publication
800-38A and 800-38B [5] [6]
– Optional enhanced side channel attack protection using LRP wrapped AES operation
according to [10]
• Five customer defined AES 128-bit keys including key versions
• Optional Random ID for enhanced privacy
• 3-pass mutual authentication
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
2 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• Flexible access control configurable per file (EF)
– Individual key configuration for Read (R) / Write (W) / ReadWrite (RW) / Configuration
• Configurable secure messaging communication mode
– Plain communication
– CMAC protected for message integrity protection
– Full Enciphered plus CMAC for full encryption of complete data transferred through
contactless interface
• ECC-based NXP originality signature
• AES-based originality keys leveraging the LRP wrapped AES authentication
2.4 Specific Features
• Frame-level oriented automatic anti-tearing mechanism
• High input capacitance (50 pF) for small form factor design
3 Applications
NTAG 424 DNA offers multi-layered security to enable a broad range of trusted
applications that protect products, services and user experiences.
• Advanced anti-counterfeiting
Verify authenticity of physical goods and identify sales outside authorized markets
• Secured exclusive user experiences
Reward customers with truly exclusive and personalized content, offers and privileges
• Secured sensitive data applications
Protect sensitive product and user data, or trigger an action upon a verified incidence,
e.g., payment
• Protected monetary offers
Confer trust to proximity transactions such as coupons, promotions or loyalty points
• Document authentication
Authenticate originality and track provenance of documents that bear credentials
• Secure authentication and configuration of closed loop devices
Authenticate consumables and parts, and enable automated transfer of device settings
• Verified physical visitor presence
Enable secure visitor authentication, with proof of live presence and service records
• Secure log-in credentials
Protect web services using two-factor authentication logons to sensitive content sites
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
3 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
4 Ordering information
Table 1.ꢀOrdering information
Type number
Package Description
Version
NT4H2421G0DUD/02 FFC
8 inch wafer (sawn; 120 μm thickness; Au Bumps) [1] [2]
-
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
NT4H2421G0DUF/02 FFC
NT4H2421G0DA8/02 MOA8
NT4H2421GSDUD/02 FFC
8 inch wafer (sawn; 75 μm thickness; Au Bumps) [1] [2]
-
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
Plastic leadless module carrier package [3]
SOT500-4
-
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
Service version with preprogrammed NDEF message and keys
8 inch wafer (sawn; 75 μm thickness; Au Bumps) [1] [2]
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
NT4H2421GSDUF/02 FFC
NT4H2421GSDA8/02 MOA8
NT4H2421GCDUD/02 FFC
NT4H2421GCDUF/02 FFC
NT4H2421GCDA8/02 MOA8
Service version with preprogrammed NDEF message and keys
8 inch wafer (sawn; 75 μm thickness; Au Bumps) [1] [2]
-
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
Service version with preprogrammed NDEF message and keys
Plastic leadless module carrier package [3]
SOT500-4
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
Customer configurable version
-
8 inch wafer (sawn; 75 μm thickness; Au Bumps) [1] [2]
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
Customer configurable version
-
8 inch wafer (sawn; 75 μm thickness; Au Bumps) [1] [2]
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
Customer configurable version
SOT500-4
Plastic leadless module carrier package [3]
256 Byte NDEF Message, 128 Byte User Memory, Ci = 50 pF
[1] Delivered on film frame carrier with electronic fail die marking according to SECSII format.
[2] See [12]
[3] see for MOA8 Figure 31
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
4 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
5 Quick reference data
Table 2.ꢀQuick reference data
Symbol
Parameter
Conditions
Min
Typ
Max
Unit
[1]
Ci
input
45.0
50
55.0
pF
capacitance
fi
input frequency
-
13.56
-
MHz
EEPROM characteristics
tret
retention time
Tamb = 22 °C
Tamb = 22 °C
50
-
-
-
-
year
Nendu(W)
write
200.000
cycle
endurance[2]
tcy(W)
write cycle time
Tamb = 22 °C
-
1
-
ms
[1] Tamb = 22 °C; fi = 13.56 MHz; 2 V RMS
[2] Write endurance of a single EEPROM cell
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
5 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
6 Block diagram
ANALOG
DIGITAL
CLOCK
SUPPLY
RECTIFIER
CO-PROCESSORS
CLK RECOVERY
AES-128
RESET
CONFIG
LA
PLL
LIMITER
CRC
RNG
CLOCK
GENERATOR
INTERRUPT
CONTROLLER
POWER
REGULATOR
COMMUNICATION
DEMODULATOR
SFR bus
BAND-GAP
COMMUNICATION
CPU/MMU
LB
MODULATOR
CURRENT
BANK
ISO/IEC14443A
CIU
CPU
MMU
RESONANCE
CAPACITOR
SENSORS
ANALOG
MULTIPLEXER
POR
MEMORY
VOLTAGE
SENSORS
TRNG
ESD
ROM
EEPROM
RAM
SECURITY
SENSORS
aaa-032186
Figure 1.ꢀNTAG 424 DNA IC blocks
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
6 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
7 Pinning information
7.1 Pinning
The pinning for the NT4H2421Gx is shown in Figure 2 for a contactless MOA8 module.
LA
top view
LB
aaa-006273
Figure 2.ꢀPin configuration for SOT500-4 (MOA8)
Table 3.ꢀPin allocation table
Pin
LA
LB
Symbol
LA
antenna coil connection LA
antenna coil connection LB
LB
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
7 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
8 Functional description
8.1 Interface initialization and protocol
NT4H2421Gx is fully compliant to ISO/IEC 14443-2 [1] radio frequency power and signal
interface, the initialization and anti-collision is according to ISO/IEC 14443-3 [2] and it
uses transmission protocol as specified in ISO/IEC 14443-4 [3] of PICC Type A.
8.1.1 ISO/IEC 14443 parameter values
This section describes the values for ISO/IEC 14443 activation and selection. Usage of
Random ID can be changed using the SetConfiguration command.
Note, that any change in the ISO/IEC 14443 parameter values through SetConfiguration
requires a power cycle to make those changes effective.
ATQA
ATQA value is 0344h, which denotes double size (7-byte) UID. However, NT4H2421Gx
offers configuration of Random ID which is single size (4-byte). If the Random ID feature
is enabled, then the ATQA is changed to 0304h. According to ISO/IEC 14443-3, the
ATQA bytes are transmitted as LSB first.
SAK
For double size UID, the value of SAK1 in cascade level 1 is 04h, indicating that the UID
is not complete. SAK2 in cascade level 2 is 20h, indicating UID complete and supporting
ISO/IEC 14443-4. For single size UID which is used in the Random ID case, the value of
SAK is 20h, indicating UID complete and supporting ISO/IEC 14443-4.
UID
The ISO/IEC 14443-3 compliant UID is programmed and locked during production. The
first byte of the double size UID is fixed to 04h, indicating NXP as manufacturer.
ATS
The value of the ATS of NT4H2421Gx is as follows:
Table 4.ꢀATS value
ATS
Value
Comment
Parameter
TL
06h
77h
77h
Length of ATS
T0
TA(1), TB(1), TC(1) present in ATS and frame size is 128 bytes
TA(1)
Different communication speed can be set in each direction
supports communication speeds 212, 424, 848 kbps in both directions
TB(1)
TC(1)
T1
71h
02h
80h
Max frame waiting time is 38.66 ms, start frame guard time is 604 µs
CID supported
Historical byte
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
8 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
8.1.2 Setting of higher communication speed
After receiving an ATS, a PPS request can be sent to the NT4H2421Gx to set up a
higher communication speed up to 848 kbit/s according to ISO/IEC 14443-4 [3].
8.1.3 Half-duplex block transmission protocol
NT4H2421Gx uses half-duplex block transmission protocol as specified in ISO/IEC
14443-4. It is fully compliant to block format, frame waiting time, frame waiting time
extension, protocol operation, and all rules or handling as in [3].
8.2 User memory
The file system in the user memory is according to ISO/IEC 7816-4 and shown in
Figure 3. In the DF (application), there are 3 EFs (files) and 5 keys.
PICC/MF Level
ISO MF Name = D2760000850100h
ISO File ID = 3F00h
NXP
Originality
Keys
Application/DF Level
ISO DF Name = D2760000850101h
ISO File ID = E110h
5 Application
Keys
File No. 01h
Standard Data File
CC File
File No. 02h
Standard Data File
NDEF File
File No. 03h
Standard Data File
Proprietary File
32 bytes
256 bytes
128 bytes
Def. Comm Mode: Plain
Def. Comm Mode: Plain
Def. Comm Mode: Full
aaa-032541
Figure 3.ꢀNTAG 424 DNA application
8.2.1 Application and file selection
The MF (PICC Level), the DF (application) and the EFs (files) can be selected using the
ISOSelectFile command specified in ISO/IEC 7816-4 [4] and described in Section 10.9.1.
The PICC level refers to the card itself and has the ISO DF Name D2760000850100h
and the File ID 3F00h. The only functionality available on PICC level is an LRP mode
authentication using an OriginalityKey and the retrieval of the originality signature using
the Read_Sig command, see Section 10.10.1.
8.2.2 Application Name and ID
NT4H2421Gx is pre-configured with one application. The DF name and File ID are as
follows:
• DF Name: D2760000850101h
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
9 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• File Identifier: E110h
8.2.3 Files
NT4H2421Gx stores user data into EF (files) of specific types. All files are statically
created and cannot be deleted. The ChangeFileSettings command can be used to
change the access rights configuration.
File access rights can be restricted with the keys of the application.
Table 5.ꢀFile management
EF (File) Type
File type File no. File ID File size
coding
Example uses
StandardData file
00h
01h
02h
E103h
E104h
32 bytes
CC file
256 bytes NDEF message, SDM and
mirroring supported
03h
E105h
128 bytes Proprietary file, storage of raw
data
8.2.3.1 StandardData file
A StandardData file stores the data as raw data bytes. Data is accessed by chunk of byte
at a certain offset in the StandardData file and with a certain byte length.
A StandardData file can be read with the ReadData and ISOReadBinary commands.
The data can be written with the WriteData and ISOUpdateBinary commands.
ISOReadBinary and ISOUpdateBinary are standard ISO/IEC 7816-4 interindustry
commands, see [4].
A StandardData file is not covered by the transaction mechanism and therefore does
not implement a transaction-based backup mechanism. Thus data are available to read
as soon as they are written in the file. The writing operations of single frames up to 128
bytes with a WriteData or ISOUpdateBinary command are also tearing protected.
NT4H2421Gx is configured to hold the NDEF message in StandardData file No 02h, see
Section 8.2.3. Enabling SDM is only possible for this file. At delivery, SDM is disabled.
8.2.3.2 Capability Container File
The Capability Container (CC) file is a StandardData file with respect to access rights
management and data management. This file will hold the CC-file according to [15]. At
delivery it will hold following content:
• CCLEN = 0017h, i.e. 23 bytes
• T4T_VNo = 20h, i.e. Mapping Version 2.0
• MLe = 0100h, i.e. 256 bytes
• MLc = 00FFh, i.e. 255 bytes
• NDEF-File_Ctrl_TLV
– T = 04h, indicates the NDEF-File_Ctrl_TLV
– L = 06h, i.e. 6 bytes
– NDEF-File File Identifier = E104h
– NDEF-File File Size = 0100h, i.e. 256 bytes
– NDEF-File READ Access Condition = 00h, i.e. READ access granted without any
security
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
10 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
– NDEF-File WRITE Access Condition = 00h, i.e. WRITE access granted without any
security
• Proprietary-File_Ctrl_TLV
– T = 05h, indicates the Proprietary-File_Ctrl_TLV
– L = 06h, i.e. 6 bytes
– Proprietary-File File Identifier = E105h
– Proprietary-File File Size = 0080h, i.e. 128 bytes
– Proprietary-File READ Access Condition = 82h, i.e. Limited READ access, granted
based on proprietary methods, after authentication with key 2h.
– Proprietary-File WRITE Access Condition = 83h, i.e. Limited READWRITE access,
granted based on proprietary methods, after authentication with key 3h.
8.2.3.3 File access rights management
File data is accessed with 3 different access rights Read, Write and ReadWrite.
In addition, an access right called Change is specified per file permitting
ChangeFileSettings to change the file access rights.
An access right is granted if at least one condition associated to it is satisfied. Such
conditions are called access conditions. Access conditions are associated with an access
right and evaluated to decide whether the access right is granted or not. There are three
kinds of access conditions:
• The access condition where a valid authentication with a given AppKey of the targeted
application is needed to access related commands listed in Table 9. The access
condition is satisfied if the current valid authentication has been performed with the
given AppKey and not satisfied in all other cases. The AppKey is specified with its
number.
• The free access condition meaning the related commands listed in Table 9 can be
accessed without an active authentication.
• The no access condition meaning no access to related commands listed in Table 9.
The access conditions are specified on 4 bits as defined in the following table.
Table 6.ꢀ Access condition
Condition value
Description
0h..4h
Eh
key number of a AppKey
free access
Fh
no access or RFU
The set of access conditions is coded on 2 bytes as shown in the following table. RFU
access conditions are expected to be set to Fh (for future extensibility).
Table 7.ꢀ Set of Access condition
Bit index
15..12
11..8
Description
Read
Value
access condition as in Table 6
access condition as in Table 6
access condition as in Table 6
access condition as in Table 6
Write
7..4
ReadWrite
Change
3..0
The default access conditions for the files in NT4H2421Gx is shown below in .
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
11 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 8.ꢀDefault file access rights
File No.
File Type
Read
Eh
Write
0h
Eh[1]
ReadWrite Change
01h
02h
03h
StandardData File
StandardData File
StandardData File
0h
0h
0h
0h
Eh
Eh[1]
2h
3h
3h
[1] Write and ReadWrite access rights for the NDEF File (File No. 02h) should be changed after personalization in order to
prevent unauthorized changes in the NDEF File.
The mapping of access rights to applicable commands is shown in Table 9.
Table 9.ꢀ Command list associated with access rights
Access Right
Command
Read
ReadData
ISOReadBinary
Write
WriteData
ISOUpdateBinary
ReadWrite
ReadData
ISOReadBinary
WriteData
ISOUpdateBinary
Change
ChangeFileSettings
-
SDMMetaRead
SDMFileRead
ReadData
ISOReadBinary
SDMCtrRet
GetFileCounters
A command listed in Table 9 is accepted if at least one access condition associated with
an access right granting access to it is satisfied. If authenticated and the only access
conditions satisfied are the free access Eh ones, then the CommMode.Plain is to be
applied.
If not authenticated, Secure Dynamic Messaging will be applied if access is granted
via SDMFileRead, even if there is free access via one of the other access rights.
SDMFileRead is not affecting the regular secure messaging, i.e. if authenticated.
8.2.3.4 SDM related access rights
A StandardData file can be associated with the following Secure Dynamic Messaging
access rights: SDMMetaRead, SDMFileRead and SDMCtrRet. SDMCtrRet is
interpreted as the access rights defined according to Table 6 and grants access to the
GetFileCounters command. The others have a different interpretation.
The SDMMetaRead access does not define access to certain commands, but it defines
the mirroring of PICCData, i.e. whether the PICCData will be mirrored in plain, encrypted
or not at all, see also Section 9.3.3. This is interpreted according to Table 10.
Note that it is still possible to enable plain PICCData mirroring of the UID even if Random
ID is enabled. For privacy protection, it is strongly recommended to use only encrypted
PICCData mirroring for the UID if Random ID is enabled.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
12 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 10.ꢀSDMMetaRead values
Condition value
Description
0h..4h
SDMMetaReadKey: key number of an AppKey used to encrypt the
PICCData before mirroring
Eh
Fh
Plain PICCData mirroring
No PICCData mirroring
The SDMFileRead access right, if related with an AppKey, grants free access to
ReadData and ISOReadBinary. The targeted AppKey is used for the Secure Dynamic
Messaging, see also Section 9.3. SDMFileRead is interpreted according to Table 10.
Table 11.ꢀSDMFileRead values
Condition value
Description
0h..4h
SDMFileReadKey: free access, key number of an AppKey that is to
be applied for the Secure Dynamic Messaging
Eh
Fh
RFU
No Secure Dynamic Messaging for Reading
Note that SDMFileRead is not influenced by Read or ReadWrite access rights on the
NDEF file. If SDMFileRead is granted, the Secure Dynamic Messaging will always be
applied in not authenticated state. If SDMFileRead access right is set to Fh, it is still
possible to freely read the file if Read or ReadWrite access right are set to Eh. In this
case, plain mirroring of the PICCData, see Section 9.3.3, is still applied if the card is
configured for that.
8.2.3.5 Communication modes
NT4H2421Gx supports three communication modes as defined in Table 12. As shown
in the table, the different communication modes can be represented by two bits. This
representation is used at several places in the document.
Table 12.ꢀ Supported communication modes
Communication
mode
Bit Representation
Explanation
CommMode.Plain
X0b
No protection: message is transmitted in plain
text
CommMode.MAC
CommMode.Full
01b
11b
MAC protection for integrity and authenticity
Full protection for integrity, authenticity
and confidentiality, also referred to as "Full
Protection" mode
The communication mode defines the level of security for the communication between
PCD and PICC after mutual authentication. At application level, the communication
mode is defined by the command itself, as specified in Table 22. The specified
communication mode is applied if there is an active authentication regardless of whether
this authentication is required by the command or not.
At file level, the communication mode is defined by the file. The specified communication
mode is applied if there is an active authentication. Note, if the only valid access
condition for a certain access right is free access (Eh) under an active authentication,
CommMode.Plain has to be applied, see also Section 8.2.3.3.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
13 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
The commands for authentication have their own secure messaging rules, as indicated
by N/A (not applicable) in Section 10.2. The ChangeKey command is always executed in
Full Protection mode.
If there is no active authentication, the command and response are sent in plain (or the
command is rejected in the case an authentication is required).
The default communication mode per file is shown in below.
Table 13.ꢀDefault communication modes per file
EF (File) Type
File no.
01h
Default communication mode
CommMode.Plain
StandardData file
02h
CommMode.Plain
03h
CommMode.Full
8.2.4 Keys
Application keys and PICC keys and their usage are defined in Table 14 and Table 15
respectively. They are used to manage the security of the application.
Table 14.ꢀKeys at application level
Key Identifier
Key number
Change Key
Can be used for
Authentication
Addressable keys:
AppMasterKey
AppKey
00h
AppMasterKey
AppMasterKey
AppMasterKey
AppMasterKey
yes
yes
yes
yes
00h..04h
00h..04h
00h..04h
SDMMetaReadKey
SDMFileReadKey
8.2.4.1 AppMasterKey
The AppMasterKey always has the key number 00h. A successful authentication with the
AppMasterKey is required to change any application key including the AppMasterKey
itself with the ChangeKey command.
8.2.4.2 AppKey
The application of the NT4H2421Gx includes 5 AES 128-bit keys with key numbers 0, 1,
2, 3, 4. Furthermore, key number "E" (means free) and key number "F" (means never)
can be assigned for access rights management.
The transport value of these 5 keys is 16 bytes of 00h, and can be changed by
authentication with key number 0 in transport configuration.
Remark: It is highly recommended to change all 5 keys at personalization, even if not all
keys are used in the application.
8.2.4.3 SDMMetaReadKey
The SDMMetaReadKey is one of the 5 AppKey. Which key is used is configured via
Section 10.7.1 by adjusting the SDMMetaRead access rights, see Section 8.2.3.4.
SDMMetaReadKey is used to encrypt PICCData before mirroring.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
14 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
As the SDMMetaReadKey refers to an AppKey, it is changeable with ChangeKey with an
active authentication with the AppMasterKey.
As the SDMMetaReadKey refers to an AppKey, it is available for authentication.
8.2.4.4 SDMFileReadKey
The SDMFileReadKey is one of the 5 AppKey. Which key is used is configured via
Section 10.7.1 by adjusting the SDMFileRead access rights, see Section 8.2.3.4.
SDMFileReadKey is used for Secure Dynamic Messaging.
As the SDMFileReadKey refers to an AppKey, it is changeable with ChangeKey with an
active authentication with the AppMasterKey.
As the SDMFileReadKey refers to an AppKey, it is available for authentication.
8.2.4.5 OriginalityKey
The authentication procedure for AES keys can be used to authenticate to one of the
four OriginalityKey and check whether the PICC is a genuine NXP product. NT4H2421Gx
supports targeting the OriginalityKey with the LRP authentication using AES. For details
on the authentication command, see Section 9.2. The following variants can be used:
• AuthenticateLRPFirst, see Section 9.2.5
• AuthenticateLRPNonFirst, see Section 9.2.6
Table 15.ꢀKeys at PICC level
Key Identifier
Key number
Can be used for
Authentication
Addressable keys:
OriginalityKey1
OriginalityKey2
OriginalityKey3
OriginalityKey4
01h
02h
03h
04h
yes
yes
yes
yes
8.2.4.6 Key version
A 1-byte key version (00h to FFh) is assigned to each key. This key version can be used
to distinguish the keys of a specific application if the same application uses different keys
or key versions.
The key version is set with the ChangeKey command and can be retrieved using the
GetVersion command.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
15 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
8.3 Native Command Format
NT4H2421Gx always communicates in ISO/IEC 7816-4 wrapped mode as described
in Section 8.4. Nevertheless it is important to understand the basic format of native
commands which consist of the following parts.
A command as sent by the PCD consists of the concatenation of:
• the command code (Cmd)
• zero, one or more header fields (CmdHeader)
• zero, one or more data fields (CmdData)
The response as sent by the PICC consists of the concatenation of:
• the return code (RC)
• zero, one or more data fields (RespData)
NT4H2421Gx supports the APDU message structure according to ISO/IEC 7816-4 [4]
for:
• wrapping of the native command format into a proprietary ISO/IEC 7816-4 APDU
• a subset of the standard ISO/IEC 7816-4 commands (ISOSelectFile, ISOReadBinary,
ISOUpdateBinary)
Remark: Communication via native ISO/IEC7816-4 commands without wrapping is not
supported.
On the native command interface, plain command parameters consisting of multiple
bytes are represented least significant byte (LSB) first, similar as for ISO/IEC 14443
parameters during the activation, see [2]. For cryptographical parameters and keys
(including the random numbers exchanged during authentication, the TI and the
computed MACs), this does not hold. For these, the representation on the interface maps
one-to-one to the most significant byte (MSB) first notation used in this specification.
Note that within this document, the ’Xh’ prefix indicates hexadecimal integer notation, i.e.
not reflecting the byte order representation on the command interface at all.
8.4 ISO/IEC7816-4 Communication frame
NT4H2421Gx uses ISO/IEC 7816-4 [4] type APDUs for command-response pair for both,
wrapping of native commands as outlined in Section 8.3 and standard ISO/IEC 7816-4
commands.
Note that for all parameters of standard ISO/IEC 7816-4 commands, the representation
on the interface is most significant byte (MSB) first notation. As data like the 2-byte ISO/
IEC 7816-4 file identifiers, are in different order for the wrapped native commands, this
needs to be taken into account.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
16 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
PCD
PICC
Native
Cmd
CmdHeader
CmdData
RC
RespData
ISO7816 Data Field
CmdHeader
CLA INS P1
0x90 Cmd 0x00 0x00
P2
Lc
Le
0x00
CmdData
status
RespData
SW1 SW2
ISO7816 Wrapped
aaa-032563
Figure 4.ꢀISO/IEC 7816-4 command response pair
Table 16.ꢀISO/IEC 7816-4 command fields
Field
Description
Length
Command header Class byte (CLA)
Instruction (INS)
1
1
2
1
Parameters (P1,P2)
Lc field
Length of command data field (Lc), absent if no data field is
present
Command data
field
Absent if no data is sent in the command
Lc
1
Le field
Expected response length. If Le is 00h, then all available
data is sent back for ISO/IEC 7816-4 standard commands.
