The MIFARE® classic family, developed by NXP Semiconductors is the pioneer and front runner in contactless smart card ICs operating in the 13.56 MHz frequency range with read/write capability. MIFARE® is a trademark of NXP Semiconductors. MIFARE complies with ISO14443 A, which is used in more than 80% of all contactless smart cards today. The technology is embodied in both cards and card reader devices. MIFARE cards are being used in an increasingly broad range of applications (including transport ticketing, access control, e-payment, road tolling, and loyalty applications). MIFARE Standard (or Classic) cards employ a proprietary high-level protocol with a proprietary security protocol for authentication and ciphering. MIFARE® technology has become a standard for memory devices with key-protected memory sectors. One example for a published product specification of MIFARE® technology is the data sheet “MIFARE® Standard Card IC MF1 IC S50—Functional Specification” (1998) which is herein incorporated by reference. MIFARE® technology is also discussed in: Klaus Finkenzeller, “RFID Handbuch”, HANSER, 3rd edition (2002).
The MIFARE Classic cards are fundamentally just memory storage devices, where the memory is divided into sectors and blocks with simple security mechanisms for access control. Each device has a unique serial number. Anticollision is provided so that several cards in the field may be selected and operated in sequence.
The MIFARE Standard 1k offers about 768 bytes of data storage, split into 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 bytes); each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc. The last block of each sector is called “trailer”, which contains two secret keys (A and B) and programmable access conditions for each block in this sector. In order to support multi-application with key hierarchy an individual set of two keys (A and B) per sector (per application) is provided.
The memory organization of a MIFARE Standard 1 k card is shown in FIG. 1. The 1024×8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. The first data block (block 0) of the first sector (sector 0) is the manufacturer block which is shown in detail in FIG. 2. It contains the serial number of the MIFARE card that has a length of four bytes (bytes 0 to 3), a check byte (byte 4) and eleven bytes of IC manufacturer data (bytes 5 to 15). The serial number is sometimes called MIFARE User IDentification (MUID) and is a unique number. Due to security and system requirements the manufacturer block is write protected after having been programmed by the IC manufacturer at production. However, the MIFARE specification allows to change the serial number during operation of the MIFARE card, which is particularly useful for MIFARE emulation cards like SmartMX cards.
SmartMX (Memory eXtension) is a family of smart cards that have been designed by NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options. Key applications are e-government, banking/finance, mobile communications and advanced public transportation.
The ability to run the MIFARE protocol concurrently with other contactless transmission protocols implemented by the User Operating System enables the combination of new services and existing applications based on MIFARE (e.g. ticketing) on a single Dual Interface controller based smart card. SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure. The contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols. SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security. SmartMX incorporates a range of security features to counter measure side channel attacks like DPA, SPA etc. A true anticollision method (acc. ISO/IEC 14443-3), enables multiple cards to be handled simultaneously.
It should be noted that the emulation of MIFARE Classic cards is not only restricted to SmartMX cards, but there may also exist other present or future smartcards being able to emulate MIFARE Classic cards.
Recently, mobile communication devices have been developed which contain MIFARE devices, either being configured as MIFARE Classic cards or as MIFARE emulation devices like SmartMX cards. These mobile communication devices comprise e.g. mobile phones with Near Field Communication (NFC) capabilities, but are not limited to mobile phones.
MIFARE as a card or in a mobile communication device (SmartMX for example) can be used for multi-applications purposes. I.e. it is possible to install several tickets, coupons, access controls and so on in one MIFARE memory. Usually, in order to allow a very fast access RFID/NFC readers access one specific MIFARE sector for retrieving a specific application. This fast access is needed for instance at stadium gates, transit areas and so on. So, for a particular event, a reader will try to access a specific sector to find the corresponding ticket.
Problems arise when a user wants to buy several tickets for the same event. These tickets may have different prices (adult, kids, different categories). The ticket issuer will send these tickets to the user's mobile communication device. The problem is that the readers (e.g. at the stadium gate) are programmed to look for the ticket at one specific location (sector) in the MIAFRE memory of the mobile communication device. In practice the user will have to swipe his mobile communication device a first time in order to enable the reader to find the ticket. After the reader has found the first ticket the user must manually (by pressing some keys on his mobile communication device) swap the first ticket by the next one. This manual operation lasts very long and is not acceptable e.g. at stadium gates, because such a delay will cause long queues at the gates.