NTAG DNA (Technology)
NXP's brand name for their DNA (Deniability and Authenticity) chip series featuring SUN/SDM authentication. NTAG 223, 224, 413, and 424 DNA chips generate unique, verifiable URLs with every tap for anti-counterfeiting.
What Is NTAG DNA?
NTAG DNA (Deniability and Authenticity) is NXP Semiconductors' advanced NFC chip product family that provides per-tap cryptographic authentication capabilities. NTAG DNA chips generate a unique, verifiable URL with every scan using Secure Unique NFC (SUN) and Secure Dynamic Messaging (SDM) technologies, making them the gold standard for NFC-based anti-counterfeiting, brand protection, and secure access applications.
NTAG DNA Product Line
The NTAG DNA family includes several variants optimized for different use cases:
| Chip | Memory | Interface | Key Features |
|---|---|---|---|
| NTAG 223 DNA | 144 bytes | NFC-A (ISO 14443A) | SUN, SDM, AES-128, UID mirroring |
| NTAG 224 DNA | 256 bytes | NFC-A (ISO 14443A) | SUN, SDM, AES-128, TagTamper |
| NTAG 413 DNA | 232 bytes | NFC-A (ISO 14443A) | SDM, AES-128, 2 AES keys |
| NTAG 424 DNA | 256 bytes | NFC-A (ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4) | SDM, AES-128, 3 AES keys, LRP |
| NTAG 424 DNA TagTamper | 256 bytes | NFC-A (ISO 14443-4) | SDM, AES-128, tamper detection |
SUN (Secure Unique NFC) Technology
The defining feature of NTAG DNA chips is SUN authenticationauthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full →. Every time a user taps the tag, the chip generates a cryptographically unique message:
- The tag stores a base URL in its NDEF message with placeholder fields for dynamic data.
- On each tap, the chip's AES-128 engine encrypts the current counter value, UID, and other status data.
- The encrypted data replaces the placeholders in the URL, creating a unique link.
- The user's phone opens the URL, and the backend server decrypts and verifies the data.
Because the AES key never leaves the chip, even a perfect physical copy of the tag cannot reproduce the correct cryptographic output. Each scan produces a different URL, making replay attacks impossible.
SDM (Secure Dynamic Messaging)
SDM extends SUN by embedding authenticated data directly in the NDEF messageNDEF messageComplete data unit containing one or more NDEF recordsView full →. The tag dynamically generates a CMAC (Cipher-based Message Authentication Code) signature over the message content, which the backend verifies:
SUN CMAC field. An 8-byte CMAC computed over the UID, counter, and optionally the file data, using the AES session key. This proves the message originated from a genuine chip with the correct key.
Encrypted file data. Optional portions of the NDEF message can be encrypted, providing confidentiality in addition to authenticity. Only the backend server with the corresponding key can decrypt the data.
TagTamper Detection
The NTAG 424 DNA TagTamper variant includes a physical tamper detection loop, a thin conductive trace integrated into the tag that breaks when the tag is removed from or the product is opened. The tamper status (intact or broken) is included in the SUN/SDM cryptographic message, providing verifiable evidence of physical tampering.
| Status | Meaning | Backend Action |
|---|---|---|
| Intact (0x43 'C') | Tamper loop not broken | Product is sealed |
| Broken (0x4F 'O') | Tamper loop has been broken | Flag for inspection |
NTAG DNA vs Basic NTAG
| Feature | NTAG 213/215/216 | NTAG DNA |
|---|---|---|
| Authentication | 32-bit password (plaintext) | AES-128 mutual authenticationmutual authenticationTwo-way identity verification between reader and tagView full → |
| Dynamic URL | No (static content) | Yes (SUN/SDM per-tap unique) |
| Anti-cloning | Originality signature only | SUN + SDM + originality |
| Tamper detection | No | Yes (TagTamper variant) |
| Cost | $0.05-$0.20 | $0.30-$1.00 |
A typical deployment requires tag provisioning with unique AES keys during encoding, a backend verification server to decrypt SUN data and validate CMAC signatures, and a consumer-facing web page or app to display authenticity results. For applications where authentication and anti-counterfeiting are critical, NTAG DNA provides capabilities that basic NTAG chips cannot match.
Related Terms
Related Guides
Preguntas frecuentes
The NFC glossary is a comprehensive reference of technical terms, acronyms, and concepts used in Near Field Communication technology. It is designed for developers, product managers, and engineers who work with NFC and need clear definitions of terms like NDEF, APDU, anti-collision, and ISO 14443.
Each glossary term is cross-referenced with related NFC chips, standards, and other terms. For example, the term 'AES-128' links to chips that support AES encryption (NTAG 424 DNA, DESFire EV2/EV3), and the term 'ISO 14443' links to all chips compliant with that standard.
Yes. NFCFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai. Use the language selector in the header to switch languages.