For wrapped commands, Le must always be set to 00h.
Note that the maximum number of bytes in the command data field, indicated by Lc,
cannot exceed 255 bytes since only short length (1 byte) is supported in NT4H2421Gx,
see [4]. This includes overhead for secure messaging.
The maximum number of bytes in the response data field, indicated by Le, cannot
exceed 256 bytes since only short length (1 byte) is supported in NT4H2421Gx, see [4].
This includes overhead for secure messaging.
Table 17.ꢀISO/IEC 7816-4 response fields
Field
Description
Length
Response data
field
Response data if any, absent if no response data
up to Le
Response trailer
status byte (SW1SW2)
2
The field length and presence might vary for different commands, refer to the specific
command description in Section 10.
8.5 Command Chaining
NT4H2421Gx supports standard ISO/IEC 14443-4 [3] command chaining in the following
cases:
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
17 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• the PICC supports ISO/IEC 14443-4 chaining to allow larger command or response
frames than the supported buffer size for variants of the following commands:
– Native commands wrapped into ISO/IEC 7816-4 APDU: ReadData, WriteData, see
Section 10.
– Standard ISO/IEC 7816-4 commands: ISOReadBinary, ISOUpdateBinary
i.e. every command where larger frame size can occur.
• the PICC will automatically split a response in several frames to fit with the FSD frame
size supported by the PCD and communicated in the RATS.
When a PCD applies ISO/IEC 14443-4 chaining, see [3], it needs to assure the
reassembled INF field containing the command header (i.e. ISO/IEC 7816-4 header
bytes and/or (Cmd || CmdHeader)) fits within the PICC’s buffer (FSC) communicated in
the ATS. If not, the PICC may respond with LENGTH_ERROR.
The ISO/IEC 14443-4 chaining does not influence the secure messaging. This means
that the secure messaging mechanisms are applied as if the command or response
would have been sent in a single large frame. With regards to command execution,
commands are handled as if they were received in one large frame, except for write
commands where the total frame size can be larger than the supported FSC (WriteData
and ISOUpdateBinary). In this case, command execution is started before the complete
command is received.
Note that this is important for StandardData files, where the file may end up in an
undefined state if the command is not completed successfully, see Section 8.6.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
18 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
8.6 Backup management
NT4H2421Gx supports hardware based anti-tearing on single frame write operations.
This means that blocks up to 128 bytes are either completely written of not changed at
all.
8.7 Product originality
NT4H2421Gx supports two types of originality check: one based on an LRP
authentication with AES originality keys and another one with a static signature
verification with an ECC public key. For detail of the ECC originality check, refer to
originality check commands.
The AES-based originality verification using AuthenticateLRPFirst or
AuthenticateLRPNonFirst is done with one of the OriginalityKey described in
Section 8.2.4.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
19 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9 Secure Messaging
Prior to data transmission a mutual three-pass authentication can be done between PICC
and PCD which results in the generation of session keys used in the secure messaging.
There are three secure messaging types available in the NT4H2421Gx including Secure
Dynamic Messaging. One is using AES-128 and is referred to as AES mode in this data
sheet. The other one is using AES-128 with a Leakage Resilient Primitive (LRP) wrapper,
also referred to as LRP mode. The LRP mode can be permanently enabled using the
SetConfiguration command. After this switch, it is not possible to revert back to AES
mode.
Compared to AES mode, the LRP mode has the advantage that it provides strong
resistance against side-channel and fault attacks. It serves as a replacement for
AES as it only uses standard cryptographic constructions based on AES without any
proprietary cryptography. Thus, LRP can be seen as an alternative for AES which is
itself based on AES, and is provably as secure as AES, but comes with better properties
w.r.t. implementation security, see also [10]. The PCD requires the same LRP mode
implementation.
To improve the resistance against side-channel attacks and especially card only attacks
for the AES mode, NT4H2421Gx provides a limit for unsuccessful authentication
attempts. Every unsuccessful authentication is counted in the TotFailCtr. The parameters
TotFailCtrLimit TotFailCtrDecr can be configured as described in Section 10.5.1 using the
"Failed authentication counter configuration".
Each unsuccessful authentication is counted internally in the total failed authentication
counter TotFailCtr. After reaching the TotFailCtrLimit, see Section 10.5.1, the related key
cannot be used for authentication anymore.
In addition, after reaching a limit of consecutive unsuccessful authentication
attempts, the NT4H2421Gx starts to slow down the authentication processing in
order to hamper attacks. This is done by rejecting any authentication command
with a AUTHENTICATION_DELAY response. The response time of a single
AUTHENTICATION_DELAY response is depending on the FWT, see Section 8.1.1, and
is about 65% of the maximum response time specified by FWT. The error response is
sent until the total authentication delay time is reached which is equal to the sum of the
frame delay times. The total authentication delay time increases with each unsuccessful
authentication attempt up to a maximum value, only a successful authentication restores
the full operational speed.
Changing a blocked AES key by authenticating with the AppMasterKey and using the
ChangeKey command makes the referenced key accessible again. If the AppMasterKey
itself is blocked, no recovery is possible.
Each successful AES authentication decrements the TotFailCtr by a value of
TotFailCtrDecr.
The AES and LRP authentications are initiated by commands sharing the same
command code (First Authentication and Non-First Authentication variants). These
authentication protocols are both AES-based, but differ with regards to the actual
protocol applied and the subsequent secure messaging mode they initiate. An overview
of the different modes is given in Figure 5.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
20 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Secure Messaging
Setup
Authentication
Type
71h
71h
AuthenticateEV2First
(KeyNo) with
AuthenticateLRPFirst
(KeyNo) with
PCDCap2.1 = 0x00
PCDCap2.1 = 0x02
AES
AES
(128 bit key)
(128 bit key)
Secure messaging using
standard AES construction
see section on
Secure messaging using
LRP AES construction
see section on
EV2 Secure Messaging
LRP Secure Messaging
aaa-032190
Figure 5.ꢀ NTAG 424 DNA secure messaging setup
A First Authentication can be executed at any time whether the PICC is in authenticated
or not authenticated state.
The Non-First Authentication can only be executed while the card is in authenticated
state after a successful First or Non-First Authentication.
Correct application of First Authentication and Non-First Authentication allows to
cryptographically bind all messages within a transaction together by the transaction
identifier established in a First Authentication, see Section 9.1.1, and a command
counter, see Section 9.1.2, even if multiple authentications are required.
The following table specifies when to authenticate using First Authentication and when to
use Non-First Authentication.
Table 18.ꢀWhen to use which authentication command
Purpose
First Authentication
Non-First
Authentication
First authentication (i.e. when not in any
authenticated state) with any key different
from OriginalityKey
Allowed
Not Allowed
Subsequent authentication (i.e. when
in any authenticated state) with any key
different from OriginalityKey
Allowed, recommended
not to use.
Allowed, recommended
to use.
Any LRP authentication with OriginalityKey Allowed
Allowed
The AuthenticateEV2First initiates a standard AES authentication and secure messaging,
see Section 9.1. The other variant AuthenticateLRPFirst initiates an AES authentication
and secure messaging based on the Leakage Resilient Primitive (LRP), see Section 9.2.
The negotiation between those two variants is done using the capabilities of the First
Authentication and the return message of the first part, where a PCD can distinguish
between standard AES authentication and LRP authentication based on the message
length.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
21 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
On First Authentication, the PCD can choose between AES and LRP secure messaging
by setting bit 1 of PCDCap2.1 in the issued command. The PD is configured for either
AES or LRP secure messaging by the setting of bit 1 from PDCap2.1. This setting is
defined with SetConfiguration, see Section 10.5.1.
If the PCD chooses for AES secure messaging, it sends PCDCap2.1 equaling 00h (or
no PCDCap2 at all). A NT4H2421Gx will accept the authentication if its PDCap2.1 bit 1
is not set, i.e. the NT4H2421Gx is configured for AES secure messaging. The command
is interpreted as AuthenticateEV2First, see Section 9.1.5 for detailed specification. If
PDCap2.1 bit 1 is set, i.e. the NT4H2421Gx is configured for LRP secure messaging, the
authentication request is rejected.
If the PCD chooses for LRP secure messaging, it sends PCDCap2.1 equaling 02h.
NTAG 424 DNA will accept the authentication if its PDCap2.1 bit 1 is set, i.e. the
NT4H2421Gx is configured for LRP secure messaging. The command is interpreted as
AuthenticateLRPFirst and replied with 18 bytes, i.e. ADDITIONAL_FRAME, followed
by an additional AuthMode indicating LRP secure messaging, and 16 bytes of data,
see Section 10.4.3 for detailed specification. If PDCap2.1 bit 1 is not set, i.e. the
NT4H2421Gx is configured for AES secure messaging, the authentication request is
also accepted, but responded with 17 bytes, i.e. the AuthenticateEV2First response
composed of ADDITIONAL_FRAME, followed by 16 bytes of data, allowing the PCD to
fall back to standard AES authentication as well.
With Non-First Authentication, the PCD cannot choose between standard AES and
LRP. If authenticated using AES mode, AuthenticateEV2NonFirst will be applied, see
Section 9.1.6. If authenticated with LRP mode, AuthenticateLRPNonFirst will be applied,
see Section 10.4.4. If not authenticated at all, e.g. if targeting one of the originality keys,
only AuthenticateLRPNonFirst is supported.
Below table provides possible negotiation outcomes on FirstAuthentication.
Table 19.ꢀSecure messaging mode negotiation
PCD
PD
Mode
PCDCa PDCap2.RC
resp
resp
comment
p2.1
(Mode)
PDCap2.PCDCap
Requesting 00h
EV2
Secure
00h
(AES)
ADDITIONAL_
FRAME: 17-byte
response without
AuthMode
00h
00h
Matching, AES SM
accepted and selected
Messaging
02h
(LRP)
PERMISSION_
DENIED
N/A
00h
N/A
02h
No match, AES SM
rejected
Requesting 02h
LRP
Secure
00h
(AES)
ADDITIONAL_
FRAME
No match, PD replies
with AES response,
allowing a PCD to fall
back.
Messaging
02h
(LRP)
ADDITIONAL_
FRAME: 18-byte
response with
AuthMode set to
01h
02h
02h
Matching, LRP SM
accepted and selected
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
22 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.1 AES Secure Messaging
The AES Secure Messaging is managed by AuthenticateEV2First and
AuthenticateEV2NonFirst.
Note that AuthenticateEV2First and AuthenticateEV2NonFirst can also be used to start
LRP Secure Messaging, as defined in Section 9.2. This is done with the PCDCap2 sent
in First Authentication and the return code, see Section 9 and Section 9.2.5 for details.
9.1.1 Transaction Identifier
In order to avoid interleaving of transactions from multiple PCDs toward one PICC, the
Transaction Identifier (TI) is included in each MAC that is calculated over commands
or responses. The TI is generated by the PICC and communicated to the PCD with a
successful execution of an AuthenticateEV2First command, see Section 10.4.1. The size
is 4 bytes and these 4 bytes can hold any value. The TI is treated as a byte array, so
there is no notion of MSB and LSB.
9.1.2 Command Counter
A command counter is included in the MAC calculation for commands and responses in
order to prevent e.g. replay attacks. It is also used to construct the Initialization Vector
(IV) for encryption and decryption.
Each command, besides few exceptions, see below, is counted by the command counter
CmdCtr which is a 16-bit unsigned integer. Both sides count commands, so the actual
value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as
long as the PICC remains authenticated. In cryptographic calculations, the CmdCtr is
represented LSB first. Subsequent authentications using AuthenticateEV2NonFirst do not
affect the CmdCtr. Subsequent authentications using the AuthenticateEV2First will reset
the CmdCtr to 0000h. The CmdCtr is increased between the command and response, for
all communication modes.
When a MAC on a command is calculated at PCD side that includes the CmdCtr, it uses
the current CmdCtr. The CmdCtr is afterwards incremented by 1. At PICC side, a MAC
appended at received commands is checked using the current value of CmdCtr. If the
MAC matches, CmdCtr is incremented by 1 after successful reception of the command,
and before sending a response.
For CommMode.Full, the same holds for both the MAC and encryption IV calculation, i.e.
the non-increased value is used for the command calculations while the increased value
is used for the response calculations.
If the CmdCtr holds the value FFFFh and a command maintaining the active
authentication arrives at the PICC, this leads to an error response and the command is
handled like the MAC was wrong.
Command chaining, see Section 8.5, does not affect the counter. The chained command
is considered as a single command, just as for the other aspects of secure messaging,
and thus the related counter is increased only once.
9.1.3 MAC Calculation
MACs are calculated using the underlying block cipher according to the CMAC standard
described in [6]. Padding is applied according to the standard.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
23 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
The MAC used in NT4H2421Gx is truncated by using only the 8 even-numbered bytes
out of the 16 bytes output as described [6] when represented in most-to-least-significant
order.
Initialization Vector for MACing
The initialization vector used for the CMAC computation is the zero byte IV as prescribed
[6].
9.1.4 Encryption
Encryption and decryption are calculated using AES-128 according to the CBC mode of
NIST SP800-38A [5].
Padding is applied according to Padding Method 2 of ISO/IEC 9797-1 [7], i.e. by adding
always 80h followed, if required, by zero bytes until a string with a length of a multiple
of 16 byte is obtained. Note that if the plain data is a multiple of 16 bytes already, an
additional padding block is added. The only exception is during the authentication itself
(AuthenticateEV2First and AuthenticateEV2NonFirst), where no padding is applied at all.
The notation E(key, message) is used to denote the encryption and D(key, message) for
decryption.
Initialization Vector for Encryption
When encryption is applied to the data sent between the PCD and the PICC, the
Initialization Vector (IV) is constructed by encrypting with SesAuthENCKey according to
the ECB mode of NIST SP800-38A [5] the concatenation of:
• a 2-byte label, distinguishing the purpose of the IV: A55Ah for commands and 5AA5h
for responses
• Transaction Identifier TI
• Command Counter CmdCtr (LSB first)
• Padding of zeros acc. to NIST SP800-38B [6]
This results in the following IVs:
IV for CmdData = E(SesAuthENCKey; A5h || 5Ah || TI || CmdCtr || 0000000000000000h)
IV for RespData = E(SesAuthENCKey;5Ah || A5h || TI || CmdCtr || 0000000000000000h)
When an encryption or decryption is calculated, the CmdCtr to be used in the IV are
the current values. Note that this means that if CmdCtr = n before the reception of a
command, after the validation of the command CmdCtr = n + 1 and that value will be
used in the IV for the encryption of the response.
For the encryption during authentication (both AuthenticateEV2First and
AuthenticateEV2NonFirst), the IV will be 128 bits of 0.
9.1.5 AuthenticateEV2First Command
This section defines the Authentication, which is mandatory to be used first in a
transaction when using Secure Messaging, see Table 18. In this procedure both, the
PICC as well as the PCD show in an encrypted way that they possess the same secret,
i.e. the same key. This authentication is supported with AES keys.
The authentication consists of two parts: AuthenticateEV2First - Part1 and Section 9.1.6
- Part2. Detailed command definition can be found in Section 10.4.1. The protocol cannot
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
24 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
be interrupted by other commands. On any command different from AuthenticateEV2First
- Part2 received after the successful execution of the first part, the PICC aborts the
ongoing authentication.
During this authentication phase, the PICC accepts messages from the PCD that are
longer than the lengths derived from this specification as long as LenCap is correct. This
feature is to support the upgradability to following generations of NT4H2421Gx. The
PCD rejects answers from the PICC when they don’t have the proper length. Note that if
present, PCDcap2:1:Bit1 must not be set, otherwise LRP authentication is targeted, see
Section 9.2.5.
Upon reception of AuthenticateEV2First, the PICC validates the targeted key. If the key
does not exist, AuthenticateEV2First is rejected.
The PICC generates a random 16-byte challenge RndB and send this encrypted to
the PCD, according to Section 9.1.4. Additionally, the PICC resets CmdCtr to zero and
generate a random Transaction Identifier (TI).
Upon reception of the AuthenticateEV2First response from the PICC, the PCD also
generates a random 16-byte challenge RndA. The PCD encrypts, on his turn, the
concatenation of RndA with RndB', which is the received challenge after decryption
and rotating it left by one byte. Within AuthenticateEV2First - Part2, this is sent to the
PICC. Upon reception of AuthenticateEV2First - Part2, the PICC decrypts the second
message and validates the received RndB'. If not as expected, the command is rejected.
Else it generates RndA' by rotating left the received RndA by one byte. This is returned
together with the generated TI. Also, the PICC sends 12 bytes of capabilities to the PCD:
6 bytes of PICC capabilities PDcap2 and 6 bytes of PCD capabilities PCDcap2 that were
received on the command (sent back for verification).
The use of those capabilities, and the negotiation process is described in Section 9. Note
that part of PDCap will be configurable with SetConfiguration. PCDcap2 is used to refer
both to the value sent from the PCD to the PICC and to the value used in the encrypted
response message from the PICC to the PCD where in this case the PCDcap2 is the
adjusted version of the originally sent PCDcap2: i.e. truncated or padded with zero bytes
to a length of 6 bytes if needed.
On successful execution of the authentication protocol, the session keys
SesAuthMACKey and SesAuthENCKey are generated according to Section 9.1.7. The
PICC is in EV2 authenticated state and the Secure Messaging is activated. On any
failure during the protocol or if one of the OriginalityKey were targeted, the PICC ends up
in not authenticated state.
If there is a mismatch between the capabilities expected by the PCD and the capabilities
presented by the PICC to the PCD (both the PDcap2 and the echoed/adjusted
PCDcap2), it is the responsibility of the PCD to take the proper actions based on the
application the PCD is running. This decision is outside the scope of this specification.
9.1.6 AuthenticateEV2NonFirst Command
This section defines the Non-First Authentication, which is recommended to be used if
Secure Messaging is already active, see Table 18. In this procedure both, the PICC as
well as the PCD show in an encrypted way that they possess the same secret, i.e. the
same key. This authentication is supported with AES keys.
The authentication consists of two parts: AuthenticateEV2NonFirst - Part1 and
AuthenticateEV2NonFirst - Part2. Detailed command definition can be found in
Section 10.4.2. This command is rejected if there is no active authentication, except if the
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
25 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
targeted key is the OriginalityKey. For the rest, the behavior is exactly the same as for
AuthenticateEV2First, except for the following differences:
• No PCDcap2 and PDcap2 are exchanged and validated.
• Transaction Identifier TI is not reset and not exchanged.
• Command Counter CmdCtr is not reset.
After successful authentication, the PICC remains in EV2 authenticated state. On any
failure during the protocol, the PICC ends up in not authenticated state.
9.1.7 Session Key Generation
At the end of a valid authentication with AuthenticateEV2First or
AuthenticateEV2NonFirst, both the PICC and the PCD generate two session keys for
secure messaging, as shown in Figure 6:
• SesAuthMACKey for MACing of messages
• SesAuthENCKey for encryption and decryption of messages
Note that these identifiers are also used in context of the LRP protocol, though the actual
calculation of the session keys is different, see Section 9.2.7.
PCD
PICC
AES Key K
AES Key K
x
x
NTAG Authentication
RndA
RndB
RndA
RndB
KDF
KDF
SesAuthENCKey = AES
Session Key for encryption
SesAuthMACKey = AES
Session Key for MAC
SesAuthENCKey = AES
Session Key for encryption
SesAuthMACKey = AES
Session Key for MAC
aaa-032481
Figure 6.ꢀ Session key generation for Secure Messaging
The session key generation is according to NIST SP 800-108 [8] in counter mode.
The Pseudo Random Function PRF(key; message) applied during the key generation
is the CMAC algorithm described in NIST Special Publication 800-38B [6]. The
key derivation key is the key Kx that was applied during authentication. As the
authentications are restricted to target AES keys, the generated session keys are also of
AES.
The input data is constructed using the following fields as defined by [8]. Note that NIST
SP 800-108 allows defining a different order than proposed by the standard as long as it
is unambiguously defined.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
26 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• a 2-byte label, distinguishing the purpose of the key: 5AA5h for MACing and A55Ah for
encryption
• a 2-byte counter, fixed to 0001h as only 128-bit keys are generated.
• a 2-byte length, fixed to 0080h as only 128-bit keys are generated.
• a 26-byte context, constructed using the two random numbers exchanged, RndA and
RndB
First, the 32-byte input session vectors SVx are derived as follows:
SV1 = A5h||5Ah||00h||01h||00h||80h||RndA[15..14]||
ꢀꢀꢀ( RndA[13..8] # RndB[15..10])||RndB[9..0]||RndA[7..0]
SV2 = 5Ah||A5h||00h||01h||00h||80h||RndA[15..14]||
ꢀꢀꢀ( RndA[13..8] # RndB[15..10])||RndB[9..0]||RndA[7..0]
with # being the XOR-operator.
Then, the 16-byte session keys are constructed as follows:
SesAuthENCKey = PRF(Kx, SV1)
SesAuthMACKey = PRF(Kx, SV2)
9.1.8 Plain Communication Mode
The command and response data is not secured. The data is sent in plain, see Figure 7,
i.e. as defined in the command specification tables, see Section 10.
C = Value of CmdCtr at start of this sequence
1
1
1
1
1
[a]
ISO 7816 Data Field
CmdHeader CmdData
[b]
1
Command counter (CmdCtr)
incremented after validating the
command before sending the
response. CmdCtr is a 16-bit
unsigned integer.
CLA
90h
P1
00h 00h
P2
Le
00h
PCD to PICC
CMD
Lc
[c]
RespData
1
1
status
SW1 SW2
aaa-032773
PICC to PCD
Figure 7.ꢀPlain Communication Mode
However, note that, as the PICC is in authenticated state (EV2 authenticated state or
LRP authenticated state), the command counter CmdCtr is still increased as defined in
Section 9.1.2.
This allows the PCD and PICC to detect any insertion and/or deletion of commands sent
in CommMode.Plain on any subsequent command that is sent in CommMode.MAC (e.g.
CommitTransaction) or CommMode.Full.
9.1.9 MAC Communication Mode
The Secure Messaging applies MAC to all commands listed as such in Section 10.2.
In case MAC is to be applied, the following holds. The MAC is calculated using
the current session key SesAuthMACKey. MAC calculation is done as defined in
Section 9.1.3.
For commands, the MAC is calculated over the following data (according to the
definitions from Section 8.3) in this order:
• Command, Cmd
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
27 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• Command Counter CmdCtr
• Transaction Identifier TI
• Command header - CmdHeader (if present)
• Command data - CmdData (if present)
For responses, the MAC is calculated over the following data in this order:
• Return code - RC
• Command Counter - CmdCtr (The already increased value)
• Transaction Identifier - TI
• Response data - RespData (if present)
CmdCtr is the Command Counter as defined in Section 9.1.2. Note that the CmdCtr is
increased between the computation of the MAC on the command and the MAC on the
response. TI is the Transaction Identifier, as defined in Section 9.1.1. The other input
parameters are as defined in Section 8.3. The calculation is illustrated in Figure 8.
