How do NFC tags prevent counterfeiting and how do we prevent someone from merely cloning the NFC tags themselves? Read on if you are curious on the technical details.
FIrst of all, let’s talk about how the NFC tags work. Each NFC tag contains three elements: a unique ID number, a unique secret key, and a count of the number of times that the tag has been scanned. These data items are also kept on our server. When the user scans the NFC tag, it produces the ID number and the scan counter, and then uses the secret key (and these other elements) to produce a signature. Because our server also knows the key, it can generate the signature as well and make sure that it matches. Additionally, the server will check the read counter to make sure that the counter increased from the last time it was read. If the counter does not increase (or goes down), then the server can know that there was some tampering that occurred on the tag and can let the user know that the tag is not valid. Additionally, if someone did manage to clone a tag (this is not possible without lab-grade equipment), the read counter would mean that only one of the clones was usable (as soon as one was scanned, the other read counters would then be considered “inauthentic”).
To sum it up, every scan produces a different message with a cryptographic code that can be verified by the server, and the server can detect if the generated message is just a replay of a previous message.