Are these tags only registered once purchased? If someone had these tags in store on a product, is there a way to make it so they aren’t active until purchased individually? Or are they all active once in the store owners possession?
Yes, ordinarily, the tags are encoded with the URLs and the the tag IDs are then registered in the software against each item to activate them after they are purchased. Then usually, they are sent to the stores so anyone can pick up the product and authenticate them to see if they are genuine or not. It is possible to make it so that the tags are activated only after the item is purchased however, that involves some custom work and having the POS systems in the store scan and activate the item post purchase which is usually complicated because more people need to be trained and involved. We do have gating of content and experiences by ownership authentication though as a feature. That way, when an item is purchased a paired NFT can be transferred to their wallet first as a token of ownership (or claimed after purchase) and when they tap the NFC tag, it will verify they have the ownership token and only unlock gated content and experiences to the owner of the item. You will find other videos on our channel with that feature.
Thanks Bryan. The service that receives information from the NTAG 424 DNA tags and then authenticates it is built into the Qliktag Platform so if you subscribe for an account on the platform it can be used with a subdomain. The "Enterprise Plan" subscription level allows for custom domains so your pages will display your website domain. The platform APIs are very extensive and will allow you to integrate with apps and send or receive information on the platform via an app.
Hello, is it possible to detect and launch in the navigator the URL of the NFC Tag with an iPhone (iOS) without an other app ? I see you use and Android in the video.
Yes using our platform & 424DNA tags, the end user doesn't need to download any app for Android or for iPhone. Any NFC compatible phone Android or iPhone, when you tap, it will instantly bring up the experience within your default phone browser so there is no need for any apps.
Can you implement this into NFTS? For instance, say you want to pair a physical object with a digital NFT. In order to do that you could scan the tag that is paired with the physical object and when you do, you can verify ownership of that nft. Is this technology capable of doing that?
Yes Benjamin, absolutely! Instead of using an item serial number to identify each individual object, you can edit the data model to include an NFT Token ID attribute and ownership information so post authentication with the tags dynamically generated parameters, it also displays the NFT ownership information. We also have tools in the platform to build custom APIs with Node Red or logic which can be used to run a check on the NFT ownership before sending back the authenticated or failed message back to the web page that comes up. We have some users today using the platform to setup NFT digital to physical use cases and are working on releasing a pre-configured setup package for specifically this use case with NFTs in the coming weeks.
@sukesh Yes it works very much like OTP. Every time the tag is tapped a new one is generated by the tag itself and sent to the system within the URL encrypted to check. If the same picc_data string is used a second time it doesn't work because it has already expired so the only way it will work is to tap again and get a new picc_data key. A lot like OTP.
Hi guys, I did read in one of these comments that u guys were working on a pre configured setup package for NFT authentication. do you have news about it? I would like to be able to scan the tag and associate the NFT to my physical product as authentication method. Does the NFT have to be pre-minted to be used with your tags?
Hi @PhotoSlash, yes since then we have rolled out NFT authentication and been supporting a number of NFC + NFT use cases. The NFC authentication is used to authenticate the physical item and it's authenticity while the NFT authentication essentially connects to the users wallet and verifies if they have the token paired with physical item to prove ownership & custody. Based on these checks you can lock / unlock certain experiences and functionality. Definitely check out our video on this channel titled "Tokenization of Physical Products & Creating Physical NFTs with Unclonable NFC Tags Using Qliktag" for more on this. As of today, yes the NFT would have to be pre-minted outside the platform before the contract address & token ID are paired with the physical item within the platform. However, we're working with popular blockchain companies to enable automatically mint NFTs for each item within the platform and gas-less minting so the gas fees would only be chargeable during sale / minting much like it works on OpenSea.
@@qliktag that would be perfect for my team, do you guys have an estimate for when this feature will be available? like can someone purchase your chips in the meanwhile and be able to set them up in the future for the nft minting?
@@qliktag as a temporary workaround couldn't be possible for the seller to set a button for each product that redirects to the website minting page of the correlated NFT? so that the customer can proceed with the minting via metamask and own the NFT
@@PhotoSlash This is already available on the platform and in use now. We have NFC Tag Starter Kits available for order through our website which you can order and test out with a free account we can help you setup and pilot your use case. If everything works and you're happy to scale, you can then order a batch of custom tags with your logo & specs to scale.
