NFC Tag as authentication tool

Question

Can I use NFC tag as authentication tool, for example when the tag is tapped, it opens a url, connects to a remote database and checks if that is the original Tag and returns true or false.

The information and the url will be public so anyone can tap the tag, but if someone copy its content to another tag, then it connects to the database it will return false. So actually that would be a public tag but with an unique identificator that can't be copied. Hope it makes sense, im new to the NFC tags but i find them quite exciting.

Answer 1

An NFC tag (as defined by the NFC Forum's Tag Operation specifications) is simple memory without any security mechanisms. Therefore, you cannot protect it from being read and cloned to another tag*.

*) As corvairjo wrote, tags typically have a read-only part that contains a (more or less) unique identifier. However, as opposed to what corvairjo states, this does not really prevent cloning. For most tag technologies, you can get tags that permit overwriting/customization of even that "unique" identifier. Even if no such tags exist yet, it is fairly easy to create a card emulator that emulates such a tag containing the original tag's serial number (such hardware exists, e.g. ProxMark).

Beyond pure NFC tags, some tag manufacturers provide tags with cloning protection. However, in the low cost segment (e.g. the signature feature of the new NTAG series) tags often do not really provide cloning protection (NTAG signature only prevents creation of tags with arbitrary UIDs but does not prevent cloning including the static(!) signature). Still, tags with usable cloning protection do exist.

Answer 2

You could store a number (serial or pseudo random) on the tag. Your app should transmit both that number and the tag's UID to the remote server. That server can then verify whether the two numbers match together. Since the UID is unique to the chip, this prohibits cloning of a tag.