Counterfeiting is a major issue plaguing global supply chains. To mitigate this issue, a wireless authentication tag is presented that implements a cryptographically secure pseudorandom number generator (PRNG) and authenticated encryption modes. The tag uses Keccak, the cryptographic core of SHA3, to update keys before each protocol invocation, limiting side-channel leakage. Power-glitch attacks are mitigated through state backup on ferroelectric capacitor-based nonvolatile flip-flops with a fully integrated energy backup storage, which needs a 2.2× smaller area compared with conventional approaches. The 130 nm CMOS tag harvests wireless power through a 433 MHz inductive link and communicates with a reader by a pulse-based modulation that minimizes the wireless power dead time. Full system operation including the tag, reader, and server protocol is demonstrated in the presence of worst-case power interruption events.