What is Secure Dynamic Messaging (SDM)? Complete Guide

As counterfeit products become increasingly sophisticated, brands need authentication technologies that are more secure than traditional QR codes, serial numbers, or standard NFC tags.

This is where Secure Dynamic Messaging (SDM) comes in.

SDM is one of the most important technologies behind NTAG424 DNA, enabling secure, smartphone-friendly authentication without requiring a dedicated mobile app.

Today, SDM is widely used for:

  • Product authentication
  • Anti-counterfeiting
  • Luxury goods protection
  • Digital Product Passports (DPP)
  • Wine and spirits authentication
  • Cosmetics verification
  • Pharmaceutical traceability
  • Certificates of authenticity

But what exactly is Secure Dynamic Messaging, and why is it considered such a breakthrough in NFC security?

This guide explains SDM in simple terms and also dives into the technical details for developers and system integrators.


What Is Secure Dynamic Messaging (SDM)?

Secure Dynamic Messaging (SDM) is a security feature introduced by NXP in NTAG424 DNA.

It allows the NFC chip to generate:

  • Dynamic encrypted data
  • Dynamic authentication URLs
  • Dynamic cryptographic signatures
  • Unique authentication messages

Every time the tag is scanned, the generated data is different.

This is the key reason why NTAG424 DNA is extremely difficult to clone.


The Problem with Traditional NFC Tags

A standard NFC tag usually contains:

https://brand.com/product123

Every tap returns the exact same URL.

This creates a serious security issue.

Read NFC tag
      ↓
Copy URL
      ↓
Program another tag
      ↓
Create counterfeit product

The cloned product appears authentic.


How SDM Solves This Problem

Instead of storing a static URL, SDM dynamically generates:

https://brand.com/auth?e=xxxxx&c=yyyyy

Every scan generates different encrypted values.

Example:

Tap #1 → URL A
Tap #2 → URL B
Tap #3 → URL C

The authentication URL changes continuously.

A copied URL becomes useless.


What Does “Dynamic” Mean?

Dynamic means:

The authentication data changes every time the tag is read.

Even though the physical NFC tag remains the same, the authentication message is always different.

This provides strong protection against:

  • Tag cloning
  • Replay attacks
  • URL sharing
  • Counterfeit products

What Does “Secure” Mean?

Secure means the dynamic data is protected using:

AES-128 Encryption

The encrypted information can only be understood by a server that possesses the correct secret keys.


What Does “Messaging” Mean?

Messaging refers to the information transmitted from the NFC chip to the backend authentication server.

This message contains encrypted information that allows the server to verify:

  • The tag is genuine
  • The message has not been modified
  • The authentication request is valid

Components of Secure Dynamic Messaging

An SDM URL typically looks like this:

https://brand.com/auth?e=xxxxx&c=yyyyy

Where:

ParameterDescription
eEncrypted PICC Data
cCMAC (Cryptographic Signature)

What Is Encrypted PICC Data?

Encrypted PICC Data may include:

  • Tag UID
  • Read counter
  • Tag information

This data is encrypted using AES-128.

Without the secret key, it cannot be decoded.


What Is CMAC?

CMAC stands for:

Cipher-based Message Authentication Code

CMAC acts like a digital signature.

It proves:

  • The message came from a genuine tag.
  • The message was not altered.
  • The authentication data is valid.

Why CMAC Is Important

Even if someone knows the URL format:

https://brand.com/auth?e=xxxxx&c=yyyyy

they still cannot generate a valid CMAC without the secret AES key.

This makes cloning extremely difficult.


How Secure Dynamic Messaging Works

The process is simple from the consumer’s perspective.

Tap product
      ↓
Dynamic encrypted URL generated
      ↓
Browser opens authentication page
      ↓
Backend verifies message
      ↓
Display authentication result

The entire process usually takes less than one second.


Detailed Authentication Process

Step 1 – User Taps the Product

The smartphone powers the NFC chip.

The chip generates:

  • Encrypted PICC Data
  • Dynamic CMAC
  • Dynamic URL

Step 2 – Browser Opens the URL

Example:

https://brand.com/auth?e=xxxxx&c=yyyyy

No app is required.

This is one of the biggest advantages of SDM.


