# How TAGBASE Works

TAGBASE enables secure, app-free verification of physical products using tamper-proof NFC tags and a two-step verification process. This system combines encrypted NFC hardware, dynamic URLs, and real-time backend validation — all accessible through a mobile browser.

***

### Tap-to-Verify Flow

1. **Product with TAGBASE tag is tapped** using an NFC-enabled smartphone.
2. The NFC chip (NTAG 424 DNA) triggers a **dynamic, signed URL**.
3. The browser opens the URL and sends a **verification request** to the TAGBASE backend.
4. The backend checks:
   * Tag UID and cryptographic signature
   * Session and delta validation
   * Activation status and tag configuration
5. A **verification result** is returned (authentic or invalid), with optional redirect or content.

***

### Key Technologies Involved

| Component                 | Description                                                                               |
| ------------------------- | ----------------------------------------------------------------------------------------- |
| **NTAG 424 DNA**          | Tamper-resistant chip with AES-128 encryption, UID, and secure counters                   |
| **Secure URL Generation** | Each tap generates a unique URL with a cryptographic message authentication code (CMAC)   |
| **2-Step Verification**   | Ensures tap came from real hardware by checking state change between first and second tap |
| **Mobile Browser**        | No app needed — verification handled entirely via web                                     |
| **TAGBASE Backend**       | Stateless endpoint validation system with cryptographic replay protection                 |
| **Session Tracking**      | Tracks anonymous device sessions to enable delta checks and prevent replays               |

***

### Verification Timeline (Simplified)

```
[User Tap 1]  -->  [Secure URL]  -->  [Backend stores session data]

[User Tap 2]  -->  [Updated URL]  -->  [Backend compares deltas, returns result]
```

* First tap establishes a short-lived session.
* Second tap is required to complete full verification.
* This prevents cloned links from being used in isolation.

***

### Example User Experience

1. A customer picks up a product (e.g. luxury perfume).
2. They tap the TAGBASE NFC tag with their smartphone.
3. A browser window opens instantly — no app needed.
4. TAGBASE verifies the tag in real time.
5. Customer sees a success screen ("This product is authentic").
6. Optionally, the screen may also include:
   * Product origin
   * Ownership/minting status
   * Loyalty rewards or exclusive content

***

### Why This Approach Works

* **Dynamic verification:** Links expire, tags rotate, and results depend on state changes — not just static identifiers.
* **Hardware-tied logic:** Without access to the physical tag’s chip, a valid verification cannot be generated.
* **App-free design:** Simplifies adoption and ensures anyone can verify without friction.