In case of command chaining, the MAC calculation is not interrupted. The MAC is
calculated over the data including the complete data field (i.e. either CmdData or
RespData of all frames) at once. The MAC is always transmitted by appending to the
unpadded plain command. If necessary, an additional frame is sent. If a MAC over the
command is received, the PICC verifies the MAC and rejects commands that do not
contain a valid MAC by returning INTEGRITY_ERROR.
In this case, the ongoing command and transaction are aborted (see also Section 10).
The authentication state is immediately lost and the error return code is sent without a
MAC appended. Note that any other error during the command execution has the same
consequences.
C = value of CmdCtr at start of this sequence
T = Value of TI (will stay constant)
8
1
1
1
1
1
[a]
[b]
1
Command counter (CmdCtr)
ISO 7816 Data Field
incremented after validating the
command before sending the
response and related MAC calculation
MACt(SesAuthMACKey, CMD ||
CmdCtr || TI [|| CmdHeader] [|| CmdData])
CLA
90h
P1
00h 00h
P2
Le
00h
PCD to PICC
Cmd
Lc
CmdHeader
CmdData
MAC(SesAuthMACKey, CMD || CmdCtr || TI
[|| CmdHeader] [|| CmdData])
MAC Truncation from 16 to 8 byte
by use of the even-numbered bytes
1
2
CmdCtr
C
4
TI
T
[a]
[b]
ISO 7816 Data Field
Cmd
CmdHeader
CmdData
[c]
8
1
1
status
MACt(SesAuthMACKey, RC ||
CmdCtr || TI [|| RespData])
PICC to PCD
RespData
SW1 SW2
MAC(SesAuthMACKey, RC ||
CmdCtr || TI [|| RespData])
2
4
TI
T
[c]
1
status
CmdCtr
C+1
RespData
SW2
aaa-032192
CLA, P1, P2, LC, Le and SW1 not included in secure messaging calculation. SW2 is the return
code (RC) and appended in the beginning for secure messaging calculation
Figure 8.ꢀ Secure Messaging: MAC Communication mode
9.1.10 Full Communication Mode
The Secure Messaging applies encryption (CommMode.Full) to all commands listed
as such in Section 10.2. In case CommMode.Full is to be applied, the following holds.
The encryption/decryption is calculated using the current session key SesAuthENCKey.
Calculation is done as defined in Section 9.1.4 over either the command or the response
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
28 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
data field (i.e. CmdData or RespData). Note that none of the commands have a data field
in both the command and the response frame.
After the encryption, the command and response frames are handled as with MAC.
This means that additionally a MAC is calculated and appended for transmission using
the current session key SesAuthMACKey. This is exactly done as specified for MAC
in Section 9.1.9, replacing the plain CmdData or RespData by the encrypted field:
E(SesAuthENCKey; CmdData) or E(SesAuthENCKey; RespData). The complete
calculation is illustrated in Figure 9. In case of command chaining, the encryption/
decryption is applied over the complete data field (i.e. of all frames). If necessary, due to
the padding or the MAC added, an additional frame is sent. If encryption of the command
is required, after the MAC verification as described for MAC, the PICC verifies and
removes the padding bytes. Commands without a valid padding are also rejected by
returning INTEGRITY_ERROR.
In this case, the ongoing command and transaction are aborted (see also Section 10).
The authentication state is immediately lost and the error return code is sent without a
MAC appended. Note that any other error during the command execution has the same
consequences.
[b]
p
C = value of CmdCtr at start of this sequence
T = Value of TI (will stay constant)
CmdData
Padding
8
1
1
1
1
1
[a]
[b+p]
ISO 7816 Data Field
1
Command counter (CmdCtr)
incremented after validating the
command before sending the
response and related MAC calculation
MACt(SesAuthMACKey, CMD || CmdCtr
CmdHeader E(SesAuthENCKey, CmdData) || TI [|| CmdHeader] [|| E(Ke, CmdData)])
CLA
90h
P1
00h 00h
P2
Le
PCD to PICC
Cmd
Lc
MAC(SesAuthMACKey, CMD || CmdCtr || TI
[|| CmdHeader] [|| E(Ke, CmdData])
MAC Truncation from 16 to 8 byte
by use of the even-numbered bytes
1
2
4
TI
T
[a]
CmdHeader
[b+p]
ISO 7816 Data Field
Cmd CmdCtr
C
E(SesAuthENCKey, CmdData)
[c]
p
RespData
Padding
[c+p]
E(SesAuthENCKey, RespData)
8
1
1
status
MACt(SesAuthMACKey, RC ||
CmdCtr || TI [|| E(Ke, RespData)]) SW1 SW2
PICC to PCD
MAC(SesAuthMACKey, RC ||
CmdCtr || TI [|| E(Ke, RespData)])
1
2
4
TI
T
[c+p]
status
SW2
CmdCtr
C+1
E(SesAuthENCKey, RespData)
aaa-032193
Figure 9.ꢀ Secure Messaging: CommMode.Full
9.2 LRP Secure Messaging
The LRP Secure Messaging is using AES-128 to construct a Leakage Resilient Primitive.
This way, it allows side-channel resistant implementation.
Like the AES secure messaging, this secure messaging mode is managed by commands
with the same command code as AuthenticateEV2First and AuthenticateEV2NonFirst.
To distinguish and ease the descriptions, they are renamed for the LRP case into
AuthenticateLRPFirst and AuthenticateLRPNonFirst. The recommendations of Section 9
on when to use one or the other command also apply for LRP secure messaging.
9.2.1 Transaction identifier
The Transaction Identifier (TI) is treated exactly in the same way by LRP secure
messaging as defined for AES secure messaging, see Section 9.1.1.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
29 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.2.2 Command counter
The Command counter (CmdCtr) is treated exactly in the same way by LRP secure
messaging as defined for AES secure messaging, see Section 9.1.2.
9.2.3 MAC calculation
MACs are computed by using a CMAC construction on top of the LRP primitive. This is
specified in [10]. This document uses the following notation where the right hand refers to
the notation of [10].
MACLRP(key,message) = CMAC_LRP(4,key, Len(message),message)
Note that in the LRP context a key is not purely a single value, but rather consists of
the associated set of plain texts, an updated key and in context of CMAC also the
subkeys K1 and K2. Therefore K1 and K2 are not shown (contrary to [10]) as they can be
calculated inside.
MACtLRP(key, message) denotes the CMAC after truncation to 8 bytes which is identical
to the truncation of the AES secure messaging i.e. the even-numbered bytes are retained
in most-to-least-significant order, see Section 9.1.3.
The initialization vector used for the CMAC computation is the zero byte IV as prescribed
[10].
9.2.4 Encryption
Encryption and decryption are calculated using a Leakage Resilient Indexed CodeBook
(LRICB) construction on top of the LRP primitive: LRICBof [10].
For this purpose an Encryption Counter is maintained: EncCtr is a 32-bit unsigned
integer as Input Vector (IV) for encryption/decryption. The EncCtr is reset to 000000000h
at PCD and PICC when starting an authentication with AuthenticateLRPFirst or
AuthenticateLRPNonFirst targeting LRP. The counter is incremented during each
encryption/decryption of each 16-byte block. i.e. for 64-byte encryption/decryption
the EncCtr is increased by 5 due to 4 blocks of 16-byte of data plus one block of
padding. Note that for AuthenticateLRPFirst the value 00000000h is already used for
the response of part 2, so the actual secure messaging starts from 00000001h. For
AuthenticateLRPNonFirst, secure messaging starts from 00000000h as the counter is not
used during the authentication. EncCtr is further maintained as long as the PICC remains
in LRP authenticated state. Note that for the key stream calculation [10], the counter is
represented MSB first.
Padding is applied according to Padding Method 2 of ISO/IEC 9797-1 [7], i.e. by adding
always 80h followed, if required, by zero bytes until a string with a length of a multiple
of 16 bytes is obtained. Note that if the plain data is a multiple of 16 bytes already, an
additional padding block is added. The only exception is during the authentication itself
(AuthenticateLRPFirst and AuthenticateLRPNonFirst), where no padding is applied at all.
The notation ELRP(key, plaintext) is used to denote the encryption, i.e. LRICBEnc of [10]
and DLRP(key, ciphertext) for the complementary decryption operation. Note that in the
LRP context a key is not purely a single value, but rather consists of the associated set
of plain texts and updated key. Also, as specified in [10], the EncCtr is updated as part of
the operation.
Note that the EncCtr cannot overflow. Due to the supported file sizes, the CmdCtr will
always expire before.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
30 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Note that the MSB representation of EncCtr is different from other counter
representations in this specification, but allows saving some AES calculations in the key
stream generation.
9.2.5 AuthenticateLRPFirst command
The AuthenticateLRPFirst command reuses the same command code as
AuthenticateEV2First. The distinction is made via the PCDCap2.1 parameter, as
explained in Section 9.
The AuthenticateLRPFirst command is fully compliant with the mutual three-pass
authentication of ISO/IEC 9798-4 [7].
The authentication consists of two parts: AuthenticateLRPFirst - Part1 and
AuthenticateLRPFirst Part2. Detailed command definition can be found in Section 10.4.3.
The protocol cannot be interrupted by other commands. On any command different from
AuthenticateLRPFirst - Part2 received after the successful execution of the first part, the
PICC aborts the ongoing authentication.
During this authentication phase, the PICC accepts messages from the PCD that are
longer than the lengths derived from this specification as long as LenCap is correct. This
feature is to support the upgradability to following generations of NTAG 424 DNA.
Apart from bit 1 of PCDCap2.1, which need to be set to 1 for AuthenticateLRPFirst
resulting into 020000000000h, the content of PCDCap2 is not interpreted by the PICC.
The PCD rejects answers from the PICC when they don’t have the proper length.
Upon reception of AuthenticateLRPFirst, the PICC validates the targeted key. If the key
does not exist, AuthenticateLRPFirst is rejected. At PICC level, the only available key is
the OriginalityKey.
The PICC generates a random 16-byte challenge RndB and send this in plain to the
PCD. Additionally, the PICC and PCD reset both CmdCtr and EncCtr to zero and
generate a random TI.
Upon reception of the AuthenticateLRPFirst response from the PICC, the PCD also
generates a random 16-byte challenge RndA. Now the PCD calculates the session keys
SesAuthMACKey and SesAuthENCKey, as specified in Section 9.2.7. As explained there
for LRP, a session key consists of a set of plain texts and an updated key.
Then the PCDResponse computes a MAC over the concatenation of RndA with RndB,
applying the SesAuthMACKey with the algorithm defined in Section 9.2.3. Note that
MACs are not truncated during the authentication. Within AuthenticateLRPFirst - Part2,
the concatenation of RndA and this MAC is sent to the PICC.
Upon reception of AuthenticateLRPFirst - Part2, the PICC validates the received
MAC. If not as expected, the command is rejected. Else it encrypts the generated TI
concatenated with 12 bytes of capabilities to the PCD: 6 bytes of PICC capabilities
PDCap2 and 6 bytes of PCD capabilities PCDCap2 that were received on the command
(sent back for verification). Encryption is done according to Section 9.2.4, applying
SesAuthENCKey.
Note that part of PDCap is configurable with SetConfiguration. PCDCap2 is used to refer
both to the value sent from the PCD to the PICC and to the value used in the encrypted
response message from the PICC to the PCD where in this case the PCDCap2 is the
adjusted version of the originally sent PCDCap2: i.e. truncated or padded with zero
bytes to a length of 6 bytes if needed. After that encryption, the PICCResponse will also
compute a MAC over the concatenation of RndB, RndA and the encrypted data.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
31 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.2.6 AuthenticateLRPNonFirst command
This section defines the LRP Non-First Authentication, which is recommended to be used
if LRP Secure Messaging is already active, see Table 18.
The authentication consists of two parts: AuthenticateLRPNonFirst - Part1 and
AuthenticateLRPNonFirst Part2. Detailed command definition can be found in
Section 10.4.4.
This command is rejected if there is no active LRP authentication, except if the targeted
key is the OriginalityKey.
For the rest, the behavior is exactly the same as for AuthenticateLRPFirst, except for the
following differences:
• PCDCap2 and PDCap2 are not exchanged and validated
• TI is not reset and not exchanged
• CmdCtr is not reset
Note that EncCtr is reset to zero also on AuthenticateLRPNonFirst.
After successful authentication, the PICC remains in LRP authenticated state, except if
the OriginalityKey was targeted. In that case, the PICC is in not authenticated state. On
any failure during the protocol, the PICC ends up in not authenticated state.
9.2.7 Session key generation
Next to the algorithms for MAC calculation and encryption, one of the major differences
between the LRP secure messaging and the AES secure messaging is that the
session keys are generated and already applied during the authentication with
AuthenticateLRPFirst or AuthenticateLRPNonFirst.
Also for the LRP protocol, two keys are generated:
• SesAuthMACKey for MACing of messages
• SesAuthENCKey for encryption and decryption of messages
During the authentication, the SesAuthMACKey is used for both AuthenticateLRPFirst
and AuthenticateLRPNonFirst. SesAuthENCKey is only used for AuthenticateLRPFirst.
Being LRP keys, this section shows how both the plain texts and the updated key [10]
related to these session keys are computed. In the remainder of the document, when
the session key is applied in the LRP context the combination of those plain texts and
updated key is meant.
The session key generation is according to NIST SP 800-108 [8] in counter mode.
The Pseudo Random Function PRF(key; message) applied during the key generation
is the CMAC algorithm on top of the LRP primitive. This is specified in [10], see
also Section 9.2.3. The key derivation key is the key Kx that was applied during
authentication. Note that from this key a set of plaintexts and updated key is computed,
so the static key is only used in this derivation. The generated session keys are AES
keys. The input data is constructed using the following fields as defined by [8]. Note that
NIST SP 800-108 allows defining a different order than proposed by the standard as long
as it is unambiguously defined.
• a 2-byte counter, fixed to 0001h as only 128-bit keys are generated
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
32 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• a 2-byte length, fixed to 0080h as only 128-bit keys are generated
• a 26-byte context, constructed using the two random numbers exchanged, RndA and
RndB
• a 2-byte label: 9669h
Firstly, the 32-byte input session vector SV is derived as follows:
SV = 00h || 01h || 00h || 80h || RndA[15::14] ||
ꢀꢀ(RndA[13::8] # RndB[15::10]) || RndB[9::0] || RndA[7::0] || 96h || 69h
with # being the XOR-operator.
Then, the session key material is constructed as follows:
ꢀAuthSPT = generatePlaintexts(4; Kx)
ꢀ{AuthUpdateKey} = generateUpdatedKeys(1; Kx)
ꢀSesAuthMasterKey = MACLRP (Kx; SV )
ꢀSesAuthSPT = generatePlaintexts(4; SesAuthMasterKey)
ꢀ{SesAuthMACUpdateKey; SesAuthENCUpdateKey} = generateUpdatedKeys(2;
SesAuthMasterKey)
with generatePlaintexts and generateUpdatedKeys the functions from [10]. Note that
the output of generateUpdatedKeys is shown in the order that the keys are generated.
The actual SesAuthMACKey then consists for LRP of the set of plaintexts SesAuthSPT
(consisting of 16 16-byte values) and SesAuthMACUpdateKey. The SesAuthENCKey
consists of the same set of plaintexts SesAuthSPT and SesAuthENCUpdateKey.
9.2.8 Plain communication mode
For CommMode.Plain, command processing in LRP authenticated state is identical to
AES secure messaging in EV2 authenticated state, see Section 9.1.8.
9.2.9 MAC communication mode
For MAC, apart from using the LRP MAC algorithm, as specified in Section 9.2.3, the
command processing in LRP authenticated state is identical to AES secure messaging in
EV2 authenticated state, see Section 9.1.9. The calculation is illustrated in Figure 10.
C = value of CmdCtr at start of this sequence
T = Value of TI (will stay constant)
8
1
1
1
1
1
[a]
[b]
1
Command counter (CmdCtr)
ISO 7816 Data Field
incremented after validating the
command before sending the
response and related MAC calculation
MACt(SesAuthMACKey, CMD ||
CmdCtr || TI [|| CmdHeader] [|| CmdData])
CLA
90h
P1
00h 00h
P2
Le
00h
PCD to PICC
Cmd
Lc
CmdHeader
CmdData
MAC
(SesAuthMACKey, CMD || CmdCtr || TI
[|| CmdHeader] [|| CmdData])
MAC Truncation from 16 to 8 byte
by use of the even-numbered bytes
LRP
1
2
CmdCtr
C
4
TI
T
[a]
[b]
ISO 7816 Data Field
Cmd
CmdHeader
CmdData
[c]
8
1
1
status
MACt(SesAuthMACKey, RC ||
CmdCtr || TI [|| RespData])
PICC to PCD
RespData
SW1 SW2
MAC(SesAuthMACKey, RC ||
CmdCtr || TI [|| RespData])
2
4
TI
T
[c]
1
status
CmdCtr
C+1
RespData
SW2
aaa-032194
Figure 10.ꢀLRP Secure Messaging: MAC Protection Mode
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
33 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.2.10 Full communication mode
For CommMode.Full, apart from using the LRP encryption and MAC algorithm, as
specified in Section 9.2.4, the command processing in LRP authenticated state is
identical to AES secure messaging in EV2 authenticated state, see Section 9.1.10. This
is as well illustrated in Figure 11.
[b]
p
C = value of CmdCtr at start of this sequence
T = Value of TI (will stay constant)
CmdData
Padding
8
1
1
1
1
1
[a]
[b+p]
1
Command counter (CmdCtr)
ISO 7816 Data Field
incremented after validating the
command before sending the
response and related MAC calculation
MACt
LRP
(SesAuthMACKey, CMD || CmdCtr || TI [||
(SesAuthENCKey, CmdData)])
Le
00h
CLA
90h
P1
00h 00h
P2
PCD to PICC
Cmd
Lc
CmdHeader
E
LRP
(SesAuthENCKey, CmdData) CmdHeader] [|| E
LRP
MACt
LRP
CmdHeader] [|| E
(SesAuthMACKey, CMD || CmdCtr || TI [||
MAC Truncation from 16 to 8 byte
by use of the even-numbered bytes
(SesAuthENCKey, CmdData)])
LRP
1
2
4
TI
T
[a]
[b+p]
ISO 7816 Data Field
(SesAuthENCKey, CmdData)
Cmd
CmdCtr
C
CmdHeader
E
LRP
[c]
p
RespData
Padding
[c+p]
8
1
1
status
MAC
LRP
|| TI [|| E
(SesAuthMACKey, RC || CmdCtr
PICC to PCD
E (SesAuthENCKey, RespData)
LRP
(SesAuthENCKey, RespData)]) SW1 SW2
LRP
MAC
(SesAuthMACKey, RC || CmdCtr
LRP
|| TI [|| E (SesAuthENCKey, RespData)])
LRP
1
2
4
TI
T
[c+p]
status
SW2
CmdCtr
C+1
E
(SesAuthENCKey, RespData)
LRP
aaa-032195
Figure 11.ꢀLRP Secure Messaging: CommMode.Full
9.3 Secure Dynamic Messaging
The Secure Dynamic Messaging (SDM) allows for confidential and integrity protected
data exchange, without requiring a preceding authentication. NT4H2421Gx supports
SDM for reading from one of the StandardData files on the PICC. Secure Dynamic
Messaging allows adding security to the data read, while still being able to access it with
standard NDEF readers. The typical use case is an NDEF holding a URI and some meta-
data, where SDM allows this meta-data to be communicated confidentiality and integrity
protected toward a backend server.
When using SDM, residual risks coming with the Secure Dynamic Messaging for
Reading have to be taken into account. As SDM allows free reading of the secured
message, i.e. without any up-front reader authentication, anybody can read out the
message. This means that also a potential attacker is able to read out and store one ore
multiple messages, and play them at a later point in time to the verifier.
If this residual risk is not acceptable for the system’s use case, the legacy mutual
authentication (using challenge response protocol) and subsequent secure messaging
should be applied. This would require using an own application and operating outside a
standard NDEF read operation.
Other risk mitigation may be applied for SDM to limit the residual risk, without completely
removing it:
• Track SDMReadCtr per tag at the verifying side. Reject SDMReadCtr values that have
been seen before or that are played out-of-order. This is a minimum requirement any
verifier should implement.
• Limit the time window of an attacker by requiring tags to be presented regularly (e.g. at
least once a day) in combination with the previous mitigation.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
34 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
• Read out the SDM-protected file more than once. This does not protect against
attackers that have read out the valid tag also multiple times and play the received
responses in the same sequence.
9.3.1 SDM Read Counter
In order to allow replay detection by the party validating the data read, a read counter is
associated with the file for which Secure Dynamic Messaging is enabled.
SDMReadCtr is a 24-bit unsigned integer. The SDMReadCtr is reset to 000000h when
enabling SDM with ChangeFileSettings. In cryptographic calculations and represented
with binary encoding on the external interface, the SDMReadCtr is represented LSB first.
When represented with ASCII encoding on the contactless interface, it is represented
MSB first. Note that this is in line with the NFC counter representation in [14]
In not Authenticated state, the SDMReadCtr is incremented by 1 before calculating the
response of the first read command, ReadData or ISOReadBinary, if successful. On
subsequent read commands targeting the same file, the SDMReadCtr is not increased,
and the current value is used. As soon as a different command has been received,
the counter is incremented again on a subsequent read command. Also when varying
between ReadData and ISOReadBinary, the counter is incremented on each first
instance of the read command type. Note that the SDMReadCtr is not incremented when
authenticated.
If the SDMReadCtr reaches the SDMReadCtrLimit (see Section 9.3.2) or the value
FFFFFFh (if SDMReadCtrLimit is not enabled) and a first read command arrives at
the PICC, an error is being returned. Command chaining, see Section 8.5, does not
additionally affect the counter increase. The chained command is considered as a single
command.
SDMReadCtr can be retrieved via the mirroring as part of the PICCData, see
Section 9.3.3, or it can be retrieved via GetFileCounters.
9.3.2 SDM Read Counter Limit
In order to allow limiting the number of reads that can be done with a single device
applying Secure Dynamic Messaging, an optional SDM Read Counter Limit can be
configured. There are two main use cases:
• limit the number of usages from the card side. Note that typically this can also be
controlled from the backend verifying the SDM for Read protected message.
• limit the number of traces that can be collected on the symmetric crypto processing.
This way potential side channel attacks can be mitigated, see also the Failed
Authentication Counter feature for the mutual authentication. In this case, it is
recommended to have the configured limit aligned with TotFailCtrLimit.
The number of reads that can be executed for an SDM configured file can be limited by
setting an SDM Read Counter Limit (SDMReadCtrLimit). This is an unsigned integer of 3
bytes, related with SDMReadCtr. On the interface, the SDMReadCtrLimit is represented
LSB first. The SDMReadCtrLimit can be enabled by setting a customized value with
ChangeFileSettings. It can be retrieved with GetFileSettings.
Once the SDMReadCtr equals the SDMReadCtrLimit, no reading of the file with
ReadData or ISOReadBinary in not authenticated state can be executed. Note that
if authenticated, reading is always possible even if SDMReadCtrLimit is reached,
applying the regular secure messaging. If the SDMReadCtrLimit is disabled with
ChangeFileSettings, this is also equivalent to putting it to the maximum value: FFFFFFh.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
35 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.3.3 PICCData
The PICCData holds metadata of the targeted PICC and file, consisting of the UID and/or
the SDMReadCtr. Whether PICCData is transmitted in plain or encrypted depends on the
configuration of the SDMMetaRead access rights on the file, see Section 8.2.3.4. If the
SDMMetaRead access right is configured for free access (Eh), PICCData is plain and is
defined according to Table 20.
