Three steps to physical trust
A minimal path from manufacture or issuance to field verification. Designed to integrate with existing operations without requiring re-platforming or specialised hardware at the point of inspection.
Embed. Tap. Verify.
Embed
A provisioned NFC chip is embedded at the point of manufacture or document issuance. The chip is bound to the object's identity record in the TrueTap platform at this moment.
Tap
Any NFC-enabled device completes the tap. The device initiates a cryptographic challenge�response with the platform using the chip as the physical key holder.
Verify
The platform returns a deterministic result: authenticated, tampered, or unknown. The event is logged with a tamper-evident signature and delivered via API.
Each step, precisely
Chip provisioning and embedding
TrueTap provisions NFC chips prior to delivery. Each chip receives a unique cryptographic identity - a key pair generated within a hardware security module and bound to the chip's immutable serial identifier.
Embedding takes place at the point of manufacture (product packaging, label, or insert) or at the point of document issuance (inlay in card or booklet). The chip-to-object binding is registered in the TrueTap platform, creating the authoritative record for that identity.
The provisioning process does not require modification to the manufacturing or issuance line beyond chip delivery. Standard RFID embedding equipment is compatible.
The tap event
NFC verification is initiated when a device is brought into proximity with the embedded chip - typically within 4 cm. Any modern NFC-enabled smartphone (iOS 13+ or Android with NFC) can initiate verification without a dedicated app if using web NFC, or via the TrueTap SDK in an integrated application.
The tap triggers a read of the chip's public data and initiates a request to the TrueTap verification service. The service issues a cryptographic challenge that the device forwards to the chip. The chip's response, computed using on-chip key material, is returned to the service.
This exchange - challenge, response, and verification - typically completes in under 300 milliseconds on a connected device.
Verification and result delivery
The verification service evaluates the chip's challenge response against the provisioned identity record. The result is one of three states: Authenticated (valid identity, within programme parameters), Tampered (chip identity does not match expected record), or Unknown (chip not found in programme registry).
Each result is accompanied by the object's metadata - programme identifier, issue date, expiry, status flags - as defined by the programme operator. Results are returned as structured JSON over HTTPS.
Every verification event is written to the immutable audit log with timestamp, location (if available), device identifier, and cryptographic result. Logs are available via the administration portal and via API export.
Verification flow
See a live demonstration
The TrueTap team can walk through a live verification demonstration relevant to your programme context - product, identity, or vehicle.