AN-7656: Using the MAX66250 Mobile Application, the Basics

Abstract

This application note walks through the basics of the MAX66250 NFC/RFID device in terms of its use with the associated mobile applications. The functionality of the IC is exercised by using the mobile app to directly invoke the MAX66250’s commands.

Introduction

In this application note, let us discuss the features of the MAX66250 secure authenticator IC and how to access these features using the associated Android/iOS application. The device essentially acts as a near-field communication (NFC)/radio frequency identification (RFID) tag with additional cryptographic security features.

Device Features

The MAX66250 integrates advanced security features, data protection, and user programmable memory into one NFC/RFID IC to provide simple yet effective cryptographic protection for any application. Figure 1 shows the high-level interaction between the device's components.

The most integral part of the security of the MAX66250 is that the stored data is cryptographically protected, as read-protections and write-protections can be set on almost any data stored on the device.

Detailed descriptions of the security features are as follows:

  • SHA3-256 secure hash algorithm for challenge/response peripheral authentication
  • Keyed-hash message authentication codes (HMACs) for peripheral authentication
  • Secure storage (256 bits of secure electrically erasable programmable read-only memory (EEPROM) for user data and secrets)
  • 17-bit one-time set decrement-only counter with authenticated read

Figure 1. Block diagram of the MAX66250.

Figure 1. Block diagram of the MAX66250.

MAX66250 NFC Reader Application (Mobile)

This is an application for Android and iOS that allows the user to send certain commands to the MAX66250 device to interface with the features of the device. Table 1 outlines the commands relevant to the mobile applications.

Table 1. Table of Commands Employed by the MAX66250 NFC Software
Command Description Type
Decrement Counter Decrements the internal counter by 1 General
Write Memory Writes to memory page General
Read Memory Reads from memory page General
Read Status Reads protections for all pages of memory General
Set Page Protection Sets read, write, or APH protection of a memory page General
Compute and Read Page Authentication Computes HMAC SHA3-256 authentication on a page HMAC
Authenticated SHA-3 Write Memory Computes HMAC SHA3-256 authentication and then updates the changed blocks in memory HMAC
Compute S-Secret Compute S-Secret from M-Secret using HMAC SHA3-256 HMAC

A simple graphical user interface is implemented to invoke and issue each command. The application of these commands can include something as simple as reading the memory from a page of the MAX66250, or something more complex such as computing an HMAC SHA3-256 authentication on a page using a master secret and a challenge to then read the authenticated data on that page. The former is executed from the Device Features tab in the mobile application, while the latter is executed from the Cryptography tab. Thanks to the software, all the commands are employed under-the-hood, while the user simply selects the desired operations.

The next section details how to use the above commands in the mobile application.


Application Setup and Use


After downloading the application from the Apple AppStore if on an iOS device or the Google Play Store if on an Android device, the first window should show the Basic tab. This tab is used to scan the unique identifier (UID) of the MAX66250 and connect with the device. Figure 2 shows this tab after a successful Read UID on a MAX66250 chip.

Figure 2. MAX66250 NFC reader app basic tab that appears on start-up.

Figure 2. MAX66250 NFC reader app basic tab that appears on start-up.

Let us now describe the inputs and functions of the elements on the Device Features and Cryptography tabs shown in Figure 3 (each input/function is tagged with a number and explained after Figure 3). It is important to understand the function of each component to use the application effectively.

Figure 3. MAX66250 reader app Device Features (left) and Cryptography (right) tabs.

Figure 3. MAX66250 reader app Device Features (left) and Cryptography (right) tabs.

Device Features Tab


  1. Selects the Page in the MAX66250 device's memory to interface. Choose between four options: Page 0, Page 1, Decrement Counter (Page 2), or the Master Secret (Page 3).
  2. The data read from the page or to be written to the page. Use Rand to generate random data and the trashcan icon to clear the field.
  3. The Write Memory command from Table 1. When on the Decrement Counter page, this command sets the decrement counter to a value not to exceed 01FFFFh. This can only be done once per MAX66250 Tag.
  4. The Read Memory command from.
  5. The Decrement Counter command from Table 1. Note that this command only appears if viewing the Decrement Counter page.
  6. The Set Page Protection command from Table 1 with associated switches. Activate the switches and then press Set Protection to set a protection on the selected page.
  7. The Read Status command from Table 1. When reading the status of a particular page, the protection switches' statuses change to match the protection on that page. (For example, if page 0 has read protection, press Read Status, then the Read switch activates).
  8. Shows the result of the last attempted communication.

Cryptography Tab


  1. Selects either page 0 or page 1 of the MAX66250's memory to interface.
  2. The Master Secret to be used for HMAC SHA3-256 authentication. *
  3. The randomly generated Challenge to be used for HMAC SHA3-256 authentication. *
  4. The Shared Secret calculated using the Master Secret and the Challenge (can only be read).
  5. The data read from the page or to be written to the page. *
  6. The Authenticated SHA-3 Write Memory command from Table 1.
  7. The Compute and Read Page Authentication command from Table 1.

* Note: Use Rand to generate random data and the trashcan icon to clear the field.

Basic Use Framework

For a basic example of using the mobile application, follow these steps:

  1. Open the MAX66250 Reader application and move the phone's NFC reader close to the MAX66250 Tag. Click Read UID on the Basic tab to begin communication with the chip.
  2. Switch to the Device Features tab.
  3. Select Page 0 and press Rand to generate random data to write to the MAX66250.
  4. Press Write Memory.
  5. Switch the page to M-Secret and press Rand.
  6. Press Write Memory.
  7. Switch back to Page 0 and press Read Memory. The random data in step 3 comes up once again in the data field.
  8. Switch to the Cryptography tab. The M-Secret from step 5 comes up.
  9. Set the page to Page 0 and press Rand next to the Challenge field.
  10. Press Compute & Read Page Authentication. The data read in step 7 is returned and an S-Secret is generated.

Summary

This application note details the basic operation of the MAX66250 reader mobile application. It explains how to use each command and the purpose of the input fields.

Trademarks

  • Android is a registered service mark and registered trademark of Google LLC.
  • iOS is a registered service mark and registered trademark of Apple Inc.