ASCII mirroring is reflected by the function EncodeASCII(), which means that each
hexadecimal character of the hexadecimal representation will be ASCII encoded using
capitals. For example, the UID 04E141124C2880h becomes: 30h 34h 45h 31h 34h 31h
31h 32h 34h 43h 32h 38h 38h 30h.
Table 20.ꢀPICCData: plain encoding and lengths
Mode
ASCII
ASCII
PICCData Value
Length with 7-byte UID
EncodeASCII(UID)
UIDLength = 14 (i.e. 2*UIDLen)
SDMReadCtrLength = 6 (i.e. 2*3)
EncodeASCII(SDMReadCtr)
Note that the SDMReadCtr, as defined in Section 9.3.1, is represented MSB first for
ASCII case. If the SDMMetaRead access right is configured for an application key,
PICCData will be encrypted as defined in Section 9.3.4. In this case, the input plaintext
for the encryption is always in binary encoding, while the output ciphertext will be ASCII
encoded.
The PICCData is mirrored within the file. This is configured with ChangeFileSettings via
the related offsets.
In case of plain mirroring (i.e. access right SDMMetaRead = Eh):
• UIDOffset configures the UID mirroring position. It is only given if UID mirroring is
enabled.
• SDMReadCtrOffset configures the SDMReadCtr mirroring position. It is only given if
SDMReadCtr mirroring is enabled. Note that it is possible to enable the SDMReadCtr
but without mirroring by putting SDMReadCtrOffset to FFFFFFh. In this case it can be
retrieved with the GetFileCounters command.
If UID and SDMReadCtr are mirrored within the file, they shall not overlap:
• UIDOffset ≥ SDMReadCtrOffset + SDMReadCtrLength OR SDMReadCtrOffset ≥
UIDOffset + UIDLength.
In case of encrypted mirroring (i.e. SDMMetaRead = 0h..4h), PICCDataOffset configures
the PICCData mirroring. The encryption is outlined in Section 9.3.4.
If the PICCData is mirrored within the file, the mirroring shall always be applied in not
authenticated state, independently of whether Secure Dynamic Messaging applies. This
means it will also be applied if reading the file with free access due to Read or ReadWrite
access right. Note that if authenticated, no mirroring is done, i.e. the regular secure
messaging is always applied on the static file data.
With NT4H2421Gx, PICCData is always ASCII encoded.
When both the UID and SDMReadCtr are mirrored, “x” (78h) is used as a separator
character with NTAG2x [14]. This can be achieved by leaving one byte space between
the placeholders defined by UIDOffset and SDMReadCtrOffset, and writing “x” (78h) in
the static file data.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
36 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.3.4 Encryption of PICCData
In case of encrypted PICCData mirroring (both binary and ASCII), PICCDataTag
specifies what metadata is mirrored, together with the length of the UID if mirrored, as
defined in Table 21.
Table 21.ꢀPICCDataTag
Bit
Value
Description
UID mirroring
disabled
Bit7
-
0
1
enabled
Bit6
-
SDMReadCtr mirroring
disabled
0
1
enabled
Bit5-4
Bit3-0
00
-
RFU
UID Length
RFU (if UID is not mirrored)
7 byte UID
0h
7h
The format of the plain text is: PICCDataTag [ || UID] [|| SDMReadCtr].
To ensure that the encrypted PICCData cannot be abused for tracking purposes, random
padding is added to the actual plain text input.
The random padding is generated for the response of the first read command, ReadData
or ISOReadBinary. On subsequent read commands targeting the same file the same
random padding is reused. This allows for reading the file in chunks, where a chunk
border might even be in the middle of the encrypted PICCData. As soon as a different
command has been received, fresh random padding is generated on a subsequent read
command. Also when varying between ReadData and ISOReadBinary, fresh random
padding is generated.
The key applied for encryption of PICCData is the SDMMetaReadKey as defined by the
SDMMetaRead access right.
9.3.4.1 AES mode encryption
Encryption and decryption of the PICCData are calculated using the underlying block
cipher according to the CBC mode of NIST SP800-38A [5], applying zero byte IV.
Therefore PICCData is defined as follows:
PICCData = E(SDMMetaReadKey; PICCDataTag [ || UID ] [ || SDMReadCtr ] ||
RandomPadding)
with PICCDataTag as defined in Section 9.3.3, and RandomPadding being a random
byte string generated by the PICC to make the input 16 bytes long. Note that because of
the ASCII encoding the required placeholder length doubles.
9.3.4.2 LRP mode encryption
Encryption and decryption of the PICCData are calculated using a leakage resilient
indexed codebook (LRICB) construction on top of the LRP primitive: LRICB of [14].
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
37 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
For this operation, the LRP key material is constructed as follows:
SDMMetaReadSPT = generatePlaintexts(4; SDMMetaReadKey)
{SDMMetaReadUpdateKey} = generateUpdatedKeys(1; SDMMetaReadKey)
As input counter for the CTR construction, the 8-byte random PICCRand, generated by
the PICC, is used. Apart from the counter applied, this is identical to the encryption used
for LRP secure messaging, see Section 9.2.4.
Therefore PICCData is defined as follows:
PICCData = PICCRand || ELRP (SDMMetaReadKey; PICCDataTag [|| UID] [ ||
SDMReadCtr] || RandomPadding)
with PICCDataTag as defined in Section 9.3.3, and PICCRand being an 8-byte long
random byte string generated by the PICC. RandomPadding is applied like for AES
mode.
The required placeholder length in the NDEF message is 48 bytes due to ASCII
encoding.
Note that due to the different sizes of encrypted PICCData with AES mode and LRP
mode, the Secure Dynamic Messaging and mirroring will be disabled when switching
from AES mode to LRP mode with SetConfiguration.
9.3.5 SDMENCFileData
SDM for Reading supports mirroring (part of the) file data encrypted. This part is called
the SDMENCFileData.
If the SDMFileRead access right is configured for an application key, part of the file
data can optionally be encrypted as defined in Section 9.3.6 when being read out in not
authenticated state.
In this case, the input plaintext for the encryption is always in binary encoding, while the
output ciphertext is ASCII encoded.
Note that if authenticated, no Secure Dynamic Messaging is applied, i.e. the regular
secure messaging is always applied on the static file data.
The SDMENCFileData (if any) is always mirrored within the file. This is configured with
ChangeFileSettings, see Section 10.7.1 via SDMENCOffset and SDMENCLength. If the
SDMFileRead access right is disabling Secure Dynamic Messaging for reading (i.e. set to
Fh), SDMENCOffset and SDMENCLength are not present in ChangeFileSettings.
If PICCData is mirrored within the file, SDMENCFileData shall not overlap with it.
Depending on what is exactly mirrored, the following holds:
• SDMENCOffset ≥ PICCDataOffset + PICCDataLength OR PICCDataOffset ≥
SDMENCOffset + SDMENCLength.
• SDMENCOffset ≥ UIDOffset + UIDLength OR UIDOffset ≥ SDMENCOffset +
SDMENCLength.
• SDMENCOffset ≥ SDMReadCtrOffset + SDMReadCtrLength OR SDMReadCtrOffset ≥
SDMENCOffset + SDMENCLength.
It shall be ensured that SDMENCOffset + SDMENCLength is smaller than or equal to the
file size. Note that as the SDMMAC is as well mirrored into the file, additional conditions
apply, see Section 9.3.7. The SDMENCLength shall be a multiple of 32 bytes for the
ASCII encoding. With NT4H2421Gx, only ASCII encoding is supported.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
38 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.3.6 Encryption of SDMENCFileData
The key applied for the encryption is a session key SesSDMFileReadENCKey derived
from the application key defined by the SDMFileRead access right as specified in
Section 9.3.9.
From user point of view, the SDMENCOffset and SDMENCLength define a placeholder
within the file where the plain data is to be stored when writing the file.
For ASCII encoding, only the first half of the placeholder is used for storing the plain data,
the second half is ignored for constructing the returned data when reading with SDM. For
example, if targeting to encrypt 2 AES blocks, i.e. 32 bytes, a placeholder of 64 bytes is
reserved via SDMENCOffset and SDMENCLength. The first 32 bytes hold the plaintext,
and the next 32 bytes are ignored when reading with Secure Dynamic Messaging.
9.3.6.1 AES mode encryption
Encryption and decryption of the SDMENCFileData are calculated using the underlying
block cipher according to the CBC mode of NIST SP800-38A [5]. The following IV is
applied:
IV = E(SesSDMFileReadENCKey; SDMReadCtr||00000000000000000000000000h)
with SDMReadCtr LSB first.
For applying SDM with ASCII encoding, the SDMENCFileData is defined as follows:
SDMENCFileData = E(SesSDMFileReadENCKey; StaticFileData[SDMENCOffset::
SDMENCOffset + SDMENCLength=2 - 1])
with StaticFileData being the current file data as written in the placeholder. The file
configuration ensures via SDMENCLength that the input is a multiple of 16 bytes, so no
padding is applied.
Note that it is possible via the read command parameters to read-only part of the file. If
the SDMENCFileData is partially read as per the issued offset and length, a truncated
part of the ciphertext will be returned. As truncation might happen in the middle of an
AES block, this means subsequent read commands to fetch the remainder of the file
might be required to be able to decrypt.
9.3.6.2 LRP mode encryption
Encryption and decryption of the SDMENCFileData are calculated using a leakage
resilient indexed codebook (LRICB) construction on top of the LRP primitive: LRICB of
[10].
As input counter for the CTR construction, a 6-byte counter is used, consisting of
the concatenation of SDMReadCtr and three zero bytes: SDMReadCtr || 000000h.
SDMReadCtr is LSB first. After concatenation the 6-byte are treated as unsigned integer
for the counting.
Apart from the counter applied, this is identical to the encryption used for LRP secure
messaging, see Section 9.2.4.
If applying SDM with ASCII encoding, the SDMENCFileData is defined as follows:
SDMENCFileData = ELRP (SesSDMFileReadENCKey; StaticFileData[SDMENCOffset ...
SDMENCOffset + SDMENCLength/2 - 1])
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
39 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
with StaticFileData being the file data as it was written in the placeholder. The file
configuration ensures via SDMENCLength that the input is a multiple of 16 bytes. No
padding is applied.
9.3.7 SDMMAC
SDM for Reading supports calculating a MAC over the response data. This message
authentication code is called the SDMMAC.
If SDMFileRead access right is configured for an application key, a MAC will be
calculated as defined in Section 9.3.8 when being read out in no authenticated state.
The SDMMAC is to be mirrored within the file via SDMMACOffset. This is configured with
ChangeFileSettings, see Section 10.7.1.
If SDMMAC is mirrored within the file, it is limited to start only after SDMENCFileData, i.e.
SDMMACOffset ≥ SDMENCOffset + SDMENCLength. The SDMMACInputOffset must
ensure that the complete SDMENCFileData is included in the MAC calculation.
As the mirrored SDMMAC is ASCII encoded, the output size doubles to 16 bytes.
It shall be ensured that SDMMACOffset + SDMMACLength is smaller or equal than the
file size. Note that if authenticated, no Secure Dynamic Messaging is applied and the
placeholder data at SDMMACOffset is not replaced, i.e. the regular secure messaging is
always applied on the static file data.
The SDMMACInputOffset will define from which position in the file the MAC calculation
starts. If SDMMAC is mirrored within the file, SDMMACInputOffset must be smaller than
or equal to SDMMACOffset.
MACing is mandatory if the SDMFileRead access right is configured for an application
key. If the SDMFileRead access right is disabling Secure Dynamic Messaging for
reading (i.e. set to Fh), SDMMACOffset and SDMMACInputOffset are not present in
ChangeFileSettings.
With NT4H2421Gx, only ASCII encoding is supported. SDMMAC is always mirrored
within the file.
9.3.8 MAC Calculation
The key applied for the MAC calculation is a session key SesSDMFileReadMACKey
derived from the application key defined by the SDMFileRead access right, as specified
in Section 9.3.9.
9.3.8.1 AES mode MAC calculation
The 8-byte SDMMAC is calculated using AES according to the CMAC standard
described in NIST Special Publication 800-38B [6] applying the same truncation as the
AES mode secure messaging, see Section 9.1.3.
The SDMMAC is defined as follows:
SDMMAC = MACt (SesSDMFileReadMACKey; DynamicFileData[SDMMACInputOffset ...
SDMMACOffset - 1])
with DynamicFileData being the file data as how it is put on the contactless interface, i.e.
replacing any placeholders by the dynamic data.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
40 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.3.8.2 LRP mode MAC calculation
The 8-byte SDMMAC is calculated using a CMAC construction on top of the LRP
primitive. This is specified in [10].
It is identical to the MAC calculation of LRP secure messaging, see Section 9.2.3, also
applying the same truncation.
Therefore SDMMAC is defined as follows:
SDMMAC = MACtLRP (SesSDMFileReadMACKey;
DynamicFileData[SDMMACInputOffset ... SDMMACOffset - 1])
with DynamicFileData being the file data as how it is put on the contactless interface, i.e.
replacing any placeholders by the dynamic data.
9.3.9 SDM Session Key Generation
For Secure Dynamic Messaging for reading, the following session keys are calculated:
• SesSDMFileReadMACKey for MACing of file data.
• SesSDMFileReadENCKey for encryption of file data
The session key generation is according to NIST SP 800-108 [8] in counter mode.
The pseudo random function applied during the key generation is the CMAC algorithm
described in NIST Special Publication 800-38B [6]. The key derivation key is the
SDMFileReadKey as configured with the SDMFileRead access right.
9.3.9.1 AES mode session key generation for SDM
The input data is constructed using the following fields as defined by [8]. Note that NIST
SP 800-108 allows defining a different order than proposed by the standard as long as it
is unambiguously defined.
• a 2-byte label, distinguishing the purpose of the key: 3CC3h for MACing and C33Ch for
encryption.
• a 2-byte counter, fixed to 0001h as only 128-bit keys are generated.
• a 2-byte length, fixed to 0080h as only 128-bit keys are generated.
• a context, constructed using the UID and/or SDMReadCtr, followed by zero-byte
padding if needed.
Firstly, the input session vectors SV x are derived as follows:
SV1 = C3h || 3Ch || 00h || 01h || 00h || 80h || UID || SDMReadCtr
SV2 = 3Ch || C3h || 00h || 01h || 00h || 80h [ || UID] [ || SDMReadCtr] [ || ZeroPadding]
Whether or not the UID and/or SDMReadCtr are included in session vector SV2,
depends on whether they are mirrored, see Section 9.3.3. Note that in case of encrypting
file data, mirroring of both is mandatory.
Therefore they are always included in SV1.
Padding with zeros is done up to a multiple of 16 bytes. So in case of 7-byte UID and
both elements are mirrored, no padding is added. Then, the 16-byte session keys are
constructed as follows:
SesSDMFileReadENCKey = MAC(SDMFileReadKey; SV1)
SesSDMFileReadMACKey = MAC(SDMFileReadKey; SV2)
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
41 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
9.3.9.2 LRP mode session key generation for SDM
The input data is constructed using the following fields as defined by [8]. Note that NIST
SP 800-108 allows defining a different order than proposed by the standard as long as it
is unambiguously defined.
• a 2-byte counter, fixed to 0001h as only 128-bit keys are generated.
• a 2-byte length, fixed to 0080h as only 128-bit keys are generated.
• a context, constructed using the UID and/or SDMReadCtr, followed by zero-byte
padding if needed.
• a 2-byte label: 1EE1h
Firstly, the input session vector SV is derived as follows:
SV = 00h || 01h || 00h || 80h [ || UID] [ || SDMReadCtr] [ || ZeroPadding] || 1Eh || E1h
Whether or not the UID and/or SDMReadCtr are included in the session vectors,
depends on whether they are mirrored, see Section 9.3.3. Note that in case of encrypting
file data, mirroring of both is mandatory. Padding with zeros is done up to a multiple of
16 bytes. So in case of 7-byte UID and both elements are mirrored, no padding is added.
Then, the session key material is constructed as follows:
SDMFileReadSPT = generatePlaintexts(4; SDMFileReadKey)
{SDMFileReadUpdateKey} = generateUpdatedKeys(1; SDMFileReadKey)
SesSDMFileReadMasterKey = MACLRP (SDMFileReadKey; SV)
SesSDMFileReadSPT = generatePlaintexts(4; SesSDMFileReadMasterKey)
{SesSDMFileReadMACUpdateKey; SesSDMFileReadENCUpdateKey} =
generateUpdatedKeys(2; SesSDMFileReadMasterKey)
with generatePlaintexts and generateUpdatedKeys the functions from [10]. Note that the
output of generateUpdatedKeys is shown in the order that the keys are generated.
The actual SesSDMFileReadMACKey then consists for LRP of the set of
plaintexts SesSDMFileReadSPT (consisting of 16 16-byte values) and
SesSDMFileReadMACUpdateKey. The SesSDMFileReadENCKey consists of the same
set of plaintexts SesSDMFileReadSPT and SesSDMFileReadENCUpdateKey.
9.3.10 Output Mapping Examples
The following figure shows an example with the static file content and how it will be read.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
42 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
VCUID-
SDMRead-
SDMENCOffset
+
Static File Output
Offset SDMRead- CtrOffset
SDMENCOffset
+
SDMENCLength
+ 14
CtrOffset
+ 6
SDMENCLength/2
SDMMACOffset
+ 16
VCUIDOffset
Placeholder
SDMENCOffset
SDMMACOffset
FileLength
Plain
File
Placeholder Plain File
Placeholder
Plain File Data
data
Data
data
Data
Plain File Data
data
Plain File Data
`'&m=''
Placeholder data
XXh, XXh, XXh, .. XXh
Plain File Data
41h, 42h, ... 4Fh
Nlen =
SDMMAC `'http://www.nxp.com/index.html?p=''
Offset + 16
XXh .. XXh
“x''
XXh .. XXh
“&c=''
20h, 21h, ... 2Fh
XXh .. XXh
SDMMACInputOffset
MAC(SesSDMFileReadMACKey, “www.nxp.com/index.html?p= || “04E134FE9D7CD3x000001
|| “&c= || “E(Ses SDMFileReadENCKey, 20h, 21h, 22h, ... 2Dh, 2Eh, 2Fh) || “&m= )
VCUID-
Offset SDMRead- CtrOffset
+ 14 CtrOffset + 6
SDMRead-
Dynamic File Output
SDMENCOffset
+
SDMMACOffset
+ 16
VCUIDOffset
SDMENCOffset
SDMENCLength
SDMMACOffset
FileLength
Plain Plain File
SDMReadCtr Plain File
Plain UID
(ASCII)
File
Encrypted File Data
(ASCII encoded)
Computed MAC
Plain File Data
Plain File Data
Data
(ASCII)
Data
Plain File Data
`'&m=''
(ASCII encoded)
“MACt
(typically not read out)
41h, 42h, ... 4Fh
Nlen =
“04E134FE9
D7CD3
“E(SesSDMFileReadENCKey,
20h, 21h, 22h, ... 2Dh, 2Eh, 2Fh)
SDMMAC `'http://www.nxp.com/index.html?p=''
Offset + 16
“x''
“000001''
“&c=''
SDMMACInputOffset
NLen
aaa-032483
Figure 12.ꢀSecure Dynamic Messaging for Reading example
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
43 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10 Command set
10.1 Introduction
This section contains the full command set of NTAG 424 DNA.
Remark: In the figures and tables, always CommMode.Plain is presented and the field
length is valid for the plain data length. For the CommMode.MAC and CommMode.Full,
the cryptogram needs to be calculated according to the secure messaging Section 9,
then data field needs to fill with the cryptogram (Plain; CMAC; encrypted data with
CMAC). Communication mode and condition are mentioned in the command description.
10.2 Supported commands and APDUs
Table 22.ꢀAPDUs
Command
C-APDU (hex)
R-APDU (hex) Communication mode
Data SW1SW2
INS
CLA INS P1
P2
Lc
Data
Le
Succ
essful
AuthenticateEV2First - Part1
AuthenticateEV2First - Part2
90
90
90
71
AF
77
00
00
00
00
00
00
XX
20
Data
Data
Data
00
00
00
Data
Data
Data
91AF
9100
91AF
N/A (command specific)
N/A (command specific)
AuthenticateEV2NonFirst -
Part1
XX
AuthenticateEV2NonFirst -
Part2
90
AF
00
00
20
Data
00
Data
9100
AuthenticateLRPFirst - Part1
AuthenticateLRPFirst - Part2
90
90
90
71
AF
77
00
00
00
00
00
00
XX
20
Data
Data
Data
00
00
00
Data
Data
Data
91AF
9100
91AF
N/A (command specific)
N/A (command specific)
AuthenticateLRPNonFirst -
Part1
XX
AuthenticateLRPNonFirst -
Part2
90
AF
00
00
20
Data
00
Data
9100
ChangeFileSettings
ChangeKey
90
90
90
90
90
90
90
90
90
00
90
90
00
90
00
5F
C4
51
00
00
00
00
00
00
00
00
00
XX
00
00
XX
00
XX
00
00
00
00
00
00
00
00
00
XX
00
00
XX
XX
-
Data
00
00
00
00
00
00
00
00
00
XX
00
00
XX
00
-
-
9100
9100
9100
9100
9100
9100
91AF
91AF
9100
9000
9100
9100
9000
9100
9000
CommMode.Full
Data
-
CommMode.Full
GetCardUID
-
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
FCI
-
CommMode.Full
GetFileCounters
GetFileSettings
GetKeyVersion
GetVersion - Part1
GetVersion - Part2
GetVersion - Part3
ISOReadBinary
ReadData
F6
F5
64
-
File ID
CommMode.Full
01
01
-
File number
CommMode.MAC
CommMode.MAC
CommMode.MAC[1]
CommMode.MAC
CommMode.MAC
CommMode.Plain
Comm. mode of targeted file
CommMode.Full
Key number
60
-
AF
AF
B0
AD
3C
A4
5C
D6
-
-
-
-
-
-
XX
01
Reference
00
Read_Sig
ISOSelectFile
XX XX Data to send
00 XX Data
XX XX Data to write
CommMode.Plain
CommMode.Full
SetConfiguration
ISOUpdateBinary
-
CommMode.Plain
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
44 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Command
C-APDU (hex)
00 XX
R-APDU (hex) Communication mode
WriteData
90
8D
00
Data
00
-
9100
Comm. mode of targeted file
[1] MAC on command and returned with the last response, calculated over all 3 responses
10.3 Status word
Table 23.ꢀSW1 SW2 for CLA byte 0x90
SW1 SW2
0x9100
0x911C
0x911E
0x9140
0x917E
0x919D
0x919E
0x91AD
0x91AE
0x91AF
0x91BE
Name
OPERATION_OK
Description
Successful operation.
Command code not supported.
ILLEGAL_COMMAND_CODE
INTEGRITY_ERROR
CRC or MAC does not match data. Padding bytes not valid.
Invalid key number specified.
NO_SUCH_KEY
LENGTH_ERROR
Length of command string invalid.
PERMISSION_DENIED
PARAMETER_ERROR
AUTHENTICATION_DELAY
AUTHENTICATION_ERROR
ADDITIONAL_FRAME
BOUNDARY_ERROR
Current configuration / status does not allow the re- quested command.
