ST ST25DA-C is an NFC chip with built-in support for the latest Matter 1.5 protocol, enabling easier installation of smart devices on home networks, including lighting, access control, security cameras, or any IoT device.
NFC here is used as an alternative to Bluetooth LE or QR core commissioning. NFC tap-to-pair functionality enables users to tap an NFC tag code on a device with their smartphone to securely and easily add it to their Matter-compatible app(s) and network(s). Besides batteryless commissioning, the ST25DA-C chip can also be used for firmware updates over I2C (Matter OTA), and secure storage for keys & certificates.
ST25DA-C secure NFC tag specifications:
- Contact interface
- 1.62 V to 3.3 V supply voltage range
- ESD protection
- Human body model (HBM): 6 kV for digital and antenna pads
- Charge device model (CDM): 1 kV based on a STMicroelectronics module
- I2C serial interface up to 400 kHz
- Contactless interface
- Power supplied by 13.56 MHz carrier
- Complies with ISO/IEC 14443 Type A
- Complies with NFC Forum Type 4 Tag (106/212/424/848 kbps)
- 78 pF tuning capacitor, with automatic antenna tuning for optimized performance
- Automatic CPU frequency adaptation for optimum power consumption
- 7-byte unique identifier (UID) on each die
- Matter services
- Stores Matter onboarding data in NFC Forum Type 4 tag
- Performs commissioning over NFC Transport Layer (NTL):
- Powered either by VCC pin or 13.56 MHz contactless carrier
- SPAKE2+
- Secure storage for certificates and keys needed for Matter commissioning
- Provides Matter signature generation and verification over I²C
- Memory – More than 3 KB of non-volatile memory allocated for Matter certificates, keys, and attributes
- Security features
- Secure MCU
- Active shield
- Monitoring of environmental parameters
- Protection mechanism against faults
- Protection against side-channel attacks
- Unique serial number on each die
- NIST 800-90B compliant true random-number generator (TRNG)
- Elliptic curve digital signature algorithm (ECDSA) with SHA-256 for digital signature generation and verification
- Elliptic curve Diffie-Hellman (ECDH) for key establishment
- Symmetric cryptography with AES-CCM for data confidentiality and integrity
- Symmetric cryptography with AES-CTR for data privacy
- Targets certification to the GlobalPlatform Security Evaluation Standard for IoT Platforms (SESIP level 3).
- Package – 8-pin UFDFPN8 (3 x 2 mm); ECOPACK2 compliant.
- Temperature Range – -25°C to +85°C
The setup process is described above: tap the NFC tag on your new device, connect it to its power (source mains or battery), and profit! We are also told that the ST25DA-C “features built-in equipment identification, streamlining installing multiple smart home accessories in parallel”. The way I understand is that if you have a kit with multiple devices, tapping a single NFC tag could add all of them to your Matter network. Other highlights are support for smart home devices from different manufacturers (more of a Matter attribute) and hardware protections for cryptographic keys and authentication credentials.
The main benefit here is that Matter devices don’t need Bluetooth LE radio just for provisioning and may feature a cheaper NFC tag instead. One potential downside is that while Bluetooth is supported in most (all?) phones, NFC is only supported in most (new) smartphones.
Key applications include lighting devices, HVAC and climate control, security and access control, appliances, media and entertainment, and environmental sensors.
The ST25DA-C samples are available now, and mass production is scheduled to begin in 2026. A few more details can be found on the product page and the press release, but detailed documentation, engineering samples, and evaluation kits would require you to contact one of ST’s sales representatives.
Thanks to TLS for the tip.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress. We also use affiliate links in articles to earn commissions if you make a purchase after clicking on those links.
The thing with BLE commissioning, is that nearly every Matter compatible uC supports BLE. On the uC, they share the same radio front-end, and they have 802.15.4, BLE and a sometimes a proprietary protocol too.
I would argue that this mechanism is more convenient from a user perspective, but it is not cheaper.
I don’t get it. If these devices are in public places like a university, anyone can recommission them. The point of the QR Codes was that you could remove them or make them a pain to get to.
If QR Code are such a problem, just use passive RFID tags which can be removed.
