Counterfeiting is a major issue plaguing global supply chains. In order to mitigate this problem, a wireless authentication tag is presented that implements a cryptographically secure pseudorandom number generator and authenticated encryption modes. The tag uses Keccak, the cryptographic core of SHA3, to update keys before each protocol invocation, limiting side-channel leakage. Power-glitch attacks are mitigated through state backup on ferroelectric capacitor-based nonvolatile flip-flops with a fully integrated energy backup storage, which needs a 2.2 × smaller area compared with conventional approaches. The 130 nm CMOS tag harvests wireless power through a 433 MHz inductive link and communicates with a reader by a pulse-based modulation that minimizes the wireless power dead time. The proposed regulating voltage multiplier simultaneously rectifies, boosts, and regulates a >0.55 V ac input to a 1.5 V supply voltage with <1.1% line and load regulation while requiring only one on-chip decoupling capacitor. The bidirectional data telemetry operates at 125 kb/s, while requiring 4% (downlink) and 6.25% (uplink) duty cycles. Full system operation including the tag, reader, and server protocol is demonstrated in the presence of worst-case power interruption events.