Early in 2017, NXP launch a variation of their popular NTAG213 chip called the NTAG213 TT. The NTAG213 TT 'Tag Tamper' chip was designed to detect tampering or modification to packaging. In this article we will look at the function of the TT feature. For general information and comparison of the different types of tamper functions, read our Tamper Tag Types Explained article.
Update : The new NTAG424 TT works in the same way but with added authentication functionality.
Tamper tags or tamperproof tags are not new. In fact they have been quite a few variants. However, there's an important difference between this new NTAG213 TT chip and the previous generation of tamper tags.
To understand the difference, it's important to remember that an NFC antenna is a coil of wire. If that coil of wire is broken then the tag will fail to energise and the tag will not work. The principle therefore of the standard tamper proof tag was simple. Any attempt to remove the tag label should break the antenna and effectively stop the tag from working. There are a number of ways this might happen.
In some cases, the tags material can be very fragile - we generally call this a scratch tamper. An attempt to remove it might cause the tag to quite literally fall apart. As a user tries to peel it away from it's attached surface, the actual material substrate and antenna of the tag will disintegrate and the antenna loop will be broken.
In other cases, there can be a 'two part' construction to the antenna - something we generally call a peel tamper. When the tag is removed, one part of the antenna will detach itself from the other part, thus breaking the loop.
This means two things. Firstly, the chip itself is not broken or changed. Simply, the antenna is broken which means that the tag not the chip is modified. Secondly, after the tamper, the tag does not function. This might seem fairly obvious but it means that a user trying to scan the tag does not know if the tag has stopped working, never worked, or has been tampered with. It simply does not work.
The NTAG213 TT allows a different design. Instead of a single antenna loop it has an additional two connections allowing for two loops of wire. This second, additional, loop of wire can now act as the one that 'breaks' but without damage to the important antenna loop.
This serves two significant benefits.
Firstly, NFC antennas need careful tuning to make sure that they work properly. The length, design and material need to be designed to ensure good performance. This makes the older design of tamper tags more difficult because this tuning has to be taken into account. With the NTAG213 TT, the antenna is independent which means it can be tuned and set like any normal NFC antenna. The tamper loop can now be used in any shape or format that works best.
Secondly, and importantly, the tag will continue to work after the tamper action. This means that it is now possible to scan the tag to detect a tamper rather than the previous action which was just to be presented with a dead tag.
Clearly, if the TT simply allowed a scan after tamper it wouldn't be doing much as a tamper tag. So what actually happens is that the NTAG213 TT can change the content of the data dynamically to indicate that it has been tampered with.
For example, a typical use case might be that the tag is encoded with a web address such as https://tap.authnfc.com/n3h4gv4x?t=1F2A1F2A where the t variable indicates a data code being set by the chip when tag has not been tampered. The default state would be '1F2A1F2A'. Now, should the additional tamper loop on the tag be broken, the tag can still be scanned but the chip will automatically change the '1F2A1F2A' to, say 'FFFFFFFF'. The web address when it is now scanned will show https://tap.authnfc.com/n3h4gv4x?t=FFFFFFFF, allowing a developer to display a different page and show that the tag has been modified.
These codes are programmed/encoded onto the NFC chip during the tag encoding process.
It's a simple solution, but effective.
(The links are being managed by our ixkio nfc tag management system to display actual results - try them)
Typically, the tags are used the detect the opening of packaging. This can either be in the cap/lid of a bottle so that as it the cap is twisted, the tamper loop is broken. However, tamper tags can also be used for single use ticketing or vouchers.
One of the most common use cases for tamper proof tags is for asset management. As many readers of this site and many NFC users in general will know, NFC tags and metal aren't the best of friends. Normal NFC tags cannot be used on metal surfaces. To allow an NFC tag to be used on a metal surface, an additional ferrite layer needs to be included between the tag and the adhesive.
Unfortunately, this additional layer creates substantial design issue for both standard tamper tags and the NTAG213 TT tamper tags. Seritag have seen a few designs where the tamper loop runs on the metal side of the ferrite layer to the antenna/chip side of the ferrite layer but the cost implications of reliably making such a construction mean that it's all but a design idea.
In short, Seritag have yet to see a suitable on-metal tamper tag in any variant. Tamper tags and metal surfaces don't mix.