Value of the parameter(s) invalid.
Currently not allowed to authenticate. Keep trying until full delay is spent.
Current authentication status does not allow the re- quested command.
Additionaldata frame is expected to be sent.
Attempt toread/write data from/to beyond the file’s/record’s limits.
Attempt to exceed the limits of a value file.
0x91CA
0x91F0
COMMAND_ABORTED
FILE_NOT_FOUND
Previous Command was not fully completed. Not all Frames were
requested or provided by the PCD.
Specified file number does not exist.
Table 24.ꢀ SW1 SW2 for CLA byte 0x00
SW1 SW2
Description
0x6700
0x6982
0x6985
0x6A80
0x6A82
0x6A86
0x6A87
0x6C00
0x6CXX
0x6D00
0x6E00
0x9000
Wrong length; no further indication
Security status not satisfied
Conditions of use not satisfied
Incorrect parameters in the command data field
File or application not found
Incorrect parameters P1-P2
Lc inconsistent with parameters P1-P2
Wrong Le field
Wrong Le field; SW2 encodes the exact number of avail- able data bytes.
Instruction code not supported or invalid
Class not supported
Normal processing (no further qualification)
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
45 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.4 Authentication commands
Authentication with the defined key is required to access the protected file according to
access rights. Based on successful authentication session keys are generated, which are
used for secure messaging between the terminal and NT4H2421Gx.
Remark:Default FWI settings for authentication and secure messaging are set according
to GSMA specification v2.0 to the value 7h. This value is stored in the User ATS.
10.4.1 AuthenticateEV2First
This command initiates an authentication based on standard AES. After this
authentication, AES secure messaging is applied. This authentication command is
used to authenticate for the first time in a transaction and can always be used within
a transaction. AuthenticateEV2First starts a transaction with a Transaction Identifier
(TI) and AuthenticateEV2NonFirst continues the transaction with that TI. This 3-pass
challenge-response-based mutual authentication command is completed in two parts:
1st Part
1
1
1
1
1
1
1
[1...6]
1
CLA CMD P1
90 71 00
P2
00
Lc
XX
Le
00
LenCap
KeyNo
PCDcap2
PCD to PICC
16
1
1
status
Response data
E(Kx, RndB)
PICC to PCD
SW1 SW2
2nd Part
1
1
1
1
1
1
32
Data
CLA CMD P1
90 AF 00
P2
00
Lc
20
Le
00
PCD to PICC
E(Kx, RndA || RndB')
32
1
1
status
Response data
PICC to PCD
E(Kx, TI || RndA' || PDcap2 || PCDcap2)
SW1 SW2
aaa-032196
Figure 13.ꢀ AuthenticateEV2First command protocol
Table 25.ꢀ Command parameters description - AuthenticateEV2First - Part1
Name
Length
Value
Description
Command Header Parameters
CMD
1
71h
Command code.
Targeted authentication key
RFU
KeyNo
1
Bit 7-6
Bit 5-0
1
00b
0h to 4h
00h to 06h
Key number
LenCap
Length of the PCD Capabilities.
[This value should be set to 00h].
PCDcap2.1
[1]
-
Capability vector of the PCD.
RFU, can hold any value
EV2 secure messaging
Bit 7-2
Bit 1
Bit 0
Full range
0b
Full range
Full range
RFU, can hold any value
PCDcap2.2-6 [1..5]
Capability vector of the PCD.
All other bytes but PCDcap2.1 are optional,
RFU and can hold any value.
[If LenCap set to 00h, no PCDcap2 present]
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
46 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
Command Data Parameters
-
-
-
No data parameters
Table 26.ꢀ Response data parameters description - AuthenticateEV2First - Part1
Name
Length
Value
Description
E(Kx, RndB)
16
Full range
Encrypted PICC challenge
The following data, encrypted with the key Kx
referenced by KeyNo:
- RndB: 16 byte random from PICC
SW1SW2
2
91AFh
91XXh
successful execution
Refer to Table 26
Table 27.ꢀ Return code description - AuthenticateEV2First - Part1
Status
Value
CAh
7Eh
9Eh
40h
Description
COMMAND_ABORTED
LENGTH_ERROR
PARAMETER_ERROR
NO_SUCH_KEY
Chained command or multiple pass command ongoing.
Command size not allowed.
Parameter value not allowed.
Targeted key does not exist
PERMISSION_DENIED
9Dh
Targeted key not available for authentication.
Targeted key not enabled.
Targeting EV2 authentication and secure messaging,
while not allowed by configuration (PDCap2.1.Bit1 is
’1’).
AUTHENTICATION_DELAY
ADh
Currently not allowed to authenticate. Keep trying until
full delay is spent.
Table 28.ꢀ Command parameters description - AuthenticateEV2First - Part2
Name
Length
Value
Description
CMD
1
AFh
Additional frame
E(Kx, RndA || 32
RndB')
Full range
Encrypted PCD challenge and response
The following data, encrypted with the key Kx
referenced by KeyNo:
- RndA: 16 byte random from PCD.
- RndB': 16 byte RndB rotated left by 1 byte
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
47 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 29.ꢀ Response data parameters description - AuthenticateEV2First - Part2
Name
Length
Value
Description
E(Kx, TI
32
Full range
Encrypted PICC response
|| RndA' ||
PDcap2 ||
PCDcap2)
The following data encrypted with the key
referenced by KeyNo:
- TI: 4 byte Transaction Identifier
- RndA’: 16 byte RndA rotated left by 1 byte.
- PDcap2: 6 byte PD capabilities
- PCDcap2: 6 byte PCD capabilities
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 30
Table 30.ꢀ Return code description - AuthenticateEV2First - Part2
Status
Value
7Eh
Description
LENGTH_ERROR
AUTHENTICATION_ERROR
MEMORY_ERROR
Command size not allowed.
Wrong RndB'
AEh
EEh
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
48 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.4.2 AuthenticateEV2NonFirst
The AuthenticateEV2NonFirst command can be used only if there is a valid
authentication with AuthenticateEV2First. It continues the transaction with the transaction
started by previous AuthenticateEV2First command. It starts a new session. The scheme
of transaction and sessions within the transaction have been designed to protect any
possible sophisticated replay attacks
1st Part
1
1
1
1
1
1
1
Data
CLA CMD P1
90 77 00
P2
00
Lc
01
Le
00
PCD to PICC
16
KeyNo
1
1
status
Response data
E(Kx, RndB)
PICC to PCD
SW1 SW2
2nd Part
1
1
1
1
1
1
32
Data
CLA CMD P1
90 AF 00
P2
00
Lc
20
Le
00
PCD to PICC
32
E(Kx, RndA || RndB')
1
1
status
Response data
E(Kx, RndA')
PICC to PCD
SW1 SW2
aaa-032197
Figure 14.ꢀ AuthenticateEV2NonFirst command protocol
Table 31.ꢀ Command parameters description - AuthenticateEV2NonFirst - Part1
Name
Length
Value
Description
Command Header Parameters
CMD
1
77h
Command code.
Targeted authentication key
RFU
KeyNo
1
Bit 7-6
Bit 5-0
0
0h to 04h
Key number
Command Data Parameters
-
-
-
No data parameters
Table 32.ꢀ Response data parameters description - AuthenticateEV2NonFirst - Part1
Name
Length
Value
Description
E(Kx, RndB)
16
Full range
Encrypted PICC challenge
The following data, encrypted with the key Kx
referenced by KeyNo:
- RndB (16 byte): Random number from the
PICC.
SW1SW2
2
91AFh
91XXh
successful execution
Refer to Table 33
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
49 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 33.ꢀ Return code description - AuthenticateEV2NonFirst - Part1
Status
Value
CAh
7Eh
9Eh
40h
Description
COMMAND_ABORTED
LENGTH_ERROR
Chained command or multiple pass command ongoing.
Command size not allowed.
Parameter value not allowed.
Targeted key does not exist
PARAMETER_ERROR
NO_SUCH_KEY
PERMISSION_DENIED
9Dh
In not authenticated state and not targeting
OriginalityKey
Targeted key not available for authentication.
Targeted key not enabled.
AUTHENTICATION_DELAY
MEMORY_ERROR
ADh
EEh
Currently not allowed to authenticate. Keep trying until
full delay is spent.
Failure when reading or writing to non-volatile memory.
Table 34.ꢀ Command parameters description - AuthenticateEV2NonFirst - Part2
Name
Length
Value
Description
CMD
1
AFh
Additional frame
E(Kx, RndA || 32
RndB')
Full range
Encrypted PCD challenge and response
The following data, encrypted with the key Kx
referenced by KeyNo:
- RndA: 16 byte random from PCD.
- RndB': 16 byte RndB rotated left over 1 byte.
Table 35.ꢀ Response data parameters description - AuthenticateEV2NonFirst - Part2
Name
Length
Value
Description
E(Kx, RndA')
16
Full range
Encrypted PICC challenge and response
The following data, encrypted with the key Kx
referenced by KeyNo:
- RndA: 16 byte random from PCD.
- RndB’: 16 byte RndB rotated left over 1 byte.
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 36
Table 36.ꢀ Return code description - AuthenticateEV2NonFirst - Part2
Status
Value
7Eh
Description
LENGTH_ERROR
AUTHENTICATION_ERROR
MEMORY_ERROR
Command size not allowed.
Wrong RndB'
AEh
EEh
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
50 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.4.3 AuthenticateLRPFirst
Authentication for LRP secure messaging. The AuthenticationLRPFirst is intended to be
the first in a transaction and recommended. LRP secure messaging allows side-channel
resistant implementations.
1st Part
1
1
1
1
1
1
1
CLA CMD P1
90 71 00
P2
00
Lc
01
Le
00
KeyNo
PCD to PICC
PICC to PCD
1
16
1
1
status
Auth
Mode
Response data
RndB
SW1 SW2
2nd Part
1
1
1
1
1
1
16
RndA
16
PCDResponse
Data
CLA CMD P1
90 AF 00
P2
00
Lc
20
Le
00
PCD to PICC
16
16
PICCResponse
1
1
Data
status
PICC to PCD
PICCData
SW1 SW2
aaa-032199
Figure 15.ꢀ AuthenticateLRPFirst command protocol
Table 37.ꢀCommand parameters description - AuthenticateLRPFirst - Part1
Name
Length
Value
Description
Command Header Parameters
CMD
1
71h
Command code.
KeyNo
1
Targeted authentication key
RFU
Bit 7-6
Bit 5-0
1
00b
0h..4h
1h..6h
-
Key number
LenCap
Length of the PCD Capabilities.
Capability vector of the PCD.
RFU, can hold any value
LRP secure messaging
RFU, can hold any value
Capability vector of the PCD.
PCDcap2.1
1
Bit 7-2
Bit 1
Bit 0
Full range
1b
Full range
Full range
PCDcap2.2-6 [1..5]
All other bytes but PCDcap2.1 are optional,
RFU and can hold any value.
Command Data Parameters
-
-
-
No data parameters
Table 38.ꢀResponse data parameters description - AuthenticateLRPFirst - Part1
Name
Length
Value
01h
Description
AuthMode
RndB
1
LRP Mode
16
Full range
PICC challenge
RndB
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
51 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
SW1SW2
2
91AFh
91XXh
successful execution
Refer to Table 39
Table 39.ꢀ Return code description - AuthenticateLRPFirst - Part1
Status
Value
CAh
7Eh
9Eh
40h
Description
COMMAND_ABORTED
LENGTH_ERROR
PARAMETER_ERROR
NO_SUCH_KEY
Chained command or multiple pass command ongoing.
Command size not allowed.
Parameter value not allowed.
Targeted key does not exist.
PERMISSION_DENIED
9Dh
Targeted key is locked as related TotFailCtr is equal to
or bigger than the TotFailCtrLimit.
AUTHENTICATION_DELAY
MEMORY_ERROR
ADh
EEh
Currently not allowed to authenticate. Keep trying until
full delay is spent.
Failure when reading or writing to non-volatile memory.
Table 40.ꢀCommand parameters description - AuthenticateLRPFirst - Part2
Name
Length
Value
Description
CMD
1
AFh
Additional frame
PCD challenge
RndA
16
16
Full range
Full range
PCDResponse
PCD response
MACLRP (SesAuthMACKey;RndA || RndB)
Table 41.ꢀResponse data parameters description - AuthenticateLRPFirst - Part2
Name
Length
Value
Description
PICCData
16
Full range
Encrypted PICC data,
ELRP (SesAuthENCKey; TI; PDCap2;
PCDCap2)
PICCRespons 16
e
Full range
PICC response to the challenge
MACLRP (SesAuthMACKey; RndB || RndA ||
PICCData)
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 42
Table 42.ꢀ Return code description - AuthenticateLRPFirstPart2
Status
Value
7Eh
Description
LENGTH_ERROR
AUTHENTICATION_ERROR
MEMORY_ERROR
Command size not allowed.
Wrong PCDResp
AEh
EEh
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
52 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.4.4 AuthenticateLRPNonFirst
Consecutive authentication for LRP secure messaging. After this authentication,
LRP secure messaging is used. This authentication is intended to be the following
authentication in a transaction.
1st Part
1
1
1
1
1
1
1
[1...6]
1
CLA CMD P1
90 71 00
P2
00
Lc
XX
Le
00
KeyNo LenCap
PCDcap2
PCD to PICC
1
16
1
1
status
Auth
Mode
Response data
RndB
PICC to PCD
SW1 SW2
2nd Part
1
1
1
1
1
1
16
16
Data
CLA CMD P1
90 AF 00
P2
00
Lc
20
Le
00
PCD to PICC
32
RndA
PCDResponse
1
1
status
Response data
PICC to PCD
PICCResponse
SW1 SW2
aaa-032198
Figure 16.ꢀ AuthenticationLRPNonFirst command protocol
Table 43.ꢀCommand parameters description - AuthenticateLRPNonFirst - Part1
Name
Length
Value
Description
Command Header Parameters
CMD
1
71h
Command code.
Targeted authentication key
RFU
KeyNo
1
Bit 7-6
Bit 5-0
00b
00h to 04h
Key Number
Command Data Parameters
-
-
-
No data parameters
Table 44.ꢀResponse data parameters description - AuthenticateLRPNonFirst - Part1
Name
Length
Value
01h
Description
LRP
AuthMode
RndB
1
16
2
Full range
PICC random RndB
SW1SW2
91AFh
91XXh
successful execution
Refer to Table 45
Table 45.ꢀ Return code description - AuthenticateLRPNonFirst - Part1
Status
Value
CAh
7Eh
Description
COMMAND_ABORTED
LENGTH_ERROR
PARAMETER_ERROR
Chained command or multiple pass command ongoing.
Command size not allowed.
9Eh
Parameter value not allowed.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
53 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Status
Value
40h
Description
NO_SUCH_KEY
Targeted key does not exist
PERMISSION_DENIED
9Dh
In not authenticated state and not targeting
OriginalityKeys
Targeted key not available for authentication.
Targeted key not enabled.
AUTHENTICATION_DELAY
MEMORY_ERROR
ADh
EEh
Currently not allowed to authenticate.
Keep trying until full delay is spent.
Failure when reading or writing to non-volatile memory.
Table 46.ꢀ Command parameters description - AuthenticateLRPNonFirst - Part2
Name
CMD
RndA
Length
Value
Description
1
AFh
Additional frame
16
Full range
PCD challenge
RndA
PCDResp
16
Full range
PCD response to the challenge
MACLRP (SesAuthMACKey;RndA || RndB)
Table 47.ꢀResponse data parameters description - AuthenticateLRPNonFirst - Part2
Name
Length
Value
Description
PICCResp
16
Full range
PICC response to the challenge
MACLRP (SesAuthMACKey;RndB || RndA)
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 48
Table 48.ꢀ Return code description - AuthenticateLRPNonFirst - Part2
Status
Value
7Eh
Description
LENGTH_ERROR
AUTHENTICATION_ERROR
MEMORY_ERROR
Command size not allowed.
Wrong PCDResp
AEh
EEh
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
54 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.5 Memory and configuration commands
10.5.1 SetConfiguration
With the SetConfiguration command, the application attributes can be configured. It
requires an authentication with the AppMasterKey and CommMode.Full.
The command consists of an option byte and a data field with a size depending on the
option. The option byte specifies the nature of the data field content.
In the below table “No change” references are used with configurations that are
persistent. This means that the associated configuration is left as it is already in the card
and its value is not changed.
1
1
1
1
1
1
1
up to 40 bytes
Data
CLA CMD P1
90 5C 00
P2
00
Lc
XX
Le
00
PCD to PICC
0
Option
Data Parameters
1
1
status
Response data
-
PICC to PCD
SW1 SW2
aaa-032200
Figure 17.ꢀ SetConfiguration command protocol
Table 49.ꢀCommand parameters description - SetConfiguration
Name
Length
Value
Description
Command Header Parameters
Cmd
1
1
5Ch
-
Command code.
Option
Configuration Option. It defines the length and
content of the Data parameter. The Option byte
is transmitted in plain text, whereas the Data is
always transmitted in CommMode.Full.
00h
PICC configuration.
Secure Messaging Configuration.
Capability data.
04h
05h
0Ah
Failed authentication counter setting
HW configuration
0Bh
Other values
RFU
Command Data Parameters
Data Up to 10 bytes
-
Data content depends on option values.
Full range
Data content depends on option value as
defined in setConfigOptionsList Table.
Table 50.ꢀ SetConfigOptionList
Option
Data
Length
Field
Length/bitin Description
dex
00h
1 byte
PICC Configuration
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
55 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Option
Data
Length
Field
Length/bitin Description
dex
PICCConfig
Bit 7-2
Bit 1
RFU
UseRID configuration for Random.
Random ID is disabled at delivery
time.
1b: Enable Random UID
0b: No change
Bit 0
RFU
04h
2 bytes
Secure Messaging Configuration
SMConfig
Bit 15 to 3
Bit 2
RFU
Secure messaging configuration
for StandardData file
0b: No Change
1b: disable chained writing with
WriteData command in CommMod
e.MAC and CommMode.Full
Bit 1-0
RFU
05h
10 bytes Capability data, consisting of PDCap2
4 bytes
1 byte
RFU
User configured PDCap2.1
Bit 7 to 2: RFU
Bit 1: 1b means enable LRP
mode. This change is permanent,
LRP mode cannot be disabled
afterwards.
Bit 1: 0b means no change
3 bytes
1 byte
1 byte
RFU
User configured PDCap2.5
User configured PDCap2.6
0Ah
5 bytes
Failed authentication counter configuration
FailedCtrOption
1 byte
Bit 7 to 1: RFU
Bit 0: Set to 0b for disabling
Bit 0: Set to 1b for enabling
[default]
TotFailCtrLimit
2 bytes
configurable limit, encoded as
2-byte unsigned integer (LSB
first), must be bigger than 0000h.
Default value: 1000. When
disabling, this value is ignored
TotFailCtrDecr
2 bytes
configurable decrement value,
encoded as 2-byte unsigned
integer (LSB first). Default value:
10. When disabling, this value is
ignored.
0Bh
1 byte
HW configuration
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
56 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Option
Data
Length
Field
Length/bitin Description
dex
HW Option
1 byte
Bit 7 to 1: RFU
Bit 0: Set to 0b for Standard back
modulation
Bit 0: Set to 1b for Strong back
modulation (default)[1]
[1] note that it is strongly recommended to leave the default setting, specifically for antennas smaller than Class1
Table 51.ꢀResponse data parameters description - SetConfiguration
Name
Length
Value
Description
Response
data
0
-
No response data
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 52
Table 52.ꢀReturn code description - SetConfiguration
Status
Value Description
COMMAND_ABORTED
INTEGRITY_ERROR
CAh
1Eh
Chained command or multiple pass command ongoing.
Invalid cryptogram (padding or CRC). Invalid secure
messaging MAC.
LENGTH_ERROR
7Eh
Command size not allowed.
Option 00h: Data length is not 1
Option 04h: Data length is not 2
Option 05h: Data length is not 10
Option 0Ah: Data length is not 5
Option 0Bh: Data length is not 1
PARAMETER_ERROR
PERMISSION_DENIED
9Eh
9Dh
Parameter value not allowed.
Option 00h: Data bit 7-2 or bit 0 not set to 0b.
Unsupported option (i.e. Reserved).
Option 00h, 04h, 05h, 0Ah, 0Bh: not supported / allowed at
PICC level
AUTHENTICATION_ERROR AEh
MEMORY_ERROR EEh
Option 00h, 04h, 05h, 0Ah, 0Bh: No active authentication
with AppMasterKey.
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
57 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.5.2 GetVersion
The GetVersion command returns manufacturing related data of NTAG 424 DNA
(NT4H2421Gx). No parameters are required for this command.
Remark: This command is only available after ISO/IEC 14443-4 activation.
The version data is return over three frames. Part1 returns the hardware-related
information, Part2 returns the software-related information and Part3 and last frame
returns the production-related information. This command is freely accessible without
secure messaging as soon as the PD is selected and there is no active authentication.
1
1
1
1
1
1
Data
-
CLA CMD P1
90 60 00
P2
00
Lc
-
Le
00
PCD to PICC
1
1
1
1
1
1
1
1
1
status
PICC to PCD
VendorID HWType HWSubType HWMajorVersion HWMinorVersion HWStorageSize HWProtocol
SW1 SW2
0
1
CLA CMD P1
90 AF 00
1
1
1
1
1
Data
-
P2
00
Lc
-
Le
00
PCD to PICC
1
1
1
1
1
1
1
1
1
status
PICC to PCD
VendorID SWType SWSubType SWMajorVersion SWMinorVersion SWStorageSize SWProtocol
SW1 SW2
1
CLA CMD P1
90 AF 00
1
1
1
1
0
1
Data
-
P2
00
Lc
-
Le
00
PCD to PICC
1
1
7
4
1
1
1
[1]
status
SW1 SW2
aaa-032201
PICC to PCD
UID
BatchNo
BatchNo/FabKey
FabKey/CWProd
YearProd
FabKeyID
Figure 18.ꢀGetVersion command protocol
Part 1
Table 53.ꢀ Command parameters description - GetVersion - Part1
Name
Command Header Parameters
Cmd
Command Data Parameters
Length
Value
60h
-
Description
1
Command code.
No data parameters
-
-
Table 54.ꢀ Response data parameters description - GetVersion - Part1
Name
Length
Value
04h
04h
-
Description
VendorID
HWType
HWSubType
1
1
1
Vendor ID
HW type for NTAG
HW subtype
X2h
0Xh
8Xh
30h
50 pF
Strong back modulation
Standard back modulation
HW major version number
HWMajorVersion
1
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
58 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
HWMinorVersion
1
1
00h
-
HW minor version number
HW storage size
256 B<storage size< 512 B
RFU
HWStorageSize
11h
other
values
HWProtocol
SW1SW2
1
2
05h
HW communication protocol type
91AFh
91XXh
successful execution
Refer to Table 59
Part 2
Table 55.ꢀ Command parameters description - GetVersion - Part2
Name
CMD
Data
Length
Value
AFh
-
Description
1
0
Additional frame request.