Hey great video! I'm following the steps in the video but I'm not sure how to encode the url links into the NXP 424 chip. Any help would be appreciated
@@ehabfaidallah-fg1zf If you can reach out to us at info [at] qliktag.com with information on what you're looking to do, perhaps we can help. We now have our own type-4 NFC encoding device and software for NTAG 424 DNA tags available as part of the Qliktag Test Kit through our website. However, it's specifically for users of our platform. If you're encoding tags with your own authentication servers / backend, then we would suggest having a look at NXP TagWriter or NXP TagXplorer software.
When I scan the wine bottle for the first time as a counterfeiter, a unique and legitimate picc data/cmac is generated, and this data is included in the URI. However with no internet connection, request is never sent to the qliktag server. Is it then possible for a counterfeiter to extract the complete URI (with picc data/cmac), write to a different NFC tag, and successfully authenticate with internet connection? Assumption, the original wine bottle has not been scanned the second time.
Rakesh this is a good question. There is mechanism in place to counter this possibility. The tag itself maintains a counter and the count of how many times it has been tapped is also encrypted within the data sent to the system to validate. Let's say the tag is tapped for the first time and it generates a legitimate url with picc data and cmac which opens in the browser. Even if you refresh that URL in the browser without tapping the tag, it will fail authentication because it was previously generated and authenticated. So if the same URL and combination of picc data / cmac is copied into other NFC tags, it would fail. Now lets the scenario you mentioned where the counterfeiter gets the URL with picc data / cmac with no internet connection and the URL is copied to another tag. Part of this encrypted other than picc data and cmac sent to the server is the UID of that specific tag which is also registered within the Qliktag Platform. If another tag is purchased, the UID would be different (also not registered in the platform) so while the picc data and cmac may match, this UID won't and it would still fail authentication. This way, even if a counterfeiter purchases the exact NTAG 424 DNA Tags and copies everything exactly from the original tag, it won't work because the permanent UID of the counterfeiters tags are not registered within the system against the serial number of that specific item within the platform.
@@qliktag Thanks for the response. Could you please clarify how qliktag platform receives or confirms the tag UID(NFC) to unique wine bottle serial number mapping when consumer taps the nfc? I understand this mapping data is available in Qliktag platform to validate
@@srmrakes Thank you. Yes, a data record and URL is created for every bottle with the serial number being assigned to each. These URLs are then encoded into the NFC tags and applied to the bottles. In a production scenario, once the bottles have the tags applied, they could move on a conveyor belt and have an NFC reader / writer device placed on the line which will read the tag, identify the serial number, parse the UID of the tag and then write it to the Qliktag Platform using the APIs. A second NFC reader can be added later in the line to read the tag a second time to test the tag once the UID is registered. Until the UID is read and registered, the authentication will still fail. Once the UID has been added to the record, the bottle is good to go and will validate.
@@qliktag Thanks for the clarification on the production process in capturing the mapping. When the consumer taps the NFC, URI is read by the smartphone/reader and is merely a text. As long as this URI doesn't reach the qliktag platform, it is a valid one. However, if this text is combined with tag UID - counterfeit is not possible. How is Tag UID validated when consumer scans the nfc? Please clarify.
@@srmrakes The NTAG 424 series of tags is a Type4 NFC tag different from other ordinary tags in the sense it doesn't simply encode a URL as text. Part of the URL which is encoded is text and then there are additional parameters at the end like picc_data = followed by a series of placeholders and dynamically filled in on the tap. When the tag is tapped, the placeholders inside that URL are replaced by the picc data, cmac and UID which are all encrypted and then added to the URL. When tapped with any phone, this will always open within a browser on the phone and the URL will send the request back to the platform to validate because it is a platform URL. Only when the system receives the request, it will decrypt and compare the UID sent in the request against what is in the system and validate it. The page that comes up on the phone will wait to receive a validation from the system. If there is no internet and the tag is tapped, that page will not display the authenticated message because it hasn't received a result back from the system.
Are these tags only registered once purchased? If someone had these tags in store on a product, is there a way to make it so they aren’t active until purchased individually? Or are they all active once in the store owners possession?
