Mutual Authentication
A security protocol where both the NFC reader and tag verify each other's identity before exchanging data. Prevents unauthorized readers from accessing tag data and unauthorized tags from impersonating legitimate ones.
What Is Mutual Authentication?
authenticationauthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full →/" class="text-cyan-600 dark:text-cyan-400 underline decoration-dotted decoration-cyan-300 dark:decoration-cyan-700 underline-offset-2 hover:decoration-solid transition-colors">Mutual authenticationMutual authenticationTwo-way identity verification between reader and tagView full → is a cryptographic protocol in which both the NFC readerNFC readerActive device generating RF field to initiate communication with tagsView full → and the tag independently verify each other's identity before any sensitive data is exchanged. Unlike one-way authentication where only the tag proves itself to the reader, mutual authentication ensures that the tag also confirms it is communicating with an authorized reader. This two-directional trust model prevents both tag cloning and rogue reader attacks.
Why Mutual Authentication Matters
In a one-way scheme, a legitimate tag can be tricked into revealing its data to a malicious reader because the tag has no mechanism to verify the reader's credentials. Mutual authentication closes this gap. This is critical for contactless payments (EMV specifications require it), corporate access control (rogue readers cannot harvest badge credentials), and brand protection (NTAG 424 DNA tags authenticate the backend server).
How It Works
The process typically follows a three-pass challenge-response protocol:
- Reader challenge: The reader sends a random nonce to the tag.
- Tag response + tag challenge: The tag encrypts the reader's nonce with the shared secret key, appends its own random nonce, and returns both.
- Reader response: The reader decrypts and verifies the tag's response, then encrypts the tag's nonce and sends it back. The tag verifies this final response.
If any step fails, the session terminates without data exchange. Modern implementations use AES-128, providing 128-bit security strength. Older systems used DES/3DES or the now-broken Crypto-1.
Chips Supporting Mutual Authentication
| Chip Family | Algorithm | Key Length |
|---|---|---|
| MIFARE Classic | Crypto-1Crypto-1Broken proprietary cipher in MIFARE Classic (reverse-engineered 2008)View full → (broken) | 48-bit |
| MIFARE Ultralight C | 3DES | 112-bit |
| MIFARE DESFire EV2/EV3 | AES-128 | 128-bit |
| NTAG 424 DNA | AES-128 | 128-bit |
| ICODE DNA | AES-128 | 128-bit |
Session Keys and Secure Messaging
After successful mutual authentication, both parties derive a session key from the exchanged nonces and the shared master key. All subsequent communication is encrypted and integrity-protected. The session key is unique per transaction, preventing replay attacks even if the entire RF exchange is captured.
For the highest assurance, combine mutual authentication with originality signatures and SUN messages for layered defense.
Related Terms
Related Guides
Perguntas frequentes
The NFC glossary is a comprehensive reference of technical terms, acronyms, and concepts used in Near Field Communication technology. It is designed for developers, product managers, and engineers who work with NFC and need clear definitions of terms like NDEF, APDU, anti-collision, and ISO 14443.
Each glossary term is cross-referenced with related NFC chips, standards, and other terms. For example, the term 'AES-128' links to chips that support AES encryption (NTAG 424 DNA, DESFire EV2/EV3), and the term 'ISO 14443' links to all chips compliant with that standard.
Yes. NFCFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai. Use the language selector in the header to switch languages.