No data parameters:
Table 56.ꢀ Response data parameters description - GetVersion - Part2
Name
Length
Value
04h
04h
02h
01h
02h
-
Description
VendorID
1
1
1
1
1
1
Vendor ID
SWType
SW type for NTAG
SW subtype
SWSubType
SWMajorVersion
SWMinorVersion
SWStorageSize
SW major version number
SW minor version number
SW storage size
256 B<storage size< 512 B
RFU
11h
other
values
SWProtocol
SW1SW2
1
2
05h
SW communication protocol type
91AFh
91XXh
successful execution
Refer to Table 59
Part 3
Table 57.ꢀ Command parameters description - GetVersion - Part3
Name
CMD
Data
Length
Value
AFh
-
Description
1
0
Additional frame request.
No data parameters:
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
59 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 58.ꢀ Response data parameters description - GetVersion - Part3
Name
Length
Value
-
Description
UID
7
UID
All zero
if configured for RandomID
Full range UID if not configured for RandomID
Full range Production batch number
BatchNo
4
BatchNo/FabKey
1
Bit 7-4
Bit 3-0
1
Full range Production batch number
0h
Default FabKey, other values RFU
FabKey/CWProd
Bit 7
Bit 6-0
1
0b
Default FabKey, other values RFU
Calendar week of production
01h..52h
YearProd
FabKeyID
Full range Year of production
[1]
1Fh..FFh Optional, present for customized configurations
when FabKey = 1Fh
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 59
Table 59.ꢀ Return code description - GetVersion
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
LENGTH_ERROR
MEMORY_ERROR
Chained command or multiple pass command ongoing.
Invalid secure messaging MAC (only).
Command size not allowed.
7Eh
EEh
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
60 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.5.3 GetCardUID
GetCardUID command is required to get the 7-byte UID from the card. In case "Random
ID" at activation is configured, encrypted secure messaging is applied for this command
and response. An authentication with any key needs to be performed prior to the
command GetCardUID. This command returns the UID and gives the opportunity to
retrieve the UID, even if the Random ID is used.
1
1
1
1
1
1
Data
-
CLA CMD P1
90 51 00
P2
00
Lc
-
Le
00
PCD to PICC
7
1
1
status
Response data
UID
PICC to PCD
SW1 SW2
aaa-032202
Figure 19.ꢀGetCardUID command protocol
Table 60.ꢀ Command parameters description - GetCardUID
Name
Command Header Parameters
Cmd
Command Data Parameters
Length
Value
51h
-
Description
1
Command code.
-
-
No data parameters
Table 61.ꢀ Response data parameters description - GetCardUID
Name
UID
Length
Value
Description
7
2
Full range
UID of the NT4H2421Gx
SW1SW2
9100h
91XXh
successful execution
Refer to Table 62
Table 62.ꢀ Return code description - GetCardUID
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
LENGTH_ERROR
AUTHENTICATION_ERROR
MEMORY_ERROR
Chained command or multiple pass command ongoing.
Invalid secure messaging MAC (only).
Command size not allowed.
7Eh
AEh
EEh
No active authentication
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
61 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.6 Key management commands
NT4H2421Gx provides the following command set for Key Management.
10.6.1 ChangeKey
The ChangeKey command is used to change the application keys. Authentication with
application key number 0 is required to change the key. CommMode.Full is applied for
this command. Note that the cryptogram calculations for changing key number 0 and
other keys are different.
1
1
1
1
1
1
1
17 or 21
Data
CLA CMD P1
90 C4 00
P2
00
Lc
XX
Le
00
PCD to PICC
KeyNo
KeyData
0
1
1
status
Response data
-
PICC to PCD
SW1 SW2
aaa-032203
Figure 20.ꢀ ChangeKey command protocol
Table 63.ꢀ Command parameters description - ChangeKey
Name
Length
Value
Description
Command Header Parameters
Cmd
1
C4h
-
Command code.
KeyNo
1
Key number of the key to be changed.
RFU
Bit 7-6
Bit 5-0
00b
Key Number
0h..4h
The application key number
Command Data Parameters
KeyData 17 or 21
New key data.
full range
if key 0 is to be changed
NewKey || KeyVer
(17-byte
length)
full range
if key 1 to 4 are to be changed
(21-byte
length)
(NewKey XOR OldKey) || KeyVer ||
CRC32NK[1]
[1] The CRC32NK is the 4-byte CRC value computed according to IEEE Std 802.3-2008 (FCS Field) over NewKey [9]
Table 64.ꢀ Response data parameters description - ChangeKey
Name
Length
Value
Description
Response data
SW1SW2
0
2
-
No response data
9100h
91XXh
successful execution
Refer to Table 65
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
62 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 65.ꢀ Return code description - ChangeKey
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
Chained command or multiple pass command ongoing.
Integrity error in cryptogram or invalid secure
messaging MAC ( Secure Messaging).
LENGTH_ERROR
7Eh
9Eh
40h
9Dh
Command size not allowed.
Parameter value not allowed.
Targeted key does not exist
PARAMETER_ERROR
NO_SUCH_KEY
PERMISSION_DENIED
At PICC level, targeting any OriginalityKey which
cannot be changed
AUTHENTICATION_ERROR
MEMORY_ERROR
AEh
EEh
At application level, missing active authentication with
AppMasterKey while targeting any AppKey.
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
63 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.6.2 GetKeyVersion
The GetKeyVersion command retrieves the current key version of any key. Key version
can be changed with the ChangeKey command together with the key.
1
1
1
1
1
1
1
CLA CMD P1
90 64 00
P2
00
Lc
01
Le
00
KeyNo
PCD to PICC
1
1
1
status
Response data
KeyVer
PICC to PCD
SW1 SW2
aaa-032204
Figure 21.ꢀ GetKeyVersion command protocol
Table 66.ꢀ Command parameters description - GetKeyVersion
Name
Length
Value
Description
Command Header Parameters
Cmd
1
64h
Command code.
KeyNo
1
-
Key number of the targeted key
RFU
Bit 7-4
3 to 0
00h
00h to 04h
Application key number
Command Data Parameters
-
-
-
No data parameters
Table 67.ꢀ Response data parameters description - GetKeyVersion
Name
Length
Value
-
Description
KeyVer
1
Key version of the targeted key
[if targeting disabled keys]
[if targeting OriginalityKey]
[else]
00h
00h
Full range
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 68
Table 68.ꢀ Return code description - GetKeyVersion
Status
Value
CAh
1Eh
7Eh
9Eh
40h
Description
COMMAND_ABORTED
INTEGRITY_ERROR
LENGTH_ERROR
PARAMETER_ERROR
NO_SUCH_KEY
Chained command or multiple pass command ongoing.
Invalid secure messaging MAC (only).
Command size not allowed.
Parameter value not allowed.
Targeted key does not exist.
MEMORY_ERROR
EEh
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
64 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.7 File management commands
The NT4H2421Gx provides the following command set for File Management functions.
10.7.1 ChangeFileSettings
The ChangeFileSettings command changes the access parameters of an existing file.
The communication mode can be either CommMode.Plain or CommMode.Full based on
current access right of the file.
1
1
1
1
1
1
Data
CLA CMD P1
90 5F 00
P2
00
Lc
XX
Le
00
FileNo FileOption AccessRights [SDMOptions SMDAccessRights UIDOffset SDMReadCtrOffset
PICCDataOffset SDMMACInputOFFset SDMENCOffset SDMENCLength SDMMACOffset SDMReadCtrLimit]
PCD to PICC
0
1
1
status
Response data
-
PICC to PCD
SW1 SW2
aaa-032576
Figure 22.ꢀ ChangeFileSettings command protocol
Table 69.ꢀ Command parameters description - ChangeFileSettings
Name
Length
Value
Description
Command Header Parameters
Cmd
1
5Fh
-
Command code.
FileNo
1
File number of the targeted file.
Bit 7-5
Bit 4-0
RFU
File number
Command Data Parameters
FileOption
1
-
Options for the targeted file.
RFU
Bit 7
Bit 6
0b
Secure Dynamic Messaging and
Mirroring
0b
disabled
enabled
RFU
1b
Bit 5-2
Bit 1-0
0000b
CommMode (see Table
CommunicationModes)
AccessRights
SDMOptions
2
-
-
Set of access conditions for the first
set in the file (see Section 8.2.3.3).
[1]
[Optional, present if FileOption[Bit
6] set]
SDM Options
UID (only for mirroring)
disabled
Bit 7
Bit 6
-
0b
1b
-
enabled
SDMReadCtr
disabled
0b
1b
enabled
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
65 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
SDMReadCtrLimit
disabled
Bit 5
-
0b
1b
-
enabled
Bit 4
SDMENCFileData
disabled
0b
1b
000b
-
enabled
Bit 3-1
Bit 0
RFU
Encoding mode
ASCII
1b
-
SDMAccessRights
[2]
[Optional, present if FileOption[Bit
6] set]
SDM Access Rights
Bit 15- 12
-
SDMMetaRead access right
0h..4h
Encrypted PICCData mirroring
using the targeted AppKey
Eh
Plain PICCData mirroring
No PICCData mirroring
SDMFileRead access right
Targeted AppKey
No SDM for Reading
RFU
Fh
Bit 11- 8
-
0h..4h
Fh
Bit 7-4
Bit 3-0
Fh
-
SDMCtrRet access right
Targeted AppKey
Free
0h..4h
Eh
Fh
No Access
UIDOffset
[3]
[3]
-
[Optional, present if
((SDMOptions[Bit 7] = 1b) AND
(SDMMetaRead access right = Eh)]
Mirror position (LSB first) for UID
0h .. (FileSize -
UIDLength)
Offset within the file
SDMReadCtrOffset
-
[Optional, present if
((SDMOptions[Bit 6] = 1b) AND
(SDMMetaRead access right = Eh)]
Mirror position (LSB first) for
SDMReadCtr
0h .. (FileSize -
Offset within the file
SDMReadCtrLength)
FFFFFFh
No SDMReadCtr mirroring
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
66 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
PICCDataOffset
[3]
-
[Optional, present if SDMMetaRead
access right =0h..4h]
Mirror position (LSB first) for
encrypted PICCData
0h .. (FileSize -
Offset within the file
PICCDataLength)
SDMMACInputOffset
SDMENCOffset
[3]
[3]
-
[Optional, present if SDMFileRead
access right != Fh]
Offset in the file where the SDM
MAC computation starts (LSB first)
0h .. (SDMMACOffset) Offset within the file
[Optional, present if ((SDMFileRead
-
access right != Fh) AND
(SDMOptions[Bit 4] = 1b))]
SDMENCFileData mirror position
(LSB first)
SDMMACInputOffset .. Offset within the file
(SDMMACOffset - 32)
SDMENCLength
[3]
[3]
-
[Optional, present if ((SDMFileRead
access right != Fh) AND
(SDMOptions[Bit 4] = 1b))]
Length of the SDMENCFileData
(LSB first)
32 .. (SDMMACOffset - Offset within the file, must be
SDMENCOffset)
multiple of 32
SDMMACOffset
-
[Optional, present if SDMFileRead
access right != Fh]
SDMMAC mirror position (LSB first)
SDMMACInputOffset .. [if (SDMFileRead access right !=
(FileSize - 16)
Fh) AND (SDMOptions[Bit 4] = 0b)]
Offset within the file
(SDMENCOffset +
SDMENCLength) ..
(FileSize- 16)
[if (SDMFileRead access right !=
Fh) AND (SDMOptions[Bit 4] = 1b)]
Offset within the file
SDMReadCtrLimit
[3]
Full range
[Optional, present if
SDMOptions[Bit 5] = 1b]
SDMReadCtrLimit value (LSB first)
Table 70.ꢀ Response data parameters description - ChangeFileSettings
Name
Length
Value
Description
Response
data
0
-
No response data
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 71
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
67 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 71.ꢀ Return code description - ChangeFileSettings
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
Chained command or multiple pass command ongoing.
Integrity error in cryptogram. Invalid Secure Messaging
MAC (only).
LENGTH_ERROR
7Eh
9Eh
Command size not allowed.
Parameter value not allowed.
PARAMETER_ERROR
Targeted key for one of the access conditions in
AccessRights or SDMAccessRights does not exist.
Trying to set access right SDMMetaRead to a value
different than Fh, while both UID and SDMReadCtr
mirroring are disabled.
Trying to set access right SDMMetaRead to Fh, while
enabling UID mirroring.
Trying to set access right SDMCtrRet to a value
different from Fh, while SDMReadCtr is disabled.
SDMMAC and UID mirroring are overlapping, i.e. the
following condition is not satisfied: (SDMMACOffset
≥ UIDOffset + UIDLength) OR (UIDOffset ≥
SDMMACOffset + SDMMACLength)
SDMMAC and SDMReadCtr mirroring are
overlapping, i.e. the following condition is not
satisfied: (SDMMACOffset ≥ SDMReadCtrOffset
+ SDMReadCtrLength) OR (SDMReadCtrOffset ≥
SDMMACOffset + SDMMACLength)
SDMMAC and PICCData mirroring are
overlapping, i.e. the following condition is not
satisfied: (SDMMACOffset ≥ PICCDataOffset
+ PICCDataLength) OR (PICCDataOffset ≥
SDMMACOffset + SDMMACLength)
SDMENCFileData and UID mirroring are overlapping,
i.e. the following condition is not satisfied:
(SDMENCOffset ≥ UIDOffset + UIDLength) OR
(UIDOffset ≥ SDMENCOffset + SDMENCLength)
SDMENCFileData and SDMReadCtr mirroring
are overlapping, i.e. the following condition is not
satisfied: (SDMENCOffset ≥ SDMReadCtrOffset
+ SDMReadCtrLength) OR (SDMReadCtrOffset ≥
SDMENCOffset + SDMENCLength)
SDMENCFileData and PICCData mirroring are
overlapping, i.e. the following condition is not
satisfied: (SDMENCOffset ≥ PICCDataOffset
+ PICCDataLength) OR (PICCDataOffset ≥
SDMENCOffset + SDMENCLength)
UID and SDMReadCtr mirroring are overlapping, i.e.
the following condition is not satisfied: (UIDOffset
≥ SDMReadCtrOffset + SDMReadCtrLength) OR
(SDMReadCtrOffset ≥ UIDOffset + UIDLength)
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
68 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Status
Value
Description
Enabling Secure Dynamic Messaging encryption
(SDMOptions[Bit 4] set to 1b) is not possible if access
right SDMFileRead = Fh.
Enabling Secure Dynamic Messaging encryption
(SDMOptions[Bit 4] set to 1b) is not allowed if
not both SDMReadCtr and UID are mirrored (i.e.
SDMOptions[Bit 7] and SDMOptions[Bit 6] must be set
to 1b)
Trying to set a SDMReadCtrLimit while not enabling
SDMReadCtr.
Trying to set a SDMReadCtrLimit which is smaller or
equal to the current SDMReadCtr.
PERMISSION_DENIED
9Dh
PICC level (MF) is selected.
access right Change of targeted file has access
conditions set to Fh.
Enabling Secure Dynamic Messaging (FileOption Bit 6
set to 1b) is only allowed for FileNo 02h.
FILE_NOT_FOUND
F0h
AEh
File with targeted FileNo does not exist for the targeted
application.
AUTHENTICATION_ERROR
File access right Change of targeted file not granted as
there is no active authentication with the required key
while the access conditions is different from Fh.
MEMORY_ERROR
EEh
Failure when reading or writing to non-volatile memory.
10.7.2 GetFileSettings
The GetFileSettings command allows getting information on the properties of a specific
file. The information provided by this command depends on the type of the file which is
queried.
1
1
1
1
1
1
1
CLA CMD P1
90 F5 00
P2
00
Lc
01
Data
FileNo
Le
00
PCD to PICC
1
1
Response data
status
FileType FileOption AccessRights FileSize [SDMOptions SMDAccessRights UIDOffset SDMReadCtrOffset
PICCDataOffset SDMMACInputOffset SDMENCOffset SDMENCLength SDMMACOffset SDMReadCtrlLimit]
PICC to PCD
SW1 SW2
aaa-032579
Figure 23.ꢀ GetFileSettings command protocol
Table 72.ꢀCommand parameters description - GetFileSettings
Name
Length
Value
Description
Command Header Parameters
Cmd
1
F5h
-
Command code.
File number of the targeted file.
RFU
FileNo
1
Bit 7-5
Bit 4-0
File number
Command Data Parameters
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
69 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
-
-
-
No data parameters
Table 73.ꢀ Response data parameters description - GetFileSettings
Name
Length
Value
-
Description
FileType
1
File Type of the targeted file.
StandardData File
00h
Other values RFU
FileOption
1
-
-
Options for the targeted file.
Bit 7
Bit 6
RFU
Secure Dynamic Messaging and
Mirroring
0b
disabled
enabled
RFU
1b
Bit 5-2
Bit 1-0
0000b
CommMode (see Table
CommunicationModes)
AccessRights
2
-
Set of access conditions for the 1st set in
the file (see Section 8.2.3.3).
FileSize
3
-
-
File size of the targeted file.
SDMOptions
[1]
[Optional, present if FileOption[Bit 6] set]
SDM Options, see Table 69
SDMAccessRights
UIDOffset
[2]
[3]
-
-
[Optional, present if FileOption[Bit 6] set]
SDM Access Rights, see Table 69
[Optional, present if ((SDMOptions[Bit 7]
= 1b) AND (SDMMetaRead access right
= Eh)]
Mirror position (LSB first) for UID, see
Table 69
SDMReadCtrOffset
[3]
-
[Optional, present if ((SDMOptions[Bit 6]
= 1b) AND (SDMMetaRead access right
= Eh)]
Mirror position (LSB first) for
SDMReadCtr, see Table 69
PICCDataOffset
[3]
[3]
-
-
[Optional, present if SDMMetaRead
access right =0h..4h]
Mirror position (LSB first) for encrypted
PICCData, see Table 69
SDMMACInputOffset
[Optional, present if SDMFileRead
access right != Fh]
Offset in the file where the SDM MAC
computation starts (LSB first), see
Table 69
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
70 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
SDMENCOffset
[3]
-
[Optional, present if ((SDMFileRead
access right != Fh) AND
(SDMOptions[Bit 4] = 1b))]
SDMENCFileData mirror position (LSB
first), see Table 69
SDMENCLength
[3]
-
[Optional, present if ((SDMFileRead
access right != Fh) AND
(SDMOptions[Bit 4] = 1b))]
Length of the SDMENCFileData (LSB
first), see Table 69
SDMMACOffset
SDMReadCtrLimit
SW1SW2
[3]
[3]
2
-
-
[Optional, present if SDMFileRead
access right != Fh]
SDMMAC mirror position (LSB first), see
Table 69
[Optional, present if SDMOptions[Bit 5] =
1b]
SDMReadCtrLimit value (LSB first), see
Table 69
9100h
91XXh
successful execution
Refer to Table 74
Table 74.ꢀ Return code description - GetFileSettings
Status
Value
CAh
1Eh
7Eh
9Eh
9Dh
F0h
Description
COMMAND_ABORTED
INTEGRITY_ERROR
LENGTH_ERROR
PARAMETER_ERROR
PERMISSION_DENIED
FILE_NOT_FOUND
Chained command or multiple pass command ongoing.
Invalid secure messaging MAC (only).
Command size not allowed.
Parameter value not allowed.
PICC level (MF) is selected.
File with targeted FileNo does not exist for the targeted
application.
MEMORY_ERROR
EEh
Failure when reading or writing to non-volatile memory.
10.7.3 GetFileCounters
The GetFileCounters command supports retrieving of the current values associated
with the SDMReadCtr related with a StandardData file after enabling Secure Dynamic
Messaging, see Section 9.3 and Section 10.7.1.
1
1
1
1
1
1
1
Data
CLA CMD P1
90 F6 00
P2
00
Lc
xx
Le
00
PCD to PICC
FileNr
8
1
1
status
Response data
PICC to PCD
SDMReadCtr Reserved
SW1 SW2
aaa-032471
Figure 24.ꢀ GetFileCounters command protocol
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
71 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 75.ꢀ Command parameters description - GetFileCounters
Name
Length
Value
Description
Command Header Parameters
Cmd
1
F6h
-
Command code.
File number of the targeted file.
RFU
FileNo
1
Bit 7-5
Bit 4-0
000b
Limited range File number
Command Data Parameters
-
-
-
No data parameters
Table 76.ꢀ Response data parameters description - GetFileCounters
Name
Length
Value
Description
SDMReadCtr
3
Full Range
Current SDMReadCtr of the targeted file (LSB
first).
Reserved
SW1SW2
2
2
0000h
RFU
9100h
91XXh
successful execution
Refer to Table 77
Table 77.ꢀ Return code description - GetFileCounters
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
LENGTH_ERROR
PARAMETER_ERROR
PERMISSION_DENIED
Chained command or multiple pass command ongoing
Invalid secure messaging MAC
Command size not allowed
7Eh
9Eh
Parameter value not allowed
PICC level (MF) is selected.
9Dh
Targeted file has no Secure Dynamic Messaging
enabled.
Targeted file has SDMCtrRet access right set to Fh.
Targeted file does not exist in the targeted application
FILE_NOT_FOUND
F0h
AEh
AUTHENTICATION_ERROR
SDMCtrRet access right not granted while different
from Fh.
FILE_NOT_FOUND
MEMORY_ERROR
F0h
EEh
File with targeted FileNo does not exist for the targeted
application.
Failure when reading or writing to non-volatile memory
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
72 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.8 Data management commands
The NT4H2421Gx provides the following command set for Data Management functions.
10.8.1 ReadData
The ReadData command allows reading data from StandardData Files. The Read
command requires a preceding authentication either with the key specified for Read
or ReadWrite access, see the access rights section Section 8.2.3.3. Depending
on the communication mode settings of the file secure messaging is applied, see
Section 8.2.3.5.
1
1
1
1
1
1
1
3
3
CLA CMD P1
90 AD 00
P2
00
Lc
07
Le
00
FileNo
Offset
Length
PCD to PICC
up to 256
1
1
status
Response data
-
PICC to PCD
SW1 SW2
aaa-032211
Figure 25.ꢀ ReadData command protocol
Table 78.ꢀ Command parameters description - ReadData
Name
Length
Value
Description
Command Header Parameters
Cmd
1
ADh
-
Command code.
FileNo
1
File number of the targeted file.
Bit 7-5
Bit 4-0
000b
RFU
File number
Full Range
Offset
3
3
000000h ..
(FileSize - 1)
Starting position for the read operation.
Number of bytes to be read.
Length
-
000000h
Read the entire StandardData file, starting
from the position specified in the offset value.
Note that the short length Le limits response
data to 256 byte including secure messaging (if
applicable).
000001h ..
(FileSize -
Offset)
Command Data Parameters
-
-
-
No data parameters
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
73 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 79.ꢀ Response data parameters description - ReadData
Name
Length
Value
Description
Response
data
up to 256
byte including
secure
Full Range
Data read from the file
messaging
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 80
Table 80.ꢀ Return code description - ReadData
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
Chained command or multiple pass command ongoing
Invalid secure messaging MAC (only)
SMDRdCtr overflow
LENGTH_ERROR
7Eh
9Eh
9Dh
Command size not allowed
PARAMETER_ERROR
PERMISSION_DENIED
Parameter value not allowed
PICC level (MF) is selected.
Read, ReadWrite and SDMFileRead (if SDM is
enabled) access right of targeted StandardData file
only have access conditions set to Fh.
Targeted file cannot be read in not authenticated state
as the related SDMReadCtr is equal or bigger than its
SDMReadCtrLimit.
