An Introduction to Connecting NFC with NFT

28 December 2022

The History

Using NFC tags and mobile phones for object identification is now well established. The process arguably started back in 2006 when Nokia added NFC support to the 6131, but started to gain real traction in 2010 with the Samsung-manufactured Google Nexus S (the predecessor to the Pixel series). Gradually, companies and individuals started to see the ease and benefits of using NFC tags for asset and product identification.

However, standard NFC tags - like QR codes - can be easily copied. So the next step was the launch of authentication grade NFC chips. While encryption grade NFC chips weren't new - they had been used in transport ticketing for many years - a new generation of 'frictionless' NFC chips introduced NFC tag authentication.

In 2012, HID released the Trusted Tag and in 2017, NXP released the NTAG413 DNA chip. While neither really changed the overall market much, they added something essential. They allowed the NFC chip to be authenticated from a simple scan with a mobile phone without the use of a specialist app - the 'frictionless' authentication process.

At the same time, in 2014 the first 'NFT' was created. Over the next years, and with the launch of the ERC-721 standard, the NFT market grew to become the de-facto standard for digital asset identification it is today.

NFC secures the physical and NFT secures the digital

And now, we are starting to see the two connecting. With NFC tags securing the physical, NFTs securing the digital and the connection between them creating 'physical backed NFTs', 'phygital' or 'digital twins'.

This article explains how it's done.

Getting started

It's exciting. That's where we start. The ability to reliably and securely connect physical objects with digital items has so many use cases, from fashion to gaming, healthcare to supply chain management, finance to government, artworks to legal - we'd never finish this article if we started. So let's just focus on how you might connect the two.

To cover this in a logical way, we will break the basic connection concepts into five Grades.

In many cases, there's also offshoots of those Grades and variations and probably sub-variations. However, the purpose of the ixkio grading system is to understand the methods by which the physical NFC tag might be connected with the digital NFT (or conversely, a physical backed NFT) and to provide a little framework and clarity.

NFC 'Ownership' concepts

Before we get into the Grades, first we need to tackle the concept of NFC tag ownership and ID. There's a couple of items to cover here.

The NFC Tag 'ID'

When authentication tags are encoded, they are programmed to display a unique ID in the URL. This ID will be unique across all similarly used tags and is used to reference the encryption key on the authentication server.

However, this 'Tag ID' is not really the identifier for that NFC tag. On it's own, it can be duplicated and copied to another tag. It's usually public and openly visible (although in some instances it can in itself also be encrypted using another key). 

The real identifier is the private encryption key that's encoded and hidden within the NFC chip. This encryption key is used - possibly alongside the Tag ID - to generate the one time codes for authentication.

Any concept to connect the NFC tag and an NFT (or anything else) shouldn't use the Tag ID but must use the encryption key. And remember, the encryption key is private.

Physical ownership

An NFT has an owner. It may be anonymous and the actual owner might be hidden behind many layers but technically, it has an owner - even if you view that just as a single hexadecimal string. You cannot transfer that NFT without changing owner. (We won't get into details here about the legal ownership relationship between an NFT and the image/artwork/etc that it relates to. Safe to say, let's assume ownership of the NFT is ownership of the related digital artwork/item/image/character/etc).

Ownership of an NFC tag is arguably more complex. An NFC tag is attached to a physical object that can quite easily be sold without any digital interaction. I own the handbag. I sell it to you and hand it over to you. You now own the handbag but, without any digital interaction, I still own the NFT and there's not a lot that can be done about that. The handbag won't stop working.

Therefore, in most Digital Twin concepts, the NFT is considered the master. In other words, the physical item is something that can be used to control the transfer the NFT or something who's ownership can be verified via the NFT - but conceptually more difficult the other way around. 

The Five Grades of Digital Twin

Grade 1

Essentially, the NFC and NFT are two completely separate entities. They are not connected in any technical way - they are simply sold together as a single package.

Grade 2

At Grade 2, the NFT contract, token and possibly the owner information are stored with the NFC. The NFC data is not decentralised but there is now a technical connection between the two as a specific NFT is linked to a specific NFC.

At Grade 2, a change in NFT owner isn't automatically reflected in the NFC details.

Generally, this means that the NFT data is stored within a database that also holds the NFC data. However, it can also mean that the NFT data is stored within the NFC tag itself. However, considering that verification of the authentication NFC tag is usually undertaken by a server holding the NFC keys, then storing the NFT data on the NFC tag isn't necessarily a step towards increased security or decentralisation. 

Grade 3

For Grade 3, the NFT data needs to be dynamically linked to the NFC. The NFC database stores the data of the NFT (contract, token and owner). At this Grade, any changes to the NFT ownership must be automatically updated within the NFC database. In essence, the NFT cannot change owner without taking the NFC with it.

