Access Control Bits
Configuration bits in NFC chip memory that define read/write permissions for each memory sector or block. In MIFARE Classic, access bits determine which keys (A or B) can read, write, or modify each data block.
What Are Access Control Bits?
Access control bitsAccess control bitsConfiguration bits defining per-block read/write permissionsView full → are configuration bits stored in NFC chip memory that define read and write permissions for each memory sector, block, or page. These bits determine which operations are allowed on specific memory regions and what credentials (if any) are required to perform those operations. Access control bits are the primary mechanism for implementing fine-grained data protection on NFC tags, particularly in MIFARE Classic chips where they govern sector-level access policies.
MIFARE Classic Access Control
MIFARE Classic uses the most elaborate access control bit system in the NFC ecosystem. Each 1 KB Classic chip contains 16 sectors, each with 4 blocks of 16 bytes. The last block in each sector is the "sector trailer" containing:
| Byte Range | Content | Size |
|---|---|---|
| 0-5 | Key A | 6 bytes |
| 6-8 | Access bits | 3 bytes |
| 9 | User byte | 1 byte |
| 10-15 | Key B | 6 bytes |
The three access control bytes encode the permissions for each block in the sector using a compact bit-encodingencodingData writing to NFC tags during manufacturing productionView full → scheme. Each block's permissions are defined by three bits (C1, C2, C3) stored with their complements for error detection.
Access Bits in NTAG Chips
NTAG 21x chips (NTAG 213, 215, 216) use a simpler access control model:
AUTH0 register. Specifies the first memory page that requires password authentication. Pages before AUTH0 are freely accessible; pages from AUTH0 onward require the 32-bit password.
ACCESS register. Contains configuration bits: - PROT bit: 0 = password required for write only, 1 = password required for read and write - CFGLCK bit: Locks the configuration pages permanently - NFC_CNT_PWD_PROT bit: Protects the NFC counter behind password authenticationauthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full → - AUTHLIM field: Maximum number of failed authentication attempts before the tag locks out (0 = unlimited)
Security Considerations
Access control bits are only as secure as the underlying authentication mechanism. For MIFARE Classic, the Crypto-1 cipher protecting Key A and Key B is completely broken, meaning access control bits provide no real security on Classic chips. Attackers can extract the keys and modify any sector regardless of the configuration.
For NTAG 21x chips, the 32-bit password is transmitted in plaintext. For applications requiring genuine security, use chips with AES-128 authentication such as NTAG 424 DNA or MIFARE DESFire EV3.
Best Practices
When configuring access control bits: plan before writing (errors on MIFARE Classic can permanently lock sectors), store Key B securely if using it for write access, set AUTHLIM on NTAG to prevent brute-force attacks, and test with multiple readers before deploying at scale.
Related Terms
Related Guides
Questions fréquemment posées
The NFC glossary is a comprehensive reference of technical terms, acronyms, and concepts used in Near Field Communication technology. It is designed for developers, product managers, and engineers who work with NFC and need clear definitions of terms like NDEF, APDU, anti-collision, and ISO 14443.
Each glossary term is cross-referenced with related NFC chips, standards, and other terms. For example, the term 'AES-128' links to chips that support AES encryption (NTAG 424 DNA, DESFire EV2/EV3), and the term 'ISO 14443' links to all chips compliant with that standard.
Yes. NFCFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai. Use the language selector in the header to switch languages.