Is possible to lock a NFC tag and later unlock and write data again?
I'm developing a NFC app that will have tags in public places, and in this way it would be necessary to lock the tags with a password or other tool, to avoid that someone deletes the information or modifies their content. The tags should be updatable at a later time. So, is possible to do this? Or when I lock a tag, does it stay read-only forever?
Answer
This very much depends on the type (and consequently price) of NFC tag that you use. Typical, cheap NFC tags (e.g. Type 1 tags like Topaz/Jewel or Type 2 tags like MIFARE Ultralight, NTAG203, Kovio 2K, or my-d NFC) do not allow this. They can only be permanently write-protected (and this is what you should typically do when installing tags in public places).
Other tags do provide some form authentication-based access control that can be used to restrict write-access tag memory, e.g.
- MIFARE Ultralight C: mutual challenge response authentication using 3DES
- NTAG21x, MIFARE Ultralight EV1, my-d move NFC: password based "authentication" with clear-text password. Be warned that a clear-text password may have sever security implications.
- MIFARE DESFire (EV1): mutual challenge response authentication using DES, 3DES or AES
- ...
Authentication is not part of the NFC Forum's tag operation specifications and is consequently tag/tag manufacturer dependent. In order to use such advanced functionality on Android, you would need to implement the relevant commands youself (using the tech.transceive() method).
Note that Ndef.makeReadOnly() on Android does not necessarily set any hardware lock bits. This method may in some cases just as well only set a write protection on protocol level (i.e. set a flag that requests the NFC device not to write any data, but don't protect the actual data pages from being overwritten).