I wonder how many matter devices are already in the trash because “owners” (vor better buyers) lost their qr codes and their devices are uncommissionable.
Tap to pair, hmm.
I don’t know how high your ceilings are, but I’d need a ladder to pair the lamps.
You’d scan the NFC tag before installing the light bulb.
What is mind? Never matter. What is matter? Never mind.
If I could, I’d totally get rid of Matter Pairing codes. Just made the device enter a default codeless pairing mode when it is reset. To secure it from hostile reset, after the first time it is paired load your own code into it. Then everything has the SAME code, not hundreds of different ones. Homeowners would never enter a code, making things much simpler.
Word is going round (no official CSA confirmation) that matter devices can be remotely disabled or limited via device attestation (even after being commissioned as long the matter controller goes only and gets the info from DCL).
Might be a little futuristic but when actually true this might be just the icing on the cake degrading the buyer to no ownership and granting the manufacture remotely disabling the devices you bought.
Any ones with insights here to shed a light on this topic?
The device attestation check is there to stop counterfeit devices. There have been a lot of problems in the past with third party vendors cloning the hardware and then copying the original software into the cloned devices. They then sell these devices in identical packaging so that the consumer is totally unaware the devices have been cloned. When the consumers buy the cloned devices they expect the original company to support them. When the original company refuses support and returns, they get mad at the original company, not the cloner. Can you see how much of a problem this is when someone RMAs a cloned product with the two year EU warranty and then asks for a refund from the original company?
That practice has to be stopped since it results in everyone declaring bankruptcy. The cloners are undercutting the original company because they don’t have to bear the large software development expense and support expenses.
BTW, some of these clones are so good that the only way we can identify them is because we have a record of the CPU serial numbers we bought.
— what does this have to do with device attestation? with device attestation each copy of the software has a unique EC encryption key in it. If you clone the software then the remote device attestation sees many devices using the same key. When it sees that, it won’t return the unlock key to the device. And the cloners can’t make more device attestation keys because they don’t have access to the private key.
My personal view is that I would get rid of device attestation and just rely on secure boot. When the cloned device asks for an OTA, I’ll just send it a non-functioning update.
And if I’m the unlucky guy that bought a device with the original unique EC encryption code that gets cloned? My original device will just be disabled remotely? WTH?
You won’t have bought it, the cloner had to have it to clone. They likely destroyed in it in the cloning process.
I would expect that they do it like with other clones and create/build them directly in the factory were originals are produced…
But even the fact that matter devices contain a kill switch is enough for me to avoid them completely. Luckily at this point in time we still have solutions that allow the buyer full ownership over their device.
*remote kill switch
BTW. it’s the consumer suffering getting stuff disabled they pay for.
Only logical thing is to don’t buy any matter product at all and instead use literally any other thech available (like zwave, ZigBee, esphome, …) as all of them don’t include a kill switch and are not dependend of the cloud to work (commissioning).
You’re wrong, everything with external OTA has a kill switch.
You’re going to have to build your own devices if you want absolute control. Then you can OTA them from a local LAN with images you built yourself.
BTW, the device attestation check only occurs once – first commission after a reset. That is not a remote kill, it is more of a remote padlock. Using OTA to brick devices is a real kill switch.
According docs released by eapressif regarding matter device attestation happens continuously. It seems like CSA does not publicly disclose this information AFAIK. If you have any information/links that this is NOT the case feel free to provide them! Thx
Anyways matter seems like a huge step backwards regarding ownership and a huge step forward enshittification
Actually with esphome you build your own firmware and serve OTA locally via LAN.
that’s what you have to do if you want to be completely cloud free
The clones from the original factory are the hardest to detect, for those we have to use the CPU serial numbers. The worst problem is with returns, when a customer returns a clone to us it is bad news for everyone because they expect us to refund money we never collected.
Espressif atates on their site:
Upon discovering the revoked status of the device, the commissioner can notify the user. It is then the user’s responsibility to make a conscious decision regarding whether to allow the device to operate with limited functionality or not
So after comissing the device can still be semi-bricked (limited function) as it looks like! Great technology!
https://developer.espressif.com/blog/matter-and-certificate-revocation/