In the modern world of mass production, many products get their value from being one-of-a-kind. Special, limited edition shoes sell for unbelievable prices. Custom paintings and limited edition Blu-ray Discs all sell for a premium, precisely because there are so few of them in existence. However, these high-markup items quickly bring counterfeiters. As profit margins increasingly depend on limited editions, the importance of anti-counterfeiting technology becomes more important.
In the last few years, NXP released a new chip that makes life much tougher for counterfeiters. NXP’s new NTAG 424 DNA chip provides an easy way for specialty manufacturers to prove the authenticity of products. This chip is made possible by many modern advancements in NFC technology. Let’s dive a little deeper into this technology to see what makes it tick.
Many people have heard of RFID (radio frequency identification), the technology that allows for remote identification of electronic tags attached to items. RFID technology was limited, however, because it only provided a one-way communication pathway. The newer form of this technology is known as NFC, or “near-field communication.” A common NFC chip that you have probably interacted with is the newer “tap to pay” contactless credit card, which doesn’t even require insertion. Instead, it uses NFC technology to open up a temporary two-way wireless communication channel between the payment system and your card. These devices are remotely powered, which means that the card reader is actually powering your card while it is communicating with it (which is why the card does not require a battery) using essentially the same technology as charging mats or other wireless charging devices.
The chips that enable NFC are becoming increasingly sophisticated. They can store data, run encryption algorithms, and, of course, communicate wirelessly. These capabilities form the foundation of the new anti-counterfeiting technology.
Obviously, a unique identifier identifying a product can be stored on a chip, and this has been done for the entire lifespan of NFC and RFID. However, counterfeiters can steal this data just like any other information that is written on a product. They can copy a serial number and make 1,000 identical products with the same serial number, and they can copy the contents of an NFC chip and make 1,000 identical NFC chips. So how can one use an NFC chip to enable anti-counterfeiting?
NXP had an interesting idea — what if we could use the data stored on the NFC chip to actively prevent counterfeiting? The idea works like this. Every chip not only contains an identifier, it also contains a counter of how many times the chip was scanned, and a chip-specific message authentication key. Scanning the NFC chip yields a link which encodes the chip ID, the counter, and a message authenticator (which uses the chip-specific key). Following the link will bring you to a website which verifies that the proper key was used, and then check and record the counter. If the counter on the chip is increasing from the previous scan, then it is counted as a “good” scan and the new counter is recorded. Otherwise, it is counted as a bad scan, and the chip is inauthentic.
To see why this works, let’s say that a counterfeiting operation was trying to duplicate your Super Deluxe Widget. They bought the product, and it had a chip with an ID of 1234 and the counter was at 1. Let’s presume that they were able to copy the chip exactly. Now, because the message authentication keys are chip-specific, they can’t produce a chip with a different ID because they don’t have the key for any other chip. So they are restricted to only producing chips with that same ID. However, this doesn’t work either, because the counter would not be coordinated. Let’s say they sold three copies of the Super Deluxe Widget, and they all started with a counter of 1. The first person buys it, scans it successfully, and now the counter is 2. The next person buys it and tries to scan it, but since their counter is 1 it is now reporting failure, because the server notes that the counter is not increasing. Therefore, all subsequent products are known to be counterfeits. Even if the counterfeiting operation encoded different counters in each one, as soon as multiple people are scanning, it quickly is identified as non-authentic, because someone else is going to scan a “later” counter, and then the earlier ones are going to report that they are inauthentic on future scans.
This means that, essentially, a counterfeiter is limited to only making a single copy of an anti-counterfeiting chip before they will be detected. This technology is rather new, only being released in the last four years, and adoption seems rather slow, probably because of the lack of understanding about how it works coupled with the lack of available tools to process it. However, as the ecosystem and understanding of this technology grows (along with the industry of limited editions), using NFC for anti-counterfeiting will likely become more and more commonplace.