Hardware Specifications

At Tokentagged, we prioritize maximum security for physical crypto assets. Unlike standard NFC stickers that often act as simple storage, are easy to copy, and provide no protection against counterfeiting, we utilize a fully-fledged security microcontroller for our Swap Cards and high-end Tokentags: the NXP SmartMX3 P71D321.

This chip belongs to the same hardware family trusted globally for electronic passports (eGovernment) and secure payment cards (EMV).

Security Note

By utilizing the P71D321 Secure Element, we enforce true self-custody. The private key is generated within the chip's isolated environment and never leaves it. This architecture ensures that even we as the manufacturer have technically no way to access or copy your private key.

Chip Architecture

The NXP P71D321 is built on the proven SmartMX3 platform and boasts CC EAL 6+ certification. It performs cryptographic operations (such as signing Ethereum transactions) directly on the hardware, completely isolated from the smartphone's operating system.

Technical Specifications

Feature	Specification	Relevance for Tokentagged
Chip Type	NXP SmartMX3 P71D321	High-security microcontroller.
Certification	CC EAL 6+ (PP-0084)	Highest security level (Banking Grade).
Operating System	JCOP 4 (Java Card OS)	Flexibility for Crypto Applets (ETH/NFTs).
Cryptography	ECC, RSA (up to 4096 bit), AES	Native support for blockchain signatures.
Interface	ISO/IEC 14443 (NFC)	Contactless "Tapping" with smartphones.
Memory	344 KB Flash	Sufficient storage for keys and certificates.
Architecture	IntegralSecurity 3.0	Advanced protection against physical attacks.

Security Mechanisms (IntegralSecurity 3.0)

The chip features hardware-based countermeasures against both physical and digital attacks. This is essential for our Crypto Swap-Cards and Tokentags, as they function as "Bearer Instruments" similar to cash.

Transaction Process (Signing)

Since the private key never leaves the chip, the smartphone (Web App) must send an unsigned transaction to the chip. The chip calculates the hash, signs it internally, and returns only the digital signature.

Keccak256 on-Card

Unlike other card-form-factor hardware wallets, our products perform the Keccak256 hash calculation on the chip itself. This method enables new approaches and features such as the swappable wallet or Tokentags that can hold the NFT themselves and enable a bundled physical handover. The technology is described in Nonce Control.

Applet Architecture

The NXP P71D321 runs on the JCOP 4 (Java Card Open Platform) operating system. To enable seamless interaction across different smartphones (iOS & Android) and browsers, Tokentagged deploys a suite of three specialized applets. Each applet serves a distinct interface role while maintaining the highest security standards.

1. The Tokentagged Applet (Core)

AID: A00000092101

This is the "brain" of the chip. It is the only applet with access to the secure memory regions where private keys are generated and stored. All cryptographic operations are executed here.

Key Management: Handles on-chip key generation (secp256k1) and storage.
Cryptography: Performs the native Keccak256 hashing and ECDSA signing.
Logic Enforcement: Manages the "Write-Once" locking mechanism for linking Tokentags to specific Smart Contracts.
Attestation: Stores and provides the Manufacturer and Card Attestation signatures to prove hardware authenticity.

2. NDEF Applet (Interface)

AID: D2760000850101

The NDEF (NFC Data Exchange Format) applet ensures the card is recognized by any standard NFC reader. It acts as the primary communication bridge for Android devices.

URL Redirection: Stores the specific web link (e.g., tokentagged.com/tag/...) that opens automatically when the tag is tapped.
Browser-Based Signing: acts as an interface for Chrome on Android to pass transaction data to the Core Applet and retrieve signatures via NDEF records.

3. U2F Applet (Compatibility)

AID: A0000006472F0001

To ensure broad compatibility, especially with iOS devices, we utilize the FIDO U2F (Universal 2nd Factor) standard. Since Apple restricts direct NFC access for web apps, we tunnel our cryptographic requests through the browser's WebAuthn API.

Cross-Platform Signing: Enables signing of Ethereum transactions via the native FIDO2/WebAuthn protocols supported by Safari (iOS), Chrome, and Firefox.
Authentication: Uses standard challenge-response mechanisms to verify the card's authenticity without requiring a dedicated native app.

Product Application

Crypto Swap-Card

For the Swap Card, the P71D321 acts as a Cold Wallet. Since no app installation is required, the chip uses NDEF records to direct the smartphone scanner to the web interface. Security is based on the principle "Possession of the card = Ownership of assets".

Advantage: Hardware wallet security in a credit card format.
Limitation: As there is no seed phrase backup (the key exists only in the chip), assets are lost if the card is lost – just like cash.

Physical NFTs (Tokentags)

For high-value art objects, we use the P71D321 to create an unforgeable bridge to the blockchain.

The Token ID is derived from the chip's public key.
A smart contract inseparably links the digital NFT to this physical hardware ID.
The chip can cryptographically prove ("Challenge-Response") that it is the original tag.

Performance

Thanks to the high-performance architecture of the P71D321, cryptographic operations are executed extremely fast. This ensures a seamless user experience that feels almost instantaneous when tapping the card.

Chip Architecture​

Technical Specifications​

Security Mechanisms (IntegralSecurity 3.0)​

Transaction Process (Signing)​

Applet Architecture​

1. The Tokentagged Applet (Core)​

2. NDEF Applet (Interface)​

3. U2F Applet (Compatibility)​

Product Application​

Crypto Swap-Card​

Physical NFTs (Tokentags)​