Hardware-isolated keys
AES-128 keys live inside the chip's secure element. They're never transmitted, exported, or readable — even with physical access to the tag.
Back to shopHow validation works Why NTAG 424 
NTAG 424 · DNA
Tap to verify. Trust on contact.
Every TGIFT product can carry a tamper-proof NTAG 424 NFC tag. A simple tap with any modern smartphone runs a cryptographic challenge–response and confirms the item is genuine through the Hashentic secure verification platform.
Visit hashentic.comAES-128 · CMAC · SHA-512
Cryptographic challenge–response in 4 steps
The NTAG 424 chip never exposes its secret key. Instead it proves it knows the key by computing a fresh CMAC on every scan, validated against Hashentic's secure backend.
- 01
Secure key provisioning
A high-entropy AES-128 key is generated by a CSPRNG and burned into the tag's secure element. The matching key lives only on Hashentic's backend — never on the tag in readable form.
- 02
NFC tap & SUN URL
On tap, the tag emits a Secure Unique NFC (SUN) URL containing the UID, an incremented read counter and a freshly computed CMAC, opened automatically by the phone — no app required.
- 03
CMAC verification
The Hashentic backend reproduces the CMAC using the stored key, UID and counter (AES-128 / SHA-512). Replay and clone attempts fail because each scan must use a strictly increasing counter.
- 04
Verified result delivery
On success, the consumer is redirected to a secure verification page showing product origin, certifications and metadata — all tied to the specific tag and scan event, with each verification recorded in a tamper-evident audit log.
Built for products that can't be faked
NTAG 424 is the current industry standard for cryptographic NFC authentication, combining low cost with hardware-grade security.
Dynamic CMAC per scan
Every tap produces a unique cryptographic signature based on a monotonic read counter. Cloned data becomes worthless after a single use.
Anti-clone & anti-replay
Counter checks and challenge–response validation guarantee that only the original silicon can produce valid scans — copies are detected instantly.
Tamper-evident audit trail
Every verification event is recorded in Hashentic's append-only log with cryptographic chaining, giving brands a trustworthy history for analytics, recalls and compliance.
Practical detail
The chip is sealed in plastic
The NFC chip is embedded in a sealed plastic capsule, so it stays protected inside the product and handles regular washing in a washing machine up to 60°C.
This makes the NFC setup more practical for everyday wear, not just for display.
Authentication partnerHashentic
Open hashentic.comTGIFT uses Hashentic to deliver enterprise-grade NFC authentication. Hashentic combines NTAG 213/215/424 hardware with a secure SaaS verification platform to protect brands, supply chains and consumers worldwide.