The MIFARE® classic family, developed by NXP Semiconductors is the pioneer and front runner in contactless smart card ICs operating in the 13.56 MHz frequency range with read/write capability. MIFARE® is a trademark of NXP Semiconductors. MIFARE complies with ISO14443 A, which is used in more than 80% of all contactless smart cards today. The technology is embodied in both cards and card reader devices. MIFARE cards are being used in an increasingly broad range of applications (including transport ticketing, access control, e-payment, road tolling, and loyalty applications). MIFARE Standard (or Classic) cards employ a proprietary high-level protocol with a proprietary security protocol for authentication and ciphering. MIFARE® technology has become a standard for memory devices with key-protected memory sectors. One example for a published product specification of MIFARE® technology is the data sheet “MIFARE® Standard Card IC MF1 IC S50—Functional Specification” (1998) which is herein incorporated by reference. MIFARE® technology is also discussed in: Klaus Finkenzeller, “RFID Handbuch”, HANSER, 4th edition (2006).
The MIFARE Classic cards are fundamentally just memory storage devices, where the memory is divided into sectors and blocks with simple security mechanisms for access control. Each device has a unique serial number. Anticollision is provided so that several cards in the field may be selected and operated in sequence.
The MIFARE Standard 1 k offers about 768 bytes of data storage, split into 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 bytes); each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc. The last block of each sector is called “trailer”, which contains two secret keys (A and B) and programmable access conditions for each block in this sector. In order to support multi-application with key hierarchy, an individual set of two keys (A and B) per sector (per application) is provided.
The memory organization of a MIFARE Standard 1 k card is shown in FIG. 1. The 1024×8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. The first data block (block 0) of the first sector (sector 0) is the manufacturer block which is shown in detail in FIG. 2. It contains the serial number of the MIFARE card that has a length of four bytes (bytes 0 to 3), a check byte (byte 4) and eleven bytes of IC manufacturer data (bytes 5 to 15). The serial number is sometimes called MIFARE User IDentification (MUID) and is a unique number. Due to security and system requirements the manufacturer block is write protected after having been programmed by the IC manufacturer at production. However, the MIFARE specification allows to change the serial number during operation of the MIFARE card, which is particularly useful for MIFARE emulation cards like SmartMX cards.
SmartMX (Memory eXtension) is a family of smart cards that have been designed by NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options. Key applications are e-government, banking/finance, mobile communications and advanced public transportation.
The ability to run the MIFARE protocol concurrently with other contactless transmission protocols implemented by the User Operating System enables the combination of new services and existing applications based on MIFARE (e.g. ticketing) on a single Dual Interface controller based smart card. SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure. The contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols. SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security. SmartMX incorporates a range of security features to counter measure side channel attacks like DPA, SPA etc. A true anticollision method (acc. ISO/IEC 14443-3), enables multiple cards to be handled simultaneously.
It should be noted that the emulation of MIFARE Classic cards is not only restricted to SmartMX cards, but there may also exist other present or future smartcards being able to emulate MIFARE Classic cards.
Recently, mobile communication devices have been developed which contain MIFARE devices, either being configured as MIFARE Classic cards or as MIFARE emulation devices like SmartMX cards. These mobile communication devices comprise e.g. mobile phones with Near Field Communication (NFC) capabilities, but are not limited to mobile phones.
MIFARE as a card or in a mobile communication device (SmartMX for example) can be used for multi-applications purposes. I.e. it is possible to install several tickets, coupons, access controls and so on in one MIFARE memory.
However, this multi-applications feature causes problems with increased access times, since a reader device has to parse all the content of the MIFARE memory in order to reliably find the correct application and necessary information. But fast access is urgently needed for instance at stadium gates, transit areas and so on.
Another issue of the multi-applications feature is its