Signed NFC Tags add authenticity and integrity protection to the contents of regular NFC tags (NDEF records).
This helps prevent malicious use of NFC tags. For example, if a large retailer deploys NFC tags for in-store advertising and promotions, traditional tags have no built-in security to prevent a hacker from deploying tags that look the same but launch a phishing attack, asking the users to login into a malicious web site.
Signed Tags can be used to perform initial security and integrity checks before performing an action. If the signature record is correctly verified, the action coud be immediately performed. If the tag contents are changed, signature verification will fail and the action can be delegated to the user for permission.
The Tag Format is backwards compatible with both existing readers and tag hardware. If a user taps a signed tag with a new reader, the tag signature is verified using a certificate chain and a trusted third party Certificate Authority (CA).
This site contains validation tools for the NFC Forum Signature RTD 2.0 specification. The root certificate is available allowing anyone to verify the NDEF signed records using their own implementations.
Questions and feedback are encouraged.