It really depends on the type (and therefore price) of the NFC tag you are using. Typical, cheap NFC tags (such as Type 1 tags such as Topaz / Jewel or Type 2 tags such as MIFARE Ultralight, NTAG203, Kovio 2K or my-d NFC) do not allow this. They can only be protected from writing (and this is what you usually should do when installing tags in public places).
Other tags provide a form-based access control that can be used to limit tag memory with write access, for example
- MIFARE Ultralight C: Mutual Response Authentication Using 3DES
- NTAG21x, MIFARE Ultralight EV1, my-d move NFC: password authentication with clear text password. Be warned that a clear text password can have serious security implications.
- MIFARE DESFire (EV1): Authentication of a mutual response request using DES, 3DES or AES
- ...
Authentication is not part of the NFC Forum tag specification and, therefore, depends on the tag / tag manufacturer. To use such advanced features on Android, you will need to implement the appropriate commands yourself (using the tech.transceive() method).
Note that Ndef.makeReadOnly() on Android does not necessarily set the hardware lock bit. This method can, in some cases, just as well set write protection at the protocol level (i.e. set a flag that asks the NFC device not to write any data, but not to protect the actual data pages from being overwritten).
Michael Roland
source share