TAGBASE

Overview

Security model

Zero-trust verification anchored in the physical tag.

TAGBASE assumes every link, device, and client may be compromised. Trust is anchored in the one thing that can’t be faked: the genuine physical tag.

Principles

  • Anchored in hardware. Authenticity depends on material that only a genuine tag can produce, freshly, on every tap.
  • Two-scan liveness. Validation isn’t just “is this URL valid.” It’s “did the same live tag produce two distinct taps.” A static copy can’t.
  • No secrets in the client. All verification logic runs server-side, and the browser is treated as untrusted.
  • Time-bound. The two taps must happen within a short window, which defeats link harvesting and replay.

The two-scan check

Verification requires two taps from the same live tag within a short window. The first tap opens a pending verification; the second must present new material to reach valid. A replayed tap is treated as a likely clone and rejected. See how it works for the full flow.

Threats and mitigations

Threat Mitigation
Cloned tag A static copy replays one tap and fails the second (liveness).
Link replay Verification URLs are single-use and time-bound.
Client tampering Verification runs server-side; clients hold no secrets.

Optional signals

Geolocation and device signals can flag unexpected tap patterns, and every tag keeps a verification history for audit and compliance.

One-step mode (showing product info on the first tap) trades away the second-scan liveness proof for a simpler experience. It’s available per team but discouraged, since a captured URL works once.