FILE_NOT_FOUND
F0h
AEh
Targeted file does not exist in the targeted application
AUTHENTICATION_ERROR
Read, ReadWrite and SDMFileRead (if SDM enabled)
access right of targeted file not granted while at least
one of the access conditions is different from Fh.
MEMORY_ERROR
EEh
Failure when reading or writing to non-volatile memory
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
74 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.8.2 WriteData
The WriteData command allows writing data to StandardData Files. NT4H2421Gx
supports tearing protection for data that is sent within one communication frame to the
file. Consequently, when using ISO/IEC 14443-4 chaining to write to a StandardData file,
each frame itself is tearing protected but an interrupted chaining can lead to inconsistent
files. Using single-frame WriteData commands instead of using the chaining can enable
better control of the overall write process.
Depending on the communication mode settings of the Data file, data needs to be sent
with either CommMode.Plain, CommMode.MAC or CommMode.Full. All cryptographic
operations are done in CBC mode. In case of CommMode.MAC or CommMode.Full,
the validity of data is verified by the PICC by checking the MAC. If the verification fails,
the PICC stops further user memory programming and returns an Integrity Error to the
PCD. As a consequence of the Integrity Error, any transaction, which might have begun,
is automatically aborted. This can lead to the same situation as described above for an
interrupted WriteData using chained communication.
1
1
1
1
1
1
1
3
3
up to 248
Data
CLA CMD P1
90 8D 00
P2
00
Lc
XX
Le
00
FileNo Offset Length
PCD to PICC
0
1
1
status
Response data
PICC to PCD
-
SW1 SW2
aaa-032212
Figure 26.ꢀWriteData command protocol
Table 81.ꢀ Command parameters description - WriteData
Name
Length
Value
Description
Command Header Parameters
Cmd
1
8Dh
-
Command code.
FileNo
1
File number of the targeted file.
Bit 7-5
Bit 4-0
000b
RFU
File number
Full range
Offset
3
3
000000h ..
(FileSize - 1)
Starting position for the write operation.
Number of bytes to be written.
Length
000001h ..
(FileSize -
Offset)
Command Data Parameters
Data
up to 248
byte including
secure
Full range
Data to be written.
messaging
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
75 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Table 82.ꢀ Response data parameters description - WriteData
Name Length Value Description
No response data parameters defined for this command
Response
data
0
-
No response data
SW1SW2
2
9100h
91XXh
successful execution
Refer to Table 83
Table 83.ꢀ Return code description - WriteData
Status
Value
CAh
1Eh
Description
COMMAND_ABORTED
INTEGRITY_ERROR
LENGTH_ERROR
PARAMETER_ERROR
PERMISSION_DENIED
Chained command or multiple pass command ongoing.
Invalid secure messaging MAC or encryption padding.
Command size not allowed.
7Eh
9Eh
Parameter value not allowed.
9Dh
PICC level (MF) is selected.
Write and ReadWrite of targeted file only have access
conditions set to Fh.
Targeting a StandardData file with a chained command
in MAC or Full while this is not allowed.
FILE_NOT_FOUND
F0h
AEh
Targeted file does not exist in the targeted application.
AUTHENTICATION_ERROR
Write and ReadWrite of targeted file not granted while
at least one of the access conditions is different from
Fh.
BOUNDARY_ERROR
MEMORY_ERROR
BEh
EEh
Attempt to write beyond the file boundary as set during
creation.
Failure when reading or writing to non-volatile memory.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
76 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.9 Inter-industry standard commands
NT4H2421Gx provides the following ISO/IEC 7816-4 wrapped commands.
10.9.1 ISOSelectFile
This command is implemented in compliance with ISO/IEC 7816-4. It selects either the
PICC level, an application or a file within the application.
If P1 is set to 00h, 01h or 02h, selection is done by a 2-byte ISO file identifier. For PICC
level / MF selection, 3F00h or empty data has to be used. For Deticated application
File (DF) and Elementary File (EF) selection, data holds the 2-byte ISO/IEC 7816-4 file
identifier.
If P1 is set to 04h, selection is done by Deticated File (DF) name which can be up to 16
bytes. The registered ISO DF name is D2760000850100h. When selecting this DF name,
the PICC level (or MF) is selected. For selecting the application immediately, the ISO/IEC
7816-4 DF name D2760000850101h can be used.
P2 indicates whether or not File Control Information (FCI) is to be returned in case of
application selection. NT4H2421Gx does not support FCI and thus never returns any
data, but does support both selection options to achieve broadest compatibility. The
number of bytes requested by Le up to the complete file data will be returned in plain.
There is no specific FCI template format checked, i.e. the data stored in the file will be
sent back as is. In case of PICC level or file selection, FCI data is never returned. For
NT4H2421Gx, no FCI will be returned as the pre-installed application does not contain
such a file.
1
1
1
1
[1]
[1..16]
[1]
Data
-
CLA CMD P1
00 A4 04
P2
00
Lc
XX
Le
00
PCD to PICC
PICC to PCD
1
1
status
SW1 SW2
aaa-032226
Figure 27.ꢀISOSelectFile command protocol
Table 84.ꢀ Command parameters description - ISOSelectFile
Name
CLA
INS
Length
Value
00h
A4h
-
Description
1
1
1
P1
Selection Control
00h
01h
02h
03h
04h
-
Select MF, DF or EF, by file identifier
Select child DF
Select EF under the current DF, by file identifier
Select parent DF of the current DF
Select by DF name, see [3]
Option
P2
1
00h
Return FCI template: data stored in the file with
ID 1Fh should be returned
0Ch
No response data: no FCI should be returned
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
77 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Lc
Length
[1]
Value
00h .. 10h
-
Description
Length of subsequent data field
Reference
Data
[1..16]
Empty
[if P1 == 00h OR P1 == 03h]
Select MF
Full range
Full range
Full range
[if P1 == 00h OR P1 == 01h OR P1== 02h]
Select with the given file identifier
[if P1 == 04h]
Select DF with the given DF name
Le
[1]
Empty or length of expected response
Table 85.ꢀ Response data parameters description - ISOSelectFile
Name
Length
Value
Description
SW1SW2
2
9000h
successful execution
Refer to Table 86
XXXXh
Table 86.ꢀ Return code description - ISOSelectFile
SW1|SW2
ISO6700
ISO6985
ISO6A82
Value
6700h
6985h
6A82h
Description
Wrong or inconsistent APDU length.
Wrapped chained command or multiple pass command ongoing.
Application or file not found, currently selected application
remains selected.
ISO6A86
ISO6A87
ISO6E00
6A86h
6A87h
6E00h
Wrong parameter P1 and/or P2
Wrong parameter Lc inconsistent with P1-P2
Wrong CLA
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
78 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.9.2 ISOReadBinary
The ISOReadBinary is a standard ISO/IEC 7816-4 command. It can be used to read data
from the Standard Data File. This command does not support any secure messaging, it is
always in plain. For executing ISOReadBinary command either "Read" or "Read&Write",
access right must be set to free access rights.
1
1
1
1
1
1
Data
-
CLA CMD P1
00 B0 XX
P2
XX
Le
-
Le
00
PCD to PICC
up to 256
1
1
status
Response data
-
PICC to PCD
SW1 SW2
aaa-032227
Figure 28.ꢀISOReadBinary command protocol
Table 87.ꢀ Command parameters description - ISOReadBinary
Name
CLA
INS
Length
Value
00h
Description
1
1
B0h
P1
1
ShortFile ID/Offset
Encoding
Bit 7
1b
P1[Bit 6..5] are RFU.
P1[Bit 4..0] encode a short ISO FileID.
P2[Bit 7..0] encode an offset from zero to 255.
0b
P1 - P2 (15 bits) encode an offset from zero to
32767.
Bit 6-5
Bit 4-0
00b
[if P1[7] == 1b] RFU
[if P1[7] == 1b] short ISO FileID
Targeting currently selected file.
00h
01h .. 1Eh
Targeting and selecting file referenced by the
given short ISO FileID.
1Fh
RFU
Bit 6-0
1
(see P2)
[if P1[7] == 0b] Most significant bits of Offset
Offset (see above)
P2
Le
000000h ..
(FileSize - 1)
1
-
The number of bytes to be read from the
file. The length of a secure messaging MAC
(depending on communication mode settings)
should be included in this value.
00h
Read the entire StandardData file, starting from
the position specified in the offset value. Note
that the short length Le limits response data to
256 byte.
01h .. FFh
If bigger than (FileSize - Offset), after
subtracting MAC length if MAC is to be
returned, the entire StandardData file starting
from the offset position is returned.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
79 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
Full range
Table 88.ꢀResponse data parameters description - ISOReadBinary
Name
Length
up to 256
2
Value
Description
Data
-
Data read.
SW1SW2
9000h
successful execution
Refer to Table 89
XXXXh
Table 89.ꢀ Return code description - ISOReadBinary
SW1|SW2
ISO6581
ISO6700
ISO6982
Value
6581h
6700h
6982h
Description
Memory failure
Wrong or inconsistent APDU length.
Security status not satisfied: no access allowed as Read and
ReadWrite access rights are different from Eh and SDMFileRead
(if SDM enabled) access right is set to Fh.
Security status not satisfied: SDMReadCtr overflow.
Security status not satisfied: Targeted file cannot be read in
not authenticated state as the related SDMReadCtr is equal or
bigger than its SDMReadCtrLimit.
Security status not satisfied: AuthenticatedEV2 not allowed.
Security status not satisfied: AuthenticatedLRP not allowed.
ISO6985
6985h
Wrapped chained command or multiple pass command ongoing.
No file selected.
Targeted file is not of StandardData.
Application of targeted file holds a TransactionMAC file.
ISO6A82
ISO6A86
ISO6E00
6A82h
6A86h
6E00h
File not found
Wrong parameter P1 and/or P2
Wrong CLA
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
80 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.9.3 ISOUpdateBinary
The ISOUpdateBinary command is implemented in compliance with ISO/IEC 7816-4, the
command is only possible with CommMode.Plain for a Standard Data File. NT4H2421Gx
supports tearing protection for data that is sent within one communication frame to
the file. Consequently, when using ISO/IEC 14443-4 chaining to write to a Standard
Data File, each frame itself is tearing protected but an interrupted chaining can lead to
inconsistent files. Using single-frame ISOUpdateBinary commands instead of using the
chaining can enable better control of the overall write process.
1
1
1
1
1
up to 255 bytes
Data
-
CLA CMD P1
00 D6 XX
P2
XX
Lc
XX
PCD to PICC
PICC to PCD
1
1
status
SW1 SW2
aaa-032228
Figure 29.ꢀISOUpdateBinary command protocol
Table 90.ꢀ Command parameters description - ISOUpdateBinary
Name
CLA
INS
Length
Value
00h
Description
1
1
D6h
P1
1
ShortFile ID/Offset
RFU
Bit 7
1b
P1[Bit 6..5] are RFU.
P1[Bit 4..0] encode a short ISO FileID.
P2[Bit 7..0] encode an offset from zero to 255.
0b
P1 - P2 (15 bits) encode an offset from zero to
32767.
Bit 6-5
Bit 4-0
00b
[if P1[7] == 1b] RFU
[if P1[7] == 1b] short ISO FileID
Targeting currently selected file.
00h
01h .. 1Eh
Targeting and selecting file referenced by the
given short ISO FileID.
1Fh
RFU
Bit 6-0
1
(see P2)
[if P1[7] == 0b] Most significant bits of Offset
Offset (see above)
P2
000000h ..
(FileSize - 1)
Lc
1
01h .. (FileSize Length of subsequent data field
- Offset)
Data
up to 255 byte Full range
Data to be written
Table 91.ꢀ Response data parameters description - ISOUpdateBinary
Name Length Value Description
No response data parameters defined for this command
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
81 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
SW1SW2
2
9000h
successful execution
Refer to Table 92
XXXXh
Table 92.ꢀ Return code description - ISOUpdateBinary
SW1|SW2
ISO6581
ISO6700
ISO6982
Value
6581h
6700h
6982h
Description
Memory failure
Wrong or inconsistent APDU length.
Security status not satisfied: only free write with Write or
ReadWrite equal to Eh is allowed.
Security status not satisfied: AuthenticatedEV2 not allowed.
Security status not satisfied: AuthenticatedLRP not allowed.
ISO6985
6985h
Wrapped chained command or multiple pass command ongoing.
No file selected.
Attempt to write beyond the file boundary as set during creation.
ISO6A82
ISO6A86
ISO6E00
6A82h
6A86h
6E00h
File not found
Wrong parameter P1 and/or P2
Wrong CLA
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
82 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
10.10 Originality check commands
The originality check allows verification of the genuineness of NTAG 424 DNA
(NT4H2421Gx). Two ways are offered to check the originality of the PICC: the first
is based on a symmetric authentication, the second works on the verification of an
asymmetric signature retrieved from the card.
The authentication procedure for AES keys can be used to authenticate to one of the
four OriginalityKey and check whether the PICC is a genuine NXP product. NT4H2421Gx
supports targeting the OriginalityKey with the LRP authentication using AES. For details
on the authentication command, see Section 9.2. The following variants can be used:
• AuthenticateLRPFirst, see Section 9.2.5
• AuthenticateLRPNonFirst, see Section 9.2.6
The asymmetric originality signature is based on ECC and only requires a public key for
the verification, which is done outside the card. The Read_Sig command can be used
in both ISO/IEC 14443-3 and ISO/IEC 14443-4 protocols to retrieve the signature. If
the PICC is not configured for Random ID, the command is freely available. There is no
authentication required. If the PICC is configured for Random ID, an authentication is
required.
10.10.1 Read_Sig
The Read_Sig retrieves the asymmetric originality signature based on an asymmetric
cryptographic algorithm Elliptic Curve Cryptography Digital Signature Algorithm
(ECDSA), see [13] and can be used in both ISO/IEC 14443-3 and ISO/IEC 14443-4
protocol. The purpose of originality check signature is to protect from mass copying of
non NXP originated ICs. The purpose of originality check signature is not to completely
prevent HW copy or emulation of individual ICs.
A public key is required for the verification, which is done outside the card. The
NXPOriginalitySignature is computed over the UID and written during manufacturing.
If the PICC is not configured for Random ID, the command is freely available. There is
no authentication required. If the PICC is configured for Random ID, an authentication
with any authentication key is required. If there is an active authentication, the command
requires encrypted secure messaging.
Remark: The originality function is provided to prove that the IC has been manufactured
by NXP Semiconductors.
1
1
1
1
1
1
1
Data
00
CLA CMD P1
90 3C 00
P2
00
Lc
01
Le
00
PCD to PICC
56
1
1
status
Response data
Signature
PICC to PCD
SW1 SW2
aaa-032229
Figure 30.ꢀRead_Sig command protocol
Table 93.ꢀ Command parameters description - Read_Sig
Name
Command Header Parameters
CMD
Command Data Parameters
Length
Value
Description
1
3Ch
Command code
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
83 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Name
Length
Value
Description
Command Header Parameters
Data
1
-
Targeted ECC originality check signature
Targeting NXPOriginalitySignature
00h
01h .. FFh
RFU
Table 94.ꢀ Response data parameters description - Read_Sig
Name
Length
Value
Description
Data
56
2
Full range
NXPOriginalitySignature
SW1SW2
9100h
91XXh
successful execution
Table 95
Table 95.ꢀ Return code description - Read_Sig
Status
Value Description
COMMAND_NOT_FOUND
0Bh
Not allowed without valid authentication due to
Random ID configuration.
Missing or incorrect MAC when authenticated.
COMMAND_ABORTED
CAh
Previous Command was not fully completed. Not all
Frames were requested or provided by the PCD.
COMMAND_FORMAT_ERROR 0Ch
Unexpected command length.
Unsupported Address
The NXPOriginalitySignature is computed over the UID with the use of asymmetric
cryptographic algorithm Elliptic Curve Cryptography Digital Signature Algorithm
(ECDSA), see [13]. No hash is computed: M is directly used as H. The NXP Originality
Signature calculation uses curve secp224r1. NXP Originality signature verification
together with example is explained in NT4H2421Gx - Feature and Hints application note.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
84 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
11 Package outline
PLLMC: plastic leadless module carrier package; 35 mm wide tape
SOT500-4
X
D
A
detail X
20 mm
0
10
scale
Dimensions
Unit
(1)
A
D
For unspecified dimensions see PLLMC-drawing given in the subpackage code.
max 0.26 35.05
nom
min
35.00
34.95
mm
Note
1. Total package thickness, exclusive punching burr.
sot500-4_po
Issue date
References
Outline
version
European
projection
IEC
- - -
JEDEC
- - -
JEITA
- - -
11-02-18
SOT500-4
Figure 31.ꢀPackage outline SOT500-4 (MOA8)
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
85 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
For details on the contactless modules MOA8 refer to [11].
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
86 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
12 Limiting values
Stresses exceeding one or more of the limiting values, can cause permanent damage to
the device. Exposure to limiting values for extended periods can affect device reliability.
Table 96.ꢀLimiting values
In accordance with the Absolute Maximum Rating System (IEC 60134).
Symbol Parameter
Conditions
Min
Max
40
Unit
mA
mW
°C
II
input current
on LA/LB
-
Ptot
Tstg
Tamb
VESD
total power dissipation
storage temperature
ambient temperature
-
120
125
70
-55
-25
-
°C
[1]
electrostatic discharge voltage on LA/LB
2
kV
[1] ANSI/ESDA/JEDEC JS-001; Human body model: C = 100 pF, R = 1.5 kΩ
CAUTION
This device is sensitive to ElectroStatic Discharge (ESD). Observe
precautions for handling electrostatic sensitive devices.
Such precautions are described in the ANSI/ESD S20.20, IEC/ST 61340-5,
JESD625-A or equivalent standards.
13 Characteristics
Table 97.ꢀCharacteristics
Symbol Parameter
Conditions
Min
45.0
-
Typ
Max
55.0
-
Unit
pF
[1]
Ci
fi
input capacitance
input frequency
50.0
13.56
MHz
EEPROM characteristics
tret retention time
Tamb = 22 °C
Tamb = 22 °C
50
-
-
-
-
year
Nendu(W) write endurance
200.000
cycle
[1] Tamb = 22 °C, f = 13.56 MHz, VLaLb = 2 V RMS
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
87 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
14 Abbreviations
Table 98.ꢀAbbreviations
Acronym
AES
Description
Advanced Encryption Standard
Application Identifier
AID
APDU
AppKey
AppMasterKey
ASCII
ATQA
ATS
Application Protocol Data Unit
Application Key
Application Master Key
American Standard Code for Information Interchange
Answer to Request A
Answer to Select
C-APDU
CBC
CC
Command APDU
Cipher Block Chain, one mode of operation for block ciphers
Capability Container
CID
Channel Identifier
CLA
Class
CMAC
CmdCtr
DF
Cipher-based Message Authentication Code
Command Counter
Dedicated File (Application)
Evaluation Assurance Level
Elliptic Curve Cryptography
Elementary File (File)
EAL
ECC
EF
FCI
File Control Information
Film Frame Carrier
FFC
FID
File Identifier
FSC
Frame Size for proximity Card
Frame Waiting Time Integer
Instructions
FWI
INS
IV
Initialization Vector
LRP
Leakage Resilient Primitive
Least Significant Byte
LSB
MAC
MF
Message Authentication Code
Master File (PICC Level)
Most Significant Byte
MSB
NDEF
NFC
NFC Data Exchange Format
Near Field Communication
Non-Volatile Memory
NVM
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
88 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Acronym
Description
PCD
Proximity Coupling Device (Contactless Reader)
Proximity Coupling Device Capabilities
Proximity Device, used as synonym for the PICC
Proximity Device Capabilities
Proximity IC Card
PCDCap
PD
PDCap
PICC
PICCData
PPS
PICC data targeted for mirroring (e.g. UID, SDMReadCtr)
Protocol Parameter Select
RC
Return Code
R-APDU
RFU
Response APDU
Reserved for future use
RID
Random ID
SAK
Select Acknowledge
SAM
Secure Access Module
SDM
Secure Dynamic Messaging
SDMCtrRet
SDMENCFileData
SDMFileRead
SDM Counter Retrieval, access right for GetFileCounters
Refers to the encrypted part of data in the NDEF file
SDM File Reading, key/access setting for Secure Dynamic
Messaging
SDMFileReadKey
SDMMAC
Refers to the AppKey which is used for SDM MAC calculation
Refers to the MAC calculated over response
SDMMetaRead
SDM Meta Reading, specifies PICCData encryption key or plain
mirroring
SDMMetaReadKey
SDMReadCtr
SesAuthENCKey
SesAuthMACKey
SesTMENCKey
SesTMMACKey
SM
Refers to the AppKey which is used for SDM encryption of PICCData
SDM Read Counter, counting number of interactions with a PICC
Session key for encryption
Session key for MACing
Transaction MAC Session Key for Encryption
Transaction MAC Session Key for MACing
Secure Messaging
SUN
Secure Unique NFC
SV
Session Vector, input for session key calculation
Status Word
SW
TI
Transaction Identifier
TotFailCtr
TotFailCtrDecr
TotFailCtrLimit
UID
Total Failed Authentication Counter
Total Failed Authentication Counter Decrement
Total Failed Authentication Counter Limit
Unique IDentifier
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
89 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
15 References
[1] ISO/IEC 14443-2:2016
Identification cards -- Contactless integrated circuit cards -- Proximity cards -- Part
2: Radio frequency power and signal interface
[2] ISO/IEC 14443-3:2016
Identification cards -- Contactless integrated circuit cards -- Proximity cards -- Part
3: Initialization and anti-collision
[3] ISO/IEC 14443-4:2016
Identification cards -- Contactless integrated circuit cards -- Proximity cards -- Part
4: Transmission protocol
[4] ISO/IEC 7816-4:2005
Identification cards – Integrated circuit cards – Part 4: Organization, security and
commands for interchange
[5] NIST Special Publication 800-38A
National Institute of Standards and Technology (NIST). Recommendation for
BlockCipher Modes of Operation.
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
[6] NIST Special Publication 800-38B
National Institute of Standards and Technology (NIST). Recommendation for Block
Cipher Modes of Operation: The CMAC Mode for Authentication.
http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
[7] ISO/IEC 9797-1:1999
Information technology – Security techniques – Message Authentication Codes
(MACs) – Part 1: Mechanisms using a block cipher.
[8] NIST Special Publication 800-108
National Institute of Standards and Technology (NIST). Recommendation for key
derivation using pseudorandom functions.
[9] IEEE Std 802.3-2008
IEEE Standard for Information technology - Telecommunications and information
exchange between systems - Local and metropolitan area networks - Specific
requirements Part 3: Carrier sense multiple access with Collision Detection (CSMA/
CD) Access Method and Physical Layer Specifications.
[10] LRP
Leakage Resilient Primitive (LRP) Specification, Document number 4660**1
[11] Contactless smart card module specification MOA8
Delivery Type Description, Document number 1636**[1]
[12] Data sheet addendum
NT4H2421Gx - Wafer specification, Document number 4657**[1]
[13] Certicom Research. Sec 1
Elliptic curve cryptography. Version 2.0, May 2009.
[14] Product Data Sheet
NXP Semiconductors, NTAG213/215/216: NFC Forum Type 2 Tag compliant IC
with 144/504/888 bytes user memory, Document number 2653** [1]
[15] NFC Forum: Type 4 Tag - Technical Specification
NFC Forum: Type 4 Tag - Technical Specification - Version 1.0 - [T4T] -
2016.07.26, 07 2016.
