Identity Infrastructure Suite
Parta Tag provisions NTAG424 DNA NFC badges with device-bound Ed25519 keypairs and split-knowledge AES key derivation. Multi-tenant access control. No credential database. No persistent identifiers. Badge read to access decision in under 2 seconds.
Hardware
The badge must contain an NXP NTAG424 DNA chip. Card, keyfob, sticker, wristband: your choice. The cryptographic guarantees are in the silicon, not the plastic.
REQUIRED CHIP
NXP NTAG424 DNA
Onboard AES-128. Non-exportable keys. Dynamic CMAC per read. Standard ISO 14443-4 NFC interface. Available from authorised NXP distributors, Mouser, Digi-Key, and general retailers. Search exactly: NTAG424 DNA.
FORM FACTOR
Your choice
PVC card (ISO 7810 ID-1), keyfob, sticker, wristband, or any carrier that embeds the chip. We do not sell hardware. You source it independently.
READER
Identity IoT node + PN532
The access control reader is a Parta IoT node with a PN532 NFC module. Raspberry Pi Pico 2W reference deployment. ESP32 validation in progress.
Binding modes
Both modes use Ed25519 challenge/response per badge read. The difference is the cryptographic scope of the badge binding.
STD
Standard binding
The badge works on any authorised reader in your tenant fleet. Suitable for general access control: offices, entrances, shared areas. Easy to provision and manage at scale.
HS
High Security binding
The badge is cryptographically bound to a specific reader. The DEK derivation incorporates a hash of the terminal public key. The badge is invalid on any other reader. Suitable for server rooms, equipment cabinets, high-value areas.
MULTI-TENANT
Tenant isolation
Each tenant has an isolated namespace: its own reader fleet, badge registry, group tree, and entitlement table. A badge from Tenant A cannot be verified by a reader belonging to Tenant B.
Process
Four steps from sign-up to a live, cryptographically provisioned badge granting access.
01
Request access
Submit your details. Your tenant context is generated after manual verification. Free tier: 10 badges and 10 readers, no card required.
02
Provision your reader
Install Parta IoT on Android. Provision your Pico 2W or ESP32 reader node over WiFi. The reader authenticates to the backend with a device-bound Ed25519 keypair.
03
Write your badges
Install Parta Tag on Android. Hold an NTAG424 DNA badge to your phone. The app writes an Ed25519 keypair encrypted with a split DEK. Choose STD or HS binding mode.
04
First access event
Present the badge to the reader. Ed25519 challenge/response completes in under 2 seconds. The relay activates. The event is logged to your tenant audit trail.
Pricing
All plans use the same cryptographic protocol. Each badge read consumes two challenges internally: one for the reader node, one for the badge. Stated challenge limits reflect this.
FREE
€0 /month
No card required. Manual approval.
STARTER
€60 /month
Self-serve. Card required.
HIGH AVAILABILITY
€120 /month
Two instances. Redundant.
HA + BACKUP
€90 /month
Three instances. €25/instance.
Additional instances at €30/instance up to 9. Beyond 9 instances: contact us. Enterprise plans from €5,000/month. All prices exclude VAT and applicable taxes.
Access
Access is provisioned manually. Free tier approved within 2 business days. You source NTAG424 DNA badges independently.
Request received
We will review your request and contact you at the email address provided. Free tier accounts are approved within 2 business days. You will need NTAG424 DNA badges and a Parta IoT reader node to start provisioning.
App
Android for badge provisioning and access management. NFC write requires Android with NFC hardware. Reader nodes managed via Parta IoT.
Google Play
Android 8.0 and above. NFC required for badge writing. Reader node management via Parta IoT.
Windows: coming soon
Badge and access management dashboard. No NFC hardware required.