Yes, ordinarily, the tags are encoded with the URLs and the the tag IDs are then registered in the software against each item to activate them after they are purchased. Then usually, they are sent to the stores so anyone can pick up the product and authenticate them to see if they are genuine or not. It is possible to make it so that the tags are activated only after the item is purchased however, that involves some custom work and having the POS systems in the store scan and activate the item post purchase which is usually complicated because more people need to be trained and involved. We do have gating of content and experiences by ownership authentication though as a feature. That way, when an item is purchased a paired NFT can be transferred to their wallet first as a token of ownership (or claimed after purchase) and when they tap the NFC tag, it will verify they have the ownership token and only unlock gated content and experiences to the owner of the item. You will find other videos on our channel with that feature.
@@qliktagthanks for the detailed answer.
Fantastic video. Can I use the NTAG 424 DNA tags to authenticate users on my own website using the Qliktag platform via an API?
Thanks Bryan. The service that receives information from the NTAG 424 DNA tags and then authenticates it is built into the Qliktag Platform so if you subscribe for an account on the platform it can be used with a subdomain. The "Enterprise Plan" subscription level allows for custom domains so your pages will display your website domain. The platform APIs are very extensive and will allow you to integrate with apps and send or receive information on the platform via an app.
Hello, is it possible to detect and launch in the navigator the URL of the NFC Tag with an iPhone (iOS) without an other app ? I see you use and Android in the video.
Yes using our platform & 424DNA tags, the end user doesn't need to download any app for Android or for iPhone. Any NFC compatible phone Android or iPhone, when you tap, it will instantly bring up the experience within your default phone browser so there is no need for any apps.
Can you implement this into NFTS? For instance, say you want to pair a physical object with a digital NFT. In order to do that you could scan the tag that is paired with the physical object and when you do, you can verify ownership of that nft. Is this technology capable of doing that?
Yes Benjamin, absolutely! Instead of using an item serial number to identify each individual object, you can edit the data model to include an NFT Token ID attribute and ownership information so post authentication with the tags dynamically generated parameters, it also displays the NFT ownership information. We also have tools in the platform to build custom APIs with Node Red or logic which can be used to run a check on the NFT ownership before sending back the authenticated or failed message back to the web page that comes up. We have some users today using the platform to setup NFT digital to physical use cases and are working on releasing a pre-configured setup package for specifically this use case with NFTs in the coming weeks.
Hi does the picc_data work as OTP? if yes, does it have lifespan? how is the lifespan determined? is it encoded in the URI?
@sukesh Yes it works very much like OTP. Every time the tag is tapped a new one is generated by the tag itself and sent to the system within the URL encrypted to check. If the same picc_data string is used a second time it doesn't work because it has already expired so the only way it will work is to tap again and get a new picc_data key. A lot like OTP.
Hi guys, I did read in one of these comments that u guys were working on a pre configured setup package for NFT authentication. do you have news about it? I would like to be able to scan the tag and associate the NFT to my physical product as authentication method. Does the NFT have to be pre-minted to be used with your tags?
Hi @PhotoSlash, yes since then we have rolled out NFT authentication and been supporting a number of NFC + NFT use cases. The NFC authentication is used to authenticate the physical item and it's authenticity while the NFT authentication essentially connects to the users wallet and verifies if they have the token paired with physical item to prove ownership & custody. Based on these checks you can lock / unlock certain experiences and functionality. Definitely check out our video on this channel titled "Tokenization of Physical Products & Creating Physical NFTs with Unclonable NFC Tags Using Qliktag" for more on this. As of today, yes the NFT would have to be pre-minted outside the platform before the contract address & token ID are paired with the physical item within the platform. However, we're working with popular blockchain companies to enable automatically mint NFTs for each item within the platform and gas-less minting so the gas fees would only be chargeable during sale / minting much like it works on OpenSea.
@@qliktag that would be perfect for my team, do you guys have an estimate for when this feature will be available? like can someone purchase your chips in the meanwhile and be able to set them up in the future for the nft minting?
@@qliktag as a temporary workaround couldn't be possible for the seller to set a button for each product that redirects to the website minting page of the correlated NFT? so that the customer can proceed with the minting via metamask and own the NFT
@@PhotoSlash This is already available on the platform and in use now. We have NFC Tag Starter Kits available for order through our website which you can order and test out with a free account we can help you setup and pilot your use case. If everything works and you're happy to scale, you can then order a batch of custom tags with your logo & specs to scale.
