NXP Semiconductors
SL2S2602
ICODE SLIX2
SL2S2602 All information provided in this document is subject to legal disclaimers. © NXP B.V. 2017. All rights reserved.
Product data sheet Rev. 4.1 — 25 July 2017
COMPANY PUBLIC 276341 13 / 55
Bit 37 Bit 36 ICODE Type
0 1 ICODE SLIX2
1 1 RFU
9.2.2 Originality signature
ICODE SLIX2 features a cryptographically supported originality check. With this feature,
it is possible to verify with a high confidence that the tag is using an IC manufactured by
NXP Semiconductors. This check can be performed on personalized tags as well.
ICODE SLIX2 digital signature is based on standard Elliptic Curve Cryptography (curve
name secp128r1), according to the ECDSA algorithm. The use of a standard algorithm
and curve ensures easy software integration of the originality check procedure in NFC
devices without specific hardware requirements.
Each ICODE SLIX2 UID is signed with a NXP private key and the resulting 32-byte
signature is stored in a hidden part of the ICODE SLIX2 memory during IC production.
This signature can be retrieved using the READ_SIGNATURE command (refer to
Section 9.5.3.20 "READ SIGNATURE") and can be verified in the NFC device by using
the corresponding ECC public key provided by NXP. In case the NXP public key is stored
in the reader device, the complete signature verification procedure can be performed
offline.
To verify the signature (for example with the use of the public domain crypto library
OpenSSL) the tool domain parameters shall be set to secp128r1, defined within the
standards for elliptic curve cryptography SEC (Ref. 7).
9.2.3 Configuration of delivered ICs
ICODE SLIX2 ICs are delivered with the following configuration by NXP Semiconductors:
• Unique identifier is unique and read only
• Write access conditions allow change to user blocks, AFI, DSFID, EAS and passwords
(password protection disabled)
• All password bytes are 00h for the read and write protection password and the EAS/AFI
password
• All password bytes are 0Fh for the Privacy and Destroy passwords
• User data memory is not password protected
• Password protected Privacy Mode is disabled
• EAS and AFI password protection is disabled
• Status of EAS mode is not defined
• AFI is supported and not defined
• DSFID is supported and not defined
• User data memory is not defined
Remark: Because the EAS mode is undefined at delivery, the EAS mode shall be set
(enabled or disabled) according to your application requirements during the test or
initialization phase.
Remark: If password protection is not required, depending on the targeted application, it
is recommended to write random passwords during the label initialization.