What is SUN Authentication? NTAG424 DNA Explained

If you’ve been researching NTAG424 DNA for product authentication or anti-counterfeit applications, you’ve probably come across the term:

SUN Authentication

But what exactly is SUN Authentication?

Is it different from Secure Dynamic Messaging (SDM)?

How does it work?

And why are luxury brands, cosmetics companies, wine producers, and pharmaceutical manufacturers adopting it?

This guide explains SUN Authentication in simple terms and also covers the technical concepts that developers and system integrators need to understand.


What Does SUN Mean?

SUN stands for:

Secure Unique NFC

It is a technology developed by NXP that allows an NFC tag to generate a unique and cryptographically secure authentication message every time it is scanned.

SUN Authentication is the foundation of NTAG424 DNA’s anti-counterfeit capabilities.

Its purpose is to answer one critical question:

Is this product genuine?


Why Was SUN Authentication Developed?

Traditional NFC tags usually contain static data:

https://brand.com/product123

Every scan returns the same information.

This creates a serious security problem.

Read NFC tag
      ↓
Copy URL
      ↓
Write to another NFC tag
      ↓
Counterfeit product created

Similarly, QR codes can simply be photographed and printed onto fake products.

Brands needed a solution that:

  • Works with smartphones
  • Requires no app
  • Is extremely difficult to clone
  • Provides real-time authentication

This led to the development of SUN Authentication.


The Core Idea Behind SUN Authentication

Instead of storing a fixed URL, the NFC chip generates a unique authentication message every time it is tapped.

Example:

Tap #1
https://brand.com/auth?e=A1B2&c=X123

Tap #2
https://brand.com/auth?e=C3D4&c=Y456

Tap #3
https://brand.com/auth?e=E5F6&c=Z789

Every authentication request is different.

A copied URL becomes useless.


Is SUN Authentication the Same as SDM?

This is one of the most common questions.

The short answer:

No, but they are closely related.


Understanding the Relationship

Secure Dynamic Messaging (SDM)

SDM is the mechanism that creates:

  • Dynamic URLs
  • Encrypted data
  • Dynamic authentication messages

SUN Authentication

SUN is the authentication concept that uses SDM to prove that the product is genuine.

You can think of it this way:

SDM = Technology
SUN = Authentication Solution

Or:

SDM generates secure data
SUN uses that data for authentication

How SUN Authentication Works

The authentication process is remarkably simple for the end user.

Tap NFC tag
      ↓
NTAG424 DNA generates dynamic data
      ↓
Browser opens URL
      ↓
Backend verifies authenticity
      ↓
Display authentication result

The process usually takes less than one second.


What Happens Inside the Chip?

When the smartphone reads the NTAG424 DNA tag, the chip dynamically generates:

  • Encrypted PICC Data
  • Dynamic CMAC
  • Dynamic URL

The generated data is unique for every scan.


Typical SUN Authentication URL

Example:

https://brand.com/auth?e=xxxxx&c=yyyyy

Where:

ParameterDescription
eEncrypted PICC Data
cCMAC Authentication Signature

What Is Encrypted PICC Data?

PICC stands for:

Proximity Integrated Circuit Card

The encrypted data may contain:

  • UID
  • Read counter
  • Tag information

This information is encrypted using:

AES-128 Encryption

What Is CMAC?

CMAC stands for:

Cipher-based Message Authentication Code

Think of CMAC as a digital signature.

It proves:

  • The data came from the genuine NFC chip.
  • The data has not been modified.
  • The authentication request is legitimate.

Why SUN Authentication Is Difficult to Clone

Counterfeiters face several major obstacles.


Problem 1: Secret AES Keys

The secret authentication keys never leave the server.

Without the keys, counterfeiters cannot:

  • Generate encrypted data
  • Generate valid CMAC signatures
  • Produce valid future authentication messages

Problem 2: Dynamic Read Counter

Every scan increments an internal counter.

Example:

Scan #1 → Counter 1
Scan #2 → Counter 2
Scan #3 → Counter 3

This prevents replay attacks.


Problem 3: Dynamic URLs

Every scan creates a different URL.

Copying yesterday’s URL is useless.


SUN Authentication Workflow

Consumer taps product
          ↓
Dynamic URL generated
          ↓
Authentication server receives data
          ↓
Server decrypts data
          ↓
Server verifies CMAC
          ↓
Authentication result displayed

Backend Authentication Process

The server performs several tasks.

Step 1

Receive:

e=xxxxx
c=yyyyy

Step 2

Decrypt:

  • UID
  • Read counter

Step 3

Recalculate CMAC.


Step 4

Determine:

Genuine
or
Suspicious
or
Counterfeit

What Can Brands Display After Authentication?

The authentication page may include:

  • Genuine product confirmation
  • Product images
  • Manufacturing information
  • Batch number
  • Warranty registration
  • User manuals
  • Ownership registration
  • Sustainability information
  • Loyalty programs

SUN Authentication is therefore both a security and customer engagement platform.


Why SUN Authentication Is Better Than QR Codes

FeatureQR CodeSUN Authentication
Dynamic DataNoYes
AES EncryptionNoYes
Anti-CloningPoorExcellent
Replay ProtectionNoYes
Hidden IntegrationNoYes
Smartphone ExperienceGoodExcellent
Product IntelligenceLimitedExcellent

Industries Using SUN Authentication

Luxury Goods

  • Handbags
  • Watches
  • Jewelry

Cosmetics

  • Perfumes
  • Premium skincare

Wine and Spirits

  • Wine bottles
  • Limited editions

Pharmaceuticals

  • Specialty medicines
  • Medical devices

Electronics

  • Warranty authentication
  • Product verification

Collectibles and Artwork

  • Certificates of authenticity
  • Provenance tracking

Recommended NTAG424 DNA Products


Product Recommendations by Industry

Luxury Goods

Recommended:

  • NTAG424 DNA Hang Tags
  • Authentication Cards

Cosmetics

Recommended:

  • NTAG424 DNA Tamper-Evident Labels
  • Security Seals

Wine and Spirits

Recommended:

  • NFC Wine Labels
  • Bottle Neck Tags

Pharmaceuticals

Recommended:

  • Security Labels
  • Authentication Seals

Electronics

Recommended:

  • Warranty Labels
  • Authentication Stickers

Frequently Asked Questions

Does SUN Authentication require an app?

No.

Authentication can happen directly in the smartphone browser.


Does every scan generate a different URL?

Yes.

This is one of the core principles of SUN Authentication.


Is SUN Authentication available on NTAG213 or NTAG216?

No.

These chips do not support Secure Dynamic Messaging.


Is SUN Authentication the same as SDM?

Not exactly.

  • SDM is the secure messaging technology.
  • SUN is the authentication solution built on top of SDM.

Can SUN Authentication eliminate counterfeiting?

No technology can completely eliminate counterfeiting.

However, SUN Authentication dramatically increases the difficulty and cost of producing convincing counterfeit products.


Final Thoughts

SUN Authentication is one of the most important innovations in NFC-based product authentication.

It combines:

✅ AES-128 encryption

✅ Dynamic URLs

✅ Dynamic authentication messages

✅ Anti-replay protection

✅ Smartphone compatibility

✅ No-app authentication

✅ Rich consumer engagement opportunities

Simply put:

SUN Authentication allows a product to prove that it is genuine every time it is tapped.

This is why NTAG424 DNA with SUN Authentication has become the preferred NFC technology for luxury goods, cosmetics, wine, pharmaceuticals, electronics, and Digital Product Passport solutions worldwide.