Hey great video! I'm following the steps in the video but I'm not sure how to encode the url links into the NXP 424 chip. Any help would be appreciated
Hi Aidan thanks for reaching out. We'll send you detailed documentation on encoding the tags right away.
@@qliktag kindly i need the same file
@@ehabfaidallah-fg1zf If you can reach out to us at info [at] qliktag.com with information on what you're looking to do, perhaps we can help. We now have our own type-4 NFC encoding device and software for NTAG 424 DNA tags available as part of the Qliktag Test Kit through our website. However, it's specifically for users of our platform. If you're encoding tags with your own authentication servers / backend, then we would suggest having a look at NXP TagWriter or NXP TagXplorer software.
When I scan the wine bottle for the first time as a counterfeiter, a unique and legitimate picc data/cmac is generated, and this data is included in the URI. However with no internet connection, request is never sent to the qliktag server. Is it then possible for a counterfeiter to extract the complete URI (with picc data/cmac), write to a different NFC tag, and successfully authenticate with internet connection? Assumption, the original wine bottle has not been scanned the second time.
Rakesh this is a good question. There is mechanism in place to counter this possibility. The tag itself maintains a counter and the count of how many times it has been tapped is also encrypted within the data sent to the system to validate. Let's say the tag is tapped for the first time and it generates a legitimate url with picc data and cmac which opens in the browser. Even if you refresh that URL in the browser without tapping the tag, it will fail authentication because it was previously generated and authenticated. So if the same URL and combination of picc data / cmac is copied into other NFC tags, it would fail. Now lets the scenario you mentioned where the counterfeiter gets the URL with picc data / cmac with no internet connection and the URL is copied to another tag. Part of this encrypted other than picc data and cmac sent to the server is the UID of that specific tag which is also registered within the Qliktag Platform. If another tag is purchased, the UID would be different (also not registered in the platform) so while the picc data and cmac may match, this UID won't and it would still fail authentication. This way, even if a counterfeiter purchases the exact NTAG 424 DNA Tags and copies everything exactly from the original tag, it won't work because the permanent UID of the counterfeiters tags are not registered within the system against the serial number of that specific item within the platform.
@@qliktag Thanks for the response. Could you please clarify how qliktag platform receives or confirms the tag UID(NFC) to unique wine bottle serial number mapping when consumer taps the nfc? I understand this mapping data is available in Qliktag platform to validate
@@srmrakes Thank you. Yes, a data record and URL is created for every bottle with the serial number being assigned to each. These URLs are then encoded into the NFC tags and applied to the bottles. In a production scenario, once the bottles have the tags applied, they could move on a conveyor belt and have an NFC reader / writer device placed on the line which will read the tag, identify the serial number, parse the UID of the tag and then write it to the Qliktag Platform using the APIs. A second NFC reader can be added later in the line to read the tag a second time to test the tag once the UID is registered. Until the UID is read and registered, the authentication will still fail. Once the UID has been added to the record, the bottle is good to go and will validate.
@@qliktag Thanks for the clarification on the production process in capturing the mapping. When the consumer taps the NFC, URI is read by the smartphone/reader and is merely a text. As long as this URI doesn't reach the qliktag platform, it is a valid one. However, if this text is combined with tag UID - counterfeit is not possible. How is Tag UID validated when consumer scans the nfc? Please clarify.
@@srmrakes The NTAG 424 series of tags is a Type4 NFC tag different from other ordinary tags in the sense it doesn't simply encode a URL as text. Part of the URL which is encoded is text and then there are additional parameters at the end like picc_data = followed by a series of placeholders and dynamically filled in on the tap. When the tag is tapped, the placeholders inside that URL are replaced by the picc data, cmac and UID which are all encrypted and then added to the URL. When tapped with any phone, this will always open within a browser on the phone and the URL will send the request back to the platform to validate because it is a platform URL. Only when the system receives the request, it will decrypt and compare the UID sent in the request against what is in the system and validate it. The page that comes up on the phone will wait to receive a validation from the system. If there is no internet and the tag is tapped, that page will not display the authenticated message because it hasn't received a result back from the system.