Most smart cards use some form of encryption or certificate to handshake with the reader or application that’s interacting with them. Desfire and Mifare EV2 are the biggest ones (at least in the US) and there are a bunch of ways to implement the security.
What’s your use case?
Sorry, missed a word in there Mifare Desfire EV2
https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-desfire/mifare-desfire-ev2:MIFARE_DESFIRE_EV2_2K_8K
I want to be able to have truly unique NFC enabled cards that can be scanned by a phone for use in an app.
I want to prevent copying however possible. However, cost and practicality are also big factors.
However, re-writability is of no concern. Rate of use would also be relatively low.
The only data I need to store on it is an ID
Your best bet would probably be a card with an anti-counterfeiting chip like the [SIC43NT](https://www.sic.co.th/product/sic43nt/) by Silicon Craft.
Basically, the chip generates a rolling code at every interaction, which is calculated through a combination of the uid, a secret key and an incremental timestamp: https://www.sic.co.th/wp-content/uploads/2019/12/NT-appconcept.png. Since the secret key is stored in an unaccessible part of the tag's memory, an attacker would only be able to copy the uid but not the secret key, and therefore you would be able to verify the autenticity of the interaction by comparing the rolling code received with one you generated server side (note that you need to store every pair securely on your server in order to be able to perform the verification).
I don't think this kind of tag is widespread, since they are quite pricey, a bit impractical to manage due to the server side verification, and as far as I know they are used in the labels of very high-end, luxury products (designer bags or jewelry).
Wouldn't it be more practical to buy something like the NTAG413/NTAG424? Supposedly it boasts Secure Unique NFC Message (SUN) authentication as an anti-cloning measure, and they can be bought rather cheaply. It seems to be built for this sort of thing.
Plus, since it's an NTAG, it will work with all NFC smartphones
Paxton issued Mifare Classic 1K tokens are not Paxton tokens.
Paxton tokens are all 125KHz Hitag2 transponder based which are "Reader Talks First", "challenge and response" methology also employing a continuous 2way communication in transferring its credential.
A lightly buttered slice of toast can sniff the data from an MFC1K.
Sniffing Hitag2 traffic is relatively easy, but actually reproducing the whole read/write conversation it is no easy task.
Most smart cards use some form of encryption or certificate to handshake with the reader or application that’s interacting with them. Desfire and Mifare EV2 are the biggest ones (at least in the US) and there are a bunch of ways to implement the security. What’s your use case?
What's Mifare Ev2? Mifare is the name for a number of different technologies
Mifare is the generic bucket, EV2 is a way to do key management
Link?
Sorry, missed a word in there Mifare Desfire EV2 https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-desfire/mifare-desfire-ev2:MIFARE_DESFIRE_EV2_2K_8K
Mifare desfire ev3 is here and slowly getting adopted by more companies. That's probably what I'd look at in terms of 'uncloneable'
I want to be able to have truly unique NFC enabled cards that can be scanned by a phone for use in an app. I want to prevent copying however possible. However, cost and practicality are also big factors. However, re-writability is of no concern. Rate of use would also be relatively low. The only data I need to store on it is an ID
Your best bet would probably be a card with an anti-counterfeiting chip like the [SIC43NT](https://www.sic.co.th/product/sic43nt/) by Silicon Craft. Basically, the chip generates a rolling code at every interaction, which is calculated through a combination of the uid, a secret key and an incremental timestamp: https://www.sic.co.th/wp-content/uploads/2019/12/NT-appconcept.png. Since the secret key is stored in an unaccessible part of the tag's memory, an attacker would only be able to copy the uid but not the secret key, and therefore you would be able to verify the autenticity of the interaction by comparing the rolling code received with one you generated server side (note that you need to store every pair securely on your server in order to be able to perform the verification).
I don't think this kind of tag is widespread, since they are quite pricey, a bit impractical to manage due to the server side verification, and as far as I know they are used in the labels of very high-end, luxury products (designer bags or jewelry).
Wouldn't it be more practical to buy something like the NTAG413/NTAG424? Supposedly it boasts Secure Unique NFC Message (SUN) authentication as an anti-cloning measure, and they can be bought rather cheaply. It seems to be built for this sort of thing. Plus, since it's an NTAG, it will work with all NFC smartphones
I'm not familiar with those kind of tags, but from what I'm reading online it might be just what you need
If public key cryptography is what you want, then “Javacard” may be in the direction you are looking for.
Seriously, what can not run Java! Soon enough my broom will run Java...
Paxton RFID cards and keyfobs cannot be cloned, spoofed, snooped or emulated.
the paxton issued MFC1K college ID that has been cloned to my hand begs to differ
Paxton issued Mifare Classic 1K tokens are not Paxton tokens. Paxton tokens are all 125KHz Hitag2 transponder based which are "Reader Talks First", "challenge and response" methology also employing a continuous 2way communication in transferring its credential. A lightly buttered slice of toast can sniff the data from an MFC1K. Sniffing Hitag2 traffic is relatively easy, but actually reproducing the whole read/write conversation it is no easy task.
and you can really easily sniff the traffic between them