Grade 4

By Grade 4, the NFC and NFT and twinned but in reverse. The NFC keys (or the public half of an asynchronous encryption system) are stored with/within the NFT blockchain rather than vice versa as per the previous Grades.

A change in ownership of the NFT will therefore automatically change ownership of the NFC in as much as the NFC 'id' is stored with the NFT.

Grade 5

At Grade 5, the NFT and NFC are tightly locked. The NFT cannot change ownership without a direct 'confirmation' from the NFC. In other words, the NFT cannot be transferred without confirmation of possession of the NFC. 

The Physical Locked NFT concept creates a true connection between the physical and digital

Grade 5 can be split into two concepts : Decentralised Grade 5 and Managed Grade 5.

With Managed Grade 5, the NFC keys are stored within an authentication server. They are required to authenticate the NFC tag and therefore provide the confirmation to complete a transfer of the NFT.

With Decentralised Grade 5, the NFC keys (or the public half of an asynchronous encryption system) are stored within the blockchain. In theory the NFC tag 'data' is owned by the NFT and not by an authentication service.

The Private Key problem

One important aspect of the most popular NFC authentication chips on the market is that the encryption process is 'synchronous'. Let's explain.

For an authentication NFC tag to work, a secret or 'private' key is encoded/programmed onto the chip. A copy of that private key is also stored on the authentication server (ixkio, for example). This key is used to create the unique code on the NFC tag on each scan and the unique code - not the key - is transferred to the authentication server for verification.

The point here is that the private key is just that - private. If it was made openly accessible on the blockchain, it would no longer be private and the whole system wouldn't work.

There's three options here.

Centralised NFC keys

The NFC keys aren't stored on the blockchain at all. They are held by an authentication service or company. This doesn't mean they can't be securely transferred to another company, party or even the tag owner. It just means that under normal circumstances, they aren't publicly visible.

Asynchronous keys

This isn't the article to go into too much depth here but to keep things short, when using asynchronous keys, there's a private key and a public key. The public key can verify that data 'signed' by the private key was actually signed by that private key.

As one of the keys is public, it can be stored on the blockchain. In doing so, the NFC identity is also stored with it - ie, a Grade 4 or Grade 5 scenario.

To be clear, you cannot do this with the current mass-market NTAG424, EM|Linq or similar chips. However, there are a few emerging companies and options such as Encrypto.Art or Physical Backed Tokens (PBT).

These systems use more complex NFC chips (or circuits) that in most cases can create the public/private keypair and can also sign data sent to them.

There are downsides or potential risks to these options, such as price, scalability and long term reliability or security. However, the concept is logical and for some use cases where decentralisation of both NFC and NFT ownership is absolutely critical, it may be the only current option.

Double encryption

To prevent this article becoming a book, we will again try and be brief. Fundamentally, the concept is that you take the private key from the NFC chip (the usual NTAG424 variant), encrypt it and then place the encrypted version on the blockchain.

This would typically involve the use of asynchronous encryption so that the public key for the NFC key encryption can be held on the blockchain openly.

There's a lot of concepts, work and ideas on this floating around at the moment mainly involving dApps (decentralised applications). Again, the logic for many of these is generally sound but in many instances that we have seen, we'd question truly how decentralised (ie, independent of any single controlling company) these processes are. Additionally, many of the concepts are Grade 4 rather than Grade 5 in as much as the NFC isn't directly involved in controlling the transfer of the NFT.

Physical Backed NFT vs. Physical Locked NFT

Ixkio refer to a physical backed NFT as an NFT which is directly connected to a single NFC tag but can be transferred without proof of physical object posession. Ownership or a Physical Locked NFT, on the other hand, cannot be transferred without a scan or direct interaction of the related physical object. 

As with any new and emerging technology some of the termninology on this can become a little blurred. However, there is a clear distinction between the two concepts and the way that they work. 

What's next ?

There's really no discussion now that the ability to securely link physical objects to digital objects will be essential. We increasingly live in a digital world and the objects and identity we have in the physical world will need to be mirrored in the digital space (or metaverse, if you will).

What we are looking at here is how that will be done. Much of the noise (and money) associated with NFTs to date has perhaps masked the inherent value of what they really represent.

But what is interesting is that while the blockchain, NFT and digital market moves forward at lightning speed - NFC chip technology just doesn't. It can't.

Which ultimately means that many of today's solutions are built around, and on, current NFC chip technology. They may not all be perfect but it's a start.

NFC chip technology won't stand still. And tomorrow's technology is likely to create ever more powerful, streamlined and secure solutions.

Connecting physical to digital is here to stay. It's all about how we get it done.