[16] NFC Data Exchange Format (NDEF)
NFC Forum - Technical Specification - Version 1.0 - 24.07.2006
1
** ... document version number
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
90 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
16 Revision history
Table 99.ꢀRevision history NT4H2421Gx
Document ID
Release
date
Data sheet status
Change notice
Supersedes
465430
20190131 Product data sheet
-
465411
Modifications:
• Data sheet status changed into Product data sheet
• Security status changed into "Company public"
465411
20181105 Objective data sheet
465410
Modifications:
• added response codes in Status word
• changed data retention time in Section 5 and Section 13
• changed ATS value in Section 8.1.1
• clarified generation of SDMMetaReadUpdateKey in Section 9.3.4.2
465410
20180321 Objective data sheet -
-
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
91 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
17 Legal information
17.1 Data sheet status
Document status[1][2]
Product status[3]
Definition
Objective [short] data sheet
Development
This document contains data from the objective specification for product
development.
Preliminary [short] data sheet
Product [short] data sheet
Qualification
Production
This document contains data from the preliminary specification.
This document contains the product specification.
[1] Please consult the most recently issued document before initiating or completing a design.
[2] The term 'short data sheet' is explained in section "Definitions".
[3] The product status of device(s) described in this document may have changed since this document was published and may differ in case of multiple
devices. The latest product status information is available on the Internet at URL http://www.nxp.com.
notice. This document supersedes and replaces all information supplied prior
to the publication hereof.
17.2 Definitions
Suitability for use — NXP Semiconductors products are not designed,
authorized or warranted to be suitable for use in life support, life-critical or
safety-critical systems or equipment, nor in applications where failure or
malfunction of an NXP Semiconductors product can reasonably be expected
to result in personal injury, death or severe property or environmental
damage. NXP Semiconductors and its suppliers accept no liability for
inclusion and/or use of NXP Semiconductors products in such equipment or
applications and therefore such inclusion and/or use is at the customer’s own
risk.
Draft — The document is a draft version only. The content is still under
internal review and subject to formal approval, which may result in
modifications or additions. NXP Semiconductors does not give any
representations or warranties as to the accuracy or completeness of
information included herein and shall have no liability for the consequences
of use of such information.
Short data sheet — A short data sheet is an extract from a full data sheet
with the same product type number(s) and title. A short data sheet is
intended for quick reference only and should not be relied upon to contain
detailed and full information. For detailed and full information see the
relevant full data sheet, which is available on request via the local NXP
Semiconductors sales office. In case of any inconsistency or conflict with the
short data sheet, the full data sheet shall prevail.
Applications — Applications that are described herein for any of these
products are for illustrative purposes only. NXP Semiconductors makes
no representation or warranty that such applications will be suitable
for the specified use without further testing or modification. Customers
are responsible for the design and operation of their applications and
products using NXP Semiconductors products, and NXP Semiconductors
accepts no liability for any assistance with applications or customer product
design. It is customer’s sole responsibility to determine whether the NXP
Semiconductors product is suitable and fit for the customer’s applications
and products planned, as well as for the planned application and use of
customer’s third party customer(s). Customers should provide appropriate
design and operating safeguards to minimize the risks associated with
their applications and products. NXP Semiconductors does not accept any
liability related to any default, damage, costs or problem which is based
on any weakness or default in the customer’s applications or products, or
the application or use by customer’s third party customer(s). Customer is
responsible for doing all necessary testing for the customer’s applications
and products using NXP Semiconductors products in order to avoid a
default of the applications and the products or of the application or use by
customer’s third party customer(s). NXP does not accept any liability in this
respect.
Product specification — The information and data provided in a Product
data sheet shall define the specification of the product as agreed between
NXP Semiconductors and its customer, unless NXP Semiconductors and
customer have explicitly agreed otherwise in writing. In no event however,
shall an agreement be valid in which the NXP Semiconductors product
is deemed to offer functions and qualities beyond those described in the
Product data sheet.
17.3 Disclaimers
Limited warranty and liability — Information in this document is believed
to be accurate and reliable. However, NXP Semiconductors does not
give any representations or warranties, expressed or implied, as to the
accuracy or completeness of such information and shall have no liability
for the consequences of use of such information. NXP Semiconductors
takes no responsibility for the content in this document if provided by an
information source outside of NXP Semiconductors. In no event shall NXP
Semiconductors be liable for any indirect, incidental, punitive, special or
consequential damages (including - without limitation - lost profits, lost
savings, business interruption, costs related to the removal or replacement
of any products or rework charges) whether or not such damages are based
on tort (including negligence), warranty, breach of contract or any other
legal theory. Notwithstanding any damages that customer might incur for
any reason whatsoever, NXP Semiconductors’ aggregate and cumulative
liability towards customer for the products described herein shall be limited
in accordance with the Terms and conditions of commercial sale of NXP
Semiconductors.
Limiting values — Stress above one or more limiting values (as defined in
the Absolute Maximum Ratings System of IEC 60134) will cause permanent
damage to the device. Limiting values are stress ratings only and (proper)
operation of the device at these or any other conditions above those
given in the Recommended operating conditions section (if present) or the
Characteristics sections of this document is not warranted. Constant or
repeated exposure to limiting values will permanently and irreversibly affect
the quality and reliability of the device.
Terms and conditions of commercial sale — NXP Semiconductors
products are sold subject to the general terms and conditions of commercial
sale, as published at http://www.nxp.com/profile/terms, unless otherwise
agreed in a valid written individual agreement. In case an individual
agreement is concluded only the terms and conditions of the respective
agreement shall apply. NXP Semiconductors hereby expressly objects to
applying the customer’s general terms and conditions with regard to the
purchase of NXP Semiconductors products by customer.
Right to make changes — NXP Semiconductors reserves the right to
make changes to information published in this document, including without
limitation specifications and product descriptions, at any time and without
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
92 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
No offer to sell or license — Nothing in this document may be interpreted
or construed as an offer to sell products that is open for acceptance or
the grant, conveyance or implication of any license under any copyrights,
patents or other industrial or intellectual property rights.
Translations — A non-English (translated) version of a document is for
reference only. The English version shall prevail in case of any discrepancy
between the translated and English versions.
Quick reference data — The Quick reference data is an extract of the
product data given in the Limiting values and Characteristics sections of this
document, and as such is not complete, exhaustive or legally binding.
17.4 Licenses
ICs with DPA Countermeasures functionality
Export control — This document as well as the item(s) described herein
may be subject to export control regulations. Export might require a prior
authorization from competent authorities.
NXP ICs containing functionality
implementing countermeasures to
Differential Power Analysis and Simple
Power Analysis are produced and sold
under applicable license from Cryptography
Research, Inc.
Non-automotive qualified products — Unless this data sheet expressly
states that this specific NXP Semiconductors product is automotive qualified,
the product is not suitable for automotive use. It is neither qualified nor
tested in accordance with automotive testing or application requirements.
NXP Semiconductors accepts no liability for inclusion and/or use of non-
automotive qualified products in automotive equipment or applications. In
the event that customer uses the product for design-in and use in automotive
applications to automotive specifications and standards, customer (a) shall
use the product without NXP Semiconductors’ warranty of the product for
such automotive applications, use and specifications, and (b) whenever
customer uses the product for automotive applications beyond NXP
Semiconductors’ specifications such use shall be solely at customer’s own
risk, and (c) customer fully indemnifies NXP Semiconductors for any liability,
damages or failed product claims resulting from customer design and use
of the product for automotive applications beyond NXP Semiconductors’
standard warranty and NXP Semiconductors’ product specifications.
17.5 Trademarks
Notice: All referenced brands, product names, service names and
trademarks are the property of their respective owners.
MIFARE — is a trademark of NXP B.V.
DESFire — is a trademark of NXP B.V.
NTAG — is a trademark of NXP B.V.
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
93 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Tables
Tab. 1.
Tab. 2.
Tab. 3.
Tab. 4.
Tab. 5.
Tab. 6.
Tab. 7.
Tab. 8.
Tab. 9.
Ordering information ..........................................4
Tab. 41. Response data parameters description -
AuthenticateLRPFirst - Part2 ...........................52
Quick reference data .........................................5
Pin allocation table ............................................7
ATS value ..........................................................8
File management ............................................ 10
Access condition ............................................. 11
Set of Access condition ...................................11
Default file access rights .................................12
Command list associated with access rights ....12
Tab. 42. Return
AuthenticateLRPFirstPart2 .............................. 52
Tab. 43. Command parameters description
code
description
-
-
AuthenticateLRPNonFirst - Part1 .................... 53
Tab. 44. Response data parameters description -
AuthenticateLRPNonFirst - Part1 .................... 53
Tab. 45. Return
AuthenticateLRPNonFirst - Part1 .................... 53
Tab. 46. Command parameters description
code
description
-
Tab. 10. SDMMetaRead values .................................... 13
Tab. 11. SDMFileRead values .......................................13
Tab. 12. Supported communication modes ...................13
Tab. 13. Default communication modes per file ............ 14
Tab. 14. Keys at application level ................................. 14
Tab. 15. Keys at PICC level ..........................................15
Tab. 16. ISO/IEC 7816-4 command fields .....................17
Tab. 17. ISO/IEC 7816-4 response fields ......................17
Tab. 18. When to use which authentication command ...21
Tab. 19. Secure messaging mode negotiation .............. 22
Tab. 20. PICCData: plain encoding and lengths ............36
Tab. 21. PICCDataTag .................................................. 37
Tab. 22. APDUs .............................................................44
Tab. 23. SW1 SW2 for CLA byte 0x90 ......................... 45
Tab. 24. SW1 SW2 for CLA byte 0x00 ......................... 45
-
AuthenticateLRPNonFirst - Part2 .................... 54
Tab. 47. Response data parameters description -
AuthenticateLRPNonFirst - Part2 .................... 54
Tab. 48. Return
AuthenticateLRPNonFirst - Part2 .................... 54
Tab. 49. Command parameters description
code
description
-
-
SetConfiguration ..............................................55
Tab. 50. SetConfigOptionList .........................................55
Tab. 51. Response data parameters description -
SetConfiguration ..............................................57
Tab. 52. Return code description - SetConfiguration .....57
Tab. 53. Command parameters description
-
GetVersion - Part1 .......................................... 58
Tab. 54. Response data parameters description -
GetVersion - Part1 .......................................... 58
Tab. 25. Command parameters description
-
AuthenticateEV2First - Part1 ...........................46
Tab. 26. Response data parameters description -
AuthenticateEV2First - Part1 ...........................47
Tab. 27. Return
AuthenticateEV2First - Part1 ...........................47
Tab. 28. Command parameters description
Tab. 55. Command parameters description
-
GetVersion - Part2 .......................................... 59
Tab. 56. Response data parameters description -
GetVersion - Part2 .......................................... 59
code
description
-
-
Tab. 57. Command parameters description
-
AuthenticateEV2First - Part2 ...........................47
Tab. 29. Response data parameters description -
AuthenticateEV2First - Part2 ...........................48
GetVersion - Part3 .......................................... 59
Tab. 58. Response data parameters description -
GetVersion - Part3 .......................................... 60
Tab. 30. Return
AuthenticateEV2First - Part2 ...........................48
Tab. 31. Command parameters description
AuthenticateEV2NonFirst - Part1 .................... 49
Tab. 32. Response data parameters description -
AuthenticateEV2NonFirst - Part1 .................... 49
code
description
-
Tab. 59. Return code description - GetVersion ............. 60
Tab. 60. Command parameters description
-
-
GetCardUID .....................................................61
Tab. 61. Response data parameters description -
GetCardUID .....................................................61
Tab. 62. Return code description - GetCardUID ............61
Tab. 33. Return
AuthenticateEV2NonFirst - Part1 .................... 50
Tab. 34. Command parameters description
AuthenticateEV2NonFirst - Part2 .................... 50
Tab. 35. Response data parameters description -
AuthenticateEV2NonFirst - Part2 .................... 50
code
description
-
Tab. 63. Command parameters description
-
ChangeKey ......................................................62
Tab. 64. Response data parameters description -
ChangeKey ......................................................62
Tab. 65. Return code description - ChangeKey ............ 63
Tab. 66. Command parameters description
-
-
Tab. 36. Return
AuthenticateEV2NonFirst - Part2 .................... 50
Tab. 37. Command parameters description
code
description
-
GetKeyVersion ................................................ 64
Tab. 67. Response data parameters description -
GetKeyVersion ................................................ 64
-
AuthenticateLRPFirst - Part1 ...........................51
Tab. 38. Response data parameters description -
AuthenticateLRPFirst - Part1 ...........................51
Tab. 68. Return code description - GetKeyVersion ....... 64
Tab. 69. Command parameters description
-
ChangeFileSettings ......................................... 65
Tab. 70. Response data parameters description -
ChangeFileSettings ......................................... 67
Tab. 39. Return
AuthenticateLRPFirst - Part1 ...........................52
Tab. 40. Command parameters description
AuthenticateLRPFirst - Part2 ...........................52
code
description
-
-
Tab. 71. Return
code
description
-
ChangeFileSettings ......................................... 68
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
94 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Tab. 72. Command parameters description
-
Tab. 85. Response data parameters description -
ISOSelectFile ...................................................78
Tab. 86. Return code description - ISOSelectFile ......... 78
GetFileSettings ................................................69
Tab. 73. Response data parameters description -
GetFileSettings ................................................70
Tab. 87. Command parameters description
-
Tab. 74. Return code description - GetFileSettings .......71
ISOReadBinary ................................................79
Tab. 88. Response data parameters description -
ISOReadBinary ................................................80
Tab. 75. Command parameters description
-
GetFileCounters .............................................. 72
Tab. 76. Response data parameters description -
GetFileCounters .............................................. 72
Tab. 89. Return code description - ISOReadBinary .......80
Tab. 90. Command parameters description
-
Tab. 77. Return code description - GetFileCounters ..... 72
ISOUpdateBinary .............................................81
Tab. 91. Response data parameters description -
ISOUpdateBinary .............................................81
Tab. 92. Return code description - ISOUpdateBinary ....82
Tab. 93. Command parameters description - Read_
Sig ................................................................... 83
Tab. 78. Command parameters description
-
ReadData ........................................................ 73
Tab. 79. Response data parameters description -
ReadData ........................................................ 74
Tab. 80. Return code description - ReadData ...............74
Tab. 81. Command parameters description
-
Tab. 94. Response data parameters description -
Read_Sig .........................................................84
WriteData .........................................................75
Tab. 82. Response data parameters description -
WriteData .........................................................76
Tab. 83. Return code description - WriteData ............... 76
Tab. 84. Command parameters description
Tab. 95. Return code description - Read_Sig ............... 84
Tab. 96. Limiting values ................................................ 87
Tab. 97. Characteristics .................................................87
Tab. 98. Abbreviations ...................................................88
Tab. 99. Revision history NT4H2421Gx ........................91
-
ISOSelectFile ...................................................77
Figures
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
NTAG 424 DNA IC blocks ................................ 6
Pin configuration for SOT500-4 (MOA8) ........... 7
NTAG 424 DNA application .............................. 9
ISO/IEC 7816-4 command response pair ........17
NTAG 424 DNA secure messaging setup ....... 21
Session key generation for Secure
Messaging ....................................................... 26
Plain Communication Mode ............................ 27
Secure Messaging: MAC Communication
Fig. 15. AuthenticateLRPFirst command protocol ........ 51
Fig. 16. AuthenticationLRPNonFirst
command
protocol ............................................................53
Fig. 17. SetConfiguration command protocol ............... 55
Fig. 18. GetVersion command protocol ........................58
Fig. 19. GetCardUID command protocol ......................61
Fig. 20. ChangeKey command protocol .......................62
Fig. 21. GetKeyVersion command protocol ..................64
Fig. 22. ChangeFileSettings command protocol ...........65
Fig. 23. GetFileSettings command protocol ................. 69
Fig. 24. GetFileCounters command protocol ................71
Fig. 25. ReadData command protocol ..........................73
Fig. 26. WriteData command protocol ..........................75
Fig. 27. ISOSelectFile command protocol ....................77
Fig. 28. ISOReadBinary command protocol .................79
Fig. 29. ISOUpdateBinary command protocol ..............81
Fig. 30. Read_Sig command protocol ..........................83
Fig. 31. Package outline SOT500-4 (MOA8) ................85
Fig. 7.
Fig. 8.
mode ............................................................... 28
Secure Messaging: CommMode.Full .............. 29
Fig. 9.
Fig. 10. LRP Secure Messaging: MAC Protection
Mode ............................................................... 33
Fig. 11. LRP Secure Messaging: CommMode.Full .......34
Fig. 12. Secure Dynamic Messaging for Reading
example ...........................................................43
Fig. 13. AuthenticateEV2First command protocol ........ 46
Fig. 14. AuthenticateEV2NonFirst
command
protocol ............................................................49
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
95 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
Contents
1
1.1
2
2.1
2.2
2.3
2.4
3
4
5
6
7
7.1
8
8.1
General description ............................................ 1
9.2.5
9.2.6
9.2.7
9.2.8
9.2.9
9.2.10
9.3
9.3.1
9.3.2
9.3.3
9.3.4
9.3.4.1
9.3.4.2
9.3.5
AuthenticateLRPFirst command ...................... 31
AuthenticateLRPNonFirst command ................32
Session key generation ................................... 32
Plain communication mode ............................. 33
MAC communication mode ............................. 33
Full communication mode ................................34
Secure Dynamic Messaging ............................34
SDM Read Counter ......................................... 35
SDM Read Counter Limit ................................ 35
PICCData .........................................................36
Encryption of PICCData .................................. 37
AES mode encryption ......................................37
LRP mode encryption ......................................37
SDMENCFileData ............................................38
Encryption of SDMENCFileData ......................39
AES mode encryption ......................................39
LRP mode encryption ......................................39
SDMMAC .........................................................40
MAC Calculation ..............................................40
AES mode MAC calculation ............................ 40
LRP mode MAC calculation .............................41
SDM Session Key Generation .........................41
AES mode session key generation for SDM .... 41
LRP mode session key generation for SDM .... 42
Output Mapping Examples .............................. 42
Command set .................................................... 44
Introduction ...................................................... 44
Supported commands and APDUs ..................44
Status word ......................................................45
Authentication commands ............................... 46
AuthenticateEV2First ....................................... 46
AuthenticateEV2NonFirst .................................49
AuthenticateLRPFirst .......................................51
AuthenticateLRPNonFirst ................................ 53
Memory and configuration commands .............55
SetConfiguration .............................................. 55
GetVersion .......................................................58
GetCardUID ..................................................... 61
Key management commands ..........................62
ChangeKey ...................................................... 62
GetKeyVersion .................................................64
File management commands .......................... 65
ChangeFileSettings ..........................................65
GetFileSettings ................................................ 69
GetFileCounters ...............................................71
Data management commands .........................73
ReadData .........................................................73
WriteData .........................................................75
Inter-industry standard commands .................. 77
ISOSelectFile ...................................................77
ISOReadBinary ................................................79
ISOUpdateBinary .............................................81
Originality check commands ............................83
Introduction ........................................................ 1
Features and benefits .........................................2
RF Interface & Communication Protocol ............2
Memory Organization ........................................ 2
Security and Privacy ..........................................2
Specific Features ...............................................3
Applications .........................................................3
Ordering information .......................................... 4
Quick reference data .......................................... 5
Block diagram ..................................................... 6
Pinning information ............................................ 7
Pinning ...............................................................7
Functional description ........................................8
Interface initialization and protocol .................... 8
ISO/IEC 14443 parameter values ......................8
Setting of higher communication speed .............9
Half-duplex block transmission protocol ............ 9
User memory .....................................................9
Application and file selection ............................. 9
Application Name and ID ...................................9
Files ................................................................. 10
StandardData file .............................................10
Capability Container File ................................. 10
File access rights management .......................11
SDM related access rights .............................. 12
Communication modes ....................................13
Keys .................................................................14
AppMasterKey ................................................. 14
AppKey ............................................................ 14
SDMMetaReadKey .......................................... 14
SDMFileReadKey ............................................ 15
OriginalityKey ...................................................15
Key version ......................................................15
Native Command Format ................................ 16
ISO/IEC7816-4 Communication frame ............ 16
Command Chaining .........................................17
Backup management .......................................19
Product originality ............................................ 19
Secure Messaging .............................................20
AES Secure Messaging ...................................23
Transaction Identifier ....................................... 23
Command Counter .......................................... 23
MAC Calculation ..............................................23
Encryption ........................................................24
AuthenticateEV2First Command ......................24
AuthenticateEV2NonFirst Command ............... 25
Session Key Generation ..................................26
Plain Communication Mode .............................27
MAC Communication Mode .............................27
Full Communication Mode ...............................28
LRP Secure Messaging ...................................29
Transaction identifier ....................................... 29
Command counter ........................................... 30
MAC calculation ...............................................30
Encryption ........................................................30
9.3.6
8.1.1
8.1.2
8.1.3
8.2
9.3.6.1
9.3.6.2
9.3.7
9.3.8
8.2.1
8.2.2
8.2.3
8.2.3.1
8.2.3.2
8.2.3.3
8.2.3.4
8.2.3.5
8.2.4
8.2.4.1
8.2.4.2
8.2.4.3
8.2.4.4
8.2.4.5
8.2.4.6
8.3
8.4
8.5
8.6
8.7
9
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.1.6
9.1.7
9.1.8
9.1.9
9.1.10
9.2
9.3.8.1
9.3.8.2
9.3.9
9.3.9.1
9.3.9.2
9.3.10
10
10.1
10.2
10.3
10.4
10.4.1
10.4.2
10.4.3
10.4.4
10.5
10.5.1
10.5.2
10.5.3
10.6
10.6.1
10.6.2
10.7
10.7.1
10.7.2
10.7.3
10.8
10.8.1
10.8.2
10.9
10.9.1
10.9.2
10.9.3
10.10
9.2.1
9.2.2
9.2.3
9.2.4
10.10.1 Read_Sig ......................................................... 83
11
12
Package outline .................................................85
Limiting values ..................................................87
465430
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Product data sheet
COMPANY PUBLIC
Rev. 3.0 — 31 January 2019
465430
96 / 97
NXP Semiconductors
NT4H2421Gx
NTAG 424 DNA – Secure NFC T4T compliant IC
13
14
15
16
17
Characteristics .................................................. 87
Abbreviations .................................................... 88
References .........................................................90
Revision history ................................................ 91
Legal information ..............................................92
Please be aware that important notices concerning this document and the product(s)
described herein, have been included in section 'Legal information'.
© NXP B.V. 2019.
All rights reserved.
For more information, please visit: http://www.nxp.com
For sales office addresses, please send an email to: salesaddresses@nxp.com
Date of release: 31 January 2019
Document identifier: 465430
Document number: 465430
相关型号:
NT511740C5J
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTCs CMOS silicon gate technology.
ETC
NT511740C5J-50
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTC?s CMOS silicon gate technology.
ETC
NT511740C5J-60
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTC?s CMOS silicon gate technology.
ETC
NT511740C5J-70
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTC?s CMOS silicon gate technology.
ETC
NT511740D0J
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTCs CMOS silicon gate technology.
ETC
NT511740D0J-50
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTCs CMOS silicon gate technology.
ETC
NT511740D0J-5L
The NT511740C5J is a 4,194,304-word x 4-bit dynamic RAM fabricated in NTCs CMOS silicon gate technology.
ETC
©2020 ICPDF网 联系我们和版权申明