NFC tags and password protecting and unique identifier

Question

I'd like to write data to NFC tags such that I know that when I read it that it actually came from me. I could make the tag permanently read only but that only prevents writing of that particular tag. A bad actor could copy the data and impersonate the tag. How can I prevent this?

I could encrypt the data with my private key and then sign with my public key, which would mean that it definitely came from me and only I could read it. But what stops someone from simply duplicating the data and impersonating that tag.

Is there something unique to each tag that can be read and recorded and cannot be changed and is unique for all tags and all time? I could record that to make sure that tag is one that I've written.

Answer 1

Someone could still impersonate the UID on a custom card. If you made your own custom card you could include a validation algorithm of some sort that you could send random data to and get an expected response from. But standard tags are very susceptible to impersonation.

Answer 2

Most NFC tags have a hardware UID that's unique to the tag. For instance, a Mifare Ultralight tag has a 7 byte UID that identifies the tag uniquely. Think of it as similar to a MAC address for your network card.

This UID is read-only and can't be changed after manufacture. If you read the spec for the particular tag, you can see where it's located. For Mifare Ultralight, these 7 bytes are located on the first few pages. See the spec here:

http://www.nxp.com/acrobat_download2/other/identification/M028634_MF0ICU1_Functional_Spec_V3.4.pdf

There's a free android app called NFC Tag Info that I use to poke around the page structure of a tag, as well as find the UID for a tag: https://market.android.com/details?id=at.mroland.android.apps.nfctaginfo