If you’ve been researching NTAG424 DNA for product authentication or anti-counterfeit applications, you’ve probably come across the term:
SUN Authentication
But what exactly is SUN Authentication?
Is it different from Secure Dynamic Messaging (SDM)?
How does it work?
And why are luxury brands, cosmetics companies, wine producers, and pharmaceutical manufacturers adopting it?
This guide explains SUN Authentication in simple terms and also covers the technical concepts that developers and system integrators need to understand.
What Does SUN Mean?
SUN stands for:
Secure Unique NFC
It is a technology developed by NXP that allows an NFC tag to generate a unique and cryptographically secure authentication message every time it is scanned.
SUN Authentication is the foundation of NTAG424 DNA’s anti-counterfeit capabilities.
Its purpose is to answer one critical question:
Is this product genuine?
Why Was SUN Authentication Developed?
Traditional NFC tags usually contain static data:
https://brand.com/product123
Every scan returns the same information.
This creates a serious security problem.
Read NFC tag
↓
Copy URL
↓
Write to another NFC tag
↓
Counterfeit product created
Similarly, QR codes can simply be photographed and printed onto fake products.
Brands needed a solution that:
- Works with smartphones
- Requires no app
- Is extremely difficult to clone
- Provides real-time authentication
This led to the development of SUN Authentication.
The Core Idea Behind SUN Authentication
Instead of storing a fixed URL, the NFC chip generates a unique authentication message every time it is tapped.
Example:
Tap #1
https://brand.com/auth?e=A1B2&c=X123
Tap #2
https://brand.com/auth?e=C3D4&c=Y456
Tap #3
https://brand.com/auth?e=E5F6&c=Z789
Every authentication request is different.
A copied URL becomes useless.
Is SUN Authentication the Same as SDM?
This is one of the most common questions.
The short answer:
No, but they are closely related.
Understanding the Relationship
Secure Dynamic Messaging (SDM)
SDM is the mechanism that creates:
- Dynamic URLs
- Encrypted data
- Dynamic authentication messages
SUN Authentication
SUN is the authentication concept that uses SDM to prove that the product is genuine.
You can think of it this way:
SDM = Technology
SUN = Authentication Solution
Or:
SDM generates secure data
SUN uses that data for authentication
How SUN Authentication Works
The authentication process is remarkably simple for the end user.
Tap NFC tag
↓
NTAG424 DNA generates dynamic data
↓
Browser opens URL
↓
Backend verifies authenticity
↓
Display authentication result
The process usually takes less than one second.
What Happens Inside the Chip?
When the smartphone reads the NTAG424 DNA tag, the chip dynamically generates:
- Encrypted PICC Data
- Dynamic CMAC
- Dynamic URL
The generated data is unique for every scan.
Typical SUN Authentication URL
Example:
https://brand.com/auth?e=xxxxx&c=yyyyy
Where:
| Parameter | Description |
|---|---|
| e | Encrypted PICC Data |
| c | CMAC Authentication Signature |
What Is Encrypted PICC Data?
PICC stands for:
Proximity Integrated Circuit Card
The encrypted data may contain:
- UID
- Read counter
- Tag information
This information is encrypted using:
AES-128 Encryption
What Is CMAC?
CMAC stands for:
Cipher-based Message Authentication Code
Think of CMAC as a digital signature.
It proves:
- The data came from the genuine NFC chip.
- The data has not been modified.
- The authentication request is legitimate.
Why SUN Authentication Is Difficult to Clone
Counterfeiters face several major obstacles.
Problem 1: Secret AES Keys
The secret authentication keys never leave the server.
Without the keys, counterfeiters cannot:
- Generate encrypted data
- Generate valid CMAC signatures
- Produce valid future authentication messages
Problem 2: Dynamic Read Counter
Every scan increments an internal counter.
Example:
Scan #1 → Counter 1
Scan #2 → Counter 2
Scan #3 → Counter 3
This prevents replay attacks.
Problem 3: Dynamic URLs
Every scan creates a different URL.
Copying yesterday’s URL is useless.
SUN Authentication Workflow
Consumer taps product
↓
Dynamic URL generated
↓
Authentication server receives data
↓
Server decrypts data
↓
Server verifies CMAC
↓
Authentication result displayed
Backend Authentication Process
The server performs several tasks.
Step 1
Receive:
e=xxxxx
c=yyyyy
Step 2
Decrypt:
- UID
- Read counter
Step 3
Recalculate CMAC.
Step 4
Determine:
Genuine
or
Suspicious
or
Counterfeit
What Can Brands Display After Authentication?
The authentication page may include:
- Genuine product confirmation
- Product images
- Manufacturing information
- Batch number
- Warranty registration
- User manuals
- Ownership registration
- Sustainability information
- Loyalty programs
SUN Authentication is therefore both a security and customer engagement platform.
Why SUN Authentication Is Better Than QR Codes
| Feature | QR Code | SUN Authentication |
|---|---|---|
| Dynamic Data | No | Yes |
| AES Encryption | No | Yes |
| Anti-Cloning | Poor | Excellent |
| Replay Protection | No | Yes |
| Hidden Integration | No | Yes |
| Smartphone Experience | Good | Excellent |
| Product Intelligence | Limited | Excellent |
Industries Using SUN Authentication
Luxury Goods
- Handbags
- Watches
- Jewelry
Cosmetics
- Perfumes
- Premium skincare
Wine and Spirits
- Wine bottles
- Limited editions
Pharmaceuticals
- Specialty medicines
- Medical devices
Electronics
- Warranty authentication
- Product verification
Collectibles and Artwork
- Certificates of authenticity
- Provenance tracking
Recommended NTAG424 DNA Products
Product Recommendations by Industry
Luxury Goods
Recommended:
- NTAG424 DNA Hang Tags
- Authentication Cards
Cosmetics
Recommended:
- NTAG424 DNA Tamper-Evident Labels
- Security Seals
Wine and Spirits
Recommended:
- NFC Wine Labels
- Bottle Neck Tags
Pharmaceuticals
Recommended:
- Security Labels
- Authentication Seals
Electronics
Recommended:
- Warranty Labels
- Authentication Stickers
Frequently Asked Questions
Does SUN Authentication require an app?
No.
Authentication can happen directly in the smartphone browser.
Does every scan generate a different URL?
Yes.
This is one of the core principles of SUN Authentication.
Is SUN Authentication available on NTAG213 or NTAG216?
No.
These chips do not support Secure Dynamic Messaging.
Is SUN Authentication the same as SDM?
Not exactly.
- SDM is the secure messaging technology.
- SUN is the authentication solution built on top of SDM.
Can SUN Authentication eliminate counterfeiting?
No technology can completely eliminate counterfeiting.
However, SUN Authentication dramatically increases the difficulty and cost of producing convincing counterfeit products.
Final Thoughts
SUN Authentication is one of the most important innovations in NFC-based product authentication.
It combines:
✅ AES-128 encryption
✅ Dynamic URLs
✅ Dynamic authentication messages
✅ Anti-replay protection
✅ Smartphone compatibility
✅ No-app authentication
✅ Rich consumer engagement opportunities
Simply put:
SUN Authentication allows a product to prove that it is genuine every time it is tapped.
This is why NTAG424 DNA with SUN Authentication has become the preferred NFC technology for luxury goods, cosmetics, wine, pharmaceuticals, electronics, and Digital Product Passport solutions worldwide.

Do RFID is a leading China-based manufacturer with over 15 years of experience. We specialize in customized RFID readers, tags, and cards, delivering high-quality, tailored solutions that meet your unique business needs and drive seamless, efficient identification.