Step 3 – Server Receives Authentication Data

The server receives:

e=xxxxx
c=yyyyy

The server also has:

  • AES keys
  • Product database
  • Authentication rules

Step 4 – Server Decrypts Data

The server decrypts:

  • UID
  • Read counter
  • Tag information

Step 5 – Server Verifies CMAC

If:

Calculated CMAC
       =
Received CMAC

Authentication succeeds.


Why SDM Is So Powerful

Dynamic Authentication

Every scan is unique.


Anti-Cloning Protection

Counterfeiters cannot simply copy the NFC data.


Anti-Replay Protection

Old URLs become invalid.


Smartphone Friendly

Works directly with:

  • Android
  • iPhone

No App Required

Authentication can occur entirely in the web browser.


How SDM Prevents Cloning

Traditional NFC Tag

Read data
      ↓
Copy data
      ↓
Clone tag

NTAG424 DNA with SDM

Read encrypted data
      ↓
Cannot generate valid future message
      ↓
Clone attempt fails

How SDM Prevents Replay Attacks

Every authentication contains a dynamic read counter.

Example:

Scan #1 → Counter 1
Scan #2 → Counter 2
Scan #3 → Counter 3

If someone tries to reuse:

Counter 1

after:

Counter 3

the server can detect suspicious activity.


Industries Using Secure Dynamic Messaging

Luxury Goods

  • Handbags
  • Watches
  • Jewelry

Cosmetics

  • Premium skincare
  • Perfumes

Wine and Spirits

  • Wine authentication
  • Limited editions

Pharmaceuticals

  • High-value medicines
  • Medical devices

Electronics

  • Warranty authentication
  • Product verification

Collectibles

  • Certificates of authenticity
  • Provenance tracking

SDM and Digital Product Passports (DPP)

Secure Dynamic Messaging is becoming increasingly important for:

  • Product traceability
  • Sustainability initiatives
  • Circular economy projects
  • Digital identities

Because every product can have:

Physical Product
         +
Secure Digital Identity

Recommended Products Using SDM


Best Product Formats

NTAG424 DNA Anti-Tamper Labels

Applications:

  • Cosmetics
  • Pharmaceuticals
  • Electronics

NTAG424 DNA Hang Tags

Applications:

  • Luxury fashion
  • Shoes
  • Accessories

NTAG424 DNA Wine Labels

Applications:

  • Wine
  • Spirits

NTAG424 DNA Authentication Cards

Applications:

  • Certificates of authenticity
  • Warranty cards

Frequently Asked Questions

Does SDM require a mobile app?

No.

Authentication can happen entirely in the browser.


Does every scan generate different data?

Yes.

This is the core concept of Secure Dynamic Messaging.


Can SDM be used with iPhone?

Yes.

Both Android and iPhone support NTAG424 DNA authentication.


Is SDM available on NTAG213 or NTAG216?

No.

Secure Dynamic Messaging is a feature of NTAG424 DNA and selected high-security NXP products.


Can SDM completely eliminate counterfeiting?

No technology can eliminate counterfeiting entirely.

However, SDM dramatically increases the difficulty and cost of creating convincing counterfeit products.


Final Thoughts

Secure Dynamic Messaging (SDM) is one of the most important innovations in NFC authentication technology.

It combines:

✅ AES-128 encryption

✅ Dynamic URLs

✅ Dynamic cryptographic signatures

✅ Anti-cloning protection

✅ Anti-replay protection

✅ Smartphone compatibility

✅ No-app consumer authentication

Instead of simply storing information like a normal NFC tag, SDM allows the NFC chip to prove its authenticity every time it is tapped.

This is why NTAG424 DNA with Secure Dynamic Messaging has become the preferred authentication technology for luxury brands, cosmetics companies, wine producers, pharmaceutical manufacturers, and businesses building Digital Product Passport solutions.

Suggested Internal Links

  • How NTAG424 DNA Dynamic URL Authentication Works
  • What is Secure Dynamic Messaging (SDM)? Complete Guide
  • NTAG424 DNA vs QR Code Authentication – Why NFC Wins
  • Best NFC Chip for Authentication – Complete Buying Guide
  • NFC Anti-Counterfeit Tags for Pharmaceuticals
  • NFC Wine Authentication Labels – Protect Premium Wines
  • NFC Authentication for Collectibles and Artwork
  • NTAG424 DNA Programming Guide – SDK, API & Tools