Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- Product forums
- ST25 NFC/RFID tags and readers
- ST25TV02KC (Type 5 NFC Tag) – Partial Read/Write A...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ST25TV02KC (Type 5 NFC Tag) – Partial Read/Write Access via Smartphone and Reader (ST25R3916B)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-06-24 6:46 AM
Hi everyone,
I'm working with the ST25TV02KC NFC tag (NFC Forum Type 5) and using the ST25R3916B as my custom reader (on a PCB). I’d like to be able to read from and write to the tag using my reader, but also allow partial access via smartphone (e.g. Android phone using NFC).
Here’s what I want to achieve:
Some fields should be read-only on the phone.
Some fields should be readable and writable.
Some data should be completely hidden from the phone but accessible to the ST25R3916B reader.
Example layout:
ReadOnly: Min_Value, Max_Value
ReadAndWrite: Calibration_Zero, Calibration_Span
My questions:
How can I configure the tag's memory to enforce this kind of access control?
Is it possible to hide certain memory areas entirely from a smartphone (but still access them from my own reader)?
Are there tools or example configurations (e.g. NDEF files, memory layout examples) for this?
Any advice, example code, or documentation links would be greatly appreciated!
Thanks in advance!
Solved! Go to Solution.
This discussion is locked. Please start a new topic to ask your question.
1 ACCEPTED SOLUTION
Accepted Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-06-30 1:02 AM
Hello Simon,
I understand you need three kinds of user memory access : read-only / readable and writable / hidden from a smartphone.
Here is a proposal to achieve such a memory layout using user memory protection features of the ST25TV02KC :
- dual area (AREA1/AREA2) configuration of the user memory (see section 4.2 of [1])
- read/write access globally granted on blocks of AREA1 (see section 5.1.4 of [1])
- read/write access globally password-protected on blocks of AREA2 (see section 5.1.4 of [1])
- write access individually locked on blocks of AREA1/AREA2 (see section 5.1.4 of [1]), this applies on top of the global access rights to AREA1/AREA2
Dual area configuration of the user memory
This is achieved by setting the END_A1 register (see Tables 12/13 of [1]) to the value of the desired sizes for AREA1/AREA2 (END_A1+1 blocks / END_MEM-END_A1 blocks respectively).
The procedure to set the value of END_A1 is the following :
- Make sure the CONFIG security session is open (see section 5.1.2 of [1])
- Issue a WriteConfig command (see section 6.4.17 of [1]) with FID=00h, PID=01h and selected END_A1 value
Note1 : the updated END_A1 value is effective at the next boot of the IC
Note2 : i presume you would use AREA1 for storage of CC and NDEF files, and AREA2 for storage of data to hide from a smartphone
Read/write access globally granted on blocks of AREA1
This is achieved by setting (or leaving) the RW_PROTECTION_A1 register (see Tables 10/11 of [1]) to its factory value 00h.
The procedure to set the value of RW_PROTECTION_A1 is the following :
- Make sure the CONFIG security session is open (see section 5.1.2 of [1])
- Issue a WriteConfig command (see section 6.4.17 of [1]) with FID=00h, PID=00h and selected RW_PROTECTION_A1 value
Read/write access globally password-protected on blocks of AREA2
This is achieved by setting the RW_PROTECTION_A2 register (see Tables 14/15 of [1]) to value 02h.
The procedure to set the value of RW_PROTECTION_A2 is the following :
- Make sure the CONFIG security session is open (see section 5.1.2 of [1])
- Issue a WriteConfig command (see section 6.4.17 of [1]) with FID=01h, PID=00h and selected RW_PROTECTION_A2 value
Write access individually locked on blocks of AREA1/AREA2
This is achieved with the LockBlock command (see section 6.4.5 of [1]) issued on selected block values.
Warning : the effect of this command is permanent and immediate : once LockBlock is issued on a block, its write access can not be restored
Using these mechanisms, you could obtain read-only / readable and writable / hidden from a smartphone partitions in such a way :
- readable and writable => blocks of AREA1 where LockBlock command was not issued
- read-only => blocks of AREA1 where LockBlock was issued
- hidden from a smartphone => blocks of AREA2
Access to AREA2 with the native NDEF application of a smartphone will fail thanks to the password protection.
Access to AREA2 from a dedicated application would require to open security session AREA2 (see section 5.1.2 of [1]) before issuing ReadSingleBlock/ReadMultipleBlocks/WriteSingleBlock commands.
I hope this helps implementing your application.
Best regards,
Thomas
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-06-30 1:02 AM
Hello Simon,
I understand you need three kinds of user memory access : read-only / readable and writable / hidden from a smartphone.
Here is a proposal to achieve such a memory layout using user memory protection features of the ST25TV02KC :
- dual area (AREA1/AREA2) configuration of the user memory (see section 4.2 of [1])
- read/write access globally granted on blocks of AREA1 (see section 5.1.4 of [1])
- read/write access globally password-protected on blocks of AREA2 (see section 5.1.4 of [1])
- write access individually locked on blocks of AREA1/AREA2 (see section 5.1.4 of [1]), this applies on top of the global access rights to AREA1/AREA2
Dual area configuration of the user memory
This is achieved by setting the END_A1 register (see Tables 12/13 of [1]) to the value of the desired sizes for AREA1/AREA2 (END_A1+1 blocks / END_MEM-END_A1 blocks respectively).
The procedure to set the value of END_A1 is the following :
- Make sure the CONFIG security session is open (see section 5.1.2 of [1])
- Issue a WriteConfig command (see section 6.4.17 of [1]) with FID=00h, PID=01h and selected END_A1 value
Note1 : the updated END_A1 value is effective at the next boot of the IC
Note2 : i presume you would use AREA1 for storage of CC and NDEF files, and AREA2 for storage of data to hide from a smartphone
Read/write access globally granted on blocks of AREA1
This is achieved by setting (or leaving) the RW_PROTECTION_A1 register (see Tables 10/11 of [1]) to its factory value 00h.
The procedure to set the value of RW_PROTECTION_A1 is the following :
- Make sure the CONFIG security session is open (see section 5.1.2 of [1])
- Issue a WriteConfig command (see section 6.4.17 of [1]) with FID=00h, PID=00h and selected RW_PROTECTION_A1 value
Read/write access globally password-protected on blocks of AREA2
This is achieved by setting the RW_PROTECTION_A2 register (see Tables 14/15 of [1]) to value 02h.
The procedure to set the value of RW_PROTECTION_A2 is the following :
- Make sure the CONFIG security session is open (see section 5.1.2 of [1])
- Issue a WriteConfig command (see section 6.4.17 of [1]) with FID=01h, PID=00h and selected RW_PROTECTION_A2 value
Write access individually locked on blocks of AREA1/AREA2
This is achieved with the LockBlock command (see section 6.4.5 of [1]) issued on selected block values.
Warning : the effect of this command is permanent and immediate : once LockBlock is issued on a block, its write access can not be restored
Using these mechanisms, you could obtain read-only / readable and writable / hidden from a smartphone partitions in such a way :
- readable and writable => blocks of AREA1 where LockBlock command was not issued
- read-only => blocks of AREA1 where LockBlock was issued
- hidden from a smartphone => blocks of AREA2
Access to AREA2 with the native NDEF application of a smartphone will fail thanks to the password protection.
Access to AREA2 from a dedicated application would require to open security session AREA2 (see section 5.1.2 of [1]) before issuing ReadSingleBlock/ReadMultipleBlocks/WriteSingleBlock commands.
I hope this helps implementing your application.
Best regards,
Thomas
Related Content
- ST25R3916B in tag mode - how to increase sensitivity? in ST25 NFC/RFID tags and readers
- Using ST25R3916B to detect two NFC-V (ST25TV02KC) tags simultaneously – only one UID is returned in ST25 NFC/RFID tags and readers
- Design & Match a Wire-Wound Antenna (Air Coil) for ST25TV02KC with ST25R3916B ? in ST25 NFC/RFID tags and readers
- Operate a Sensor with ADC over NFC using ST25DV64KC without Microcontroller? in ST25 NFC/RFID tags and readers
- Why does rfalST25xVPollerWritePassword() fail on ST25TV02KC? in ST25 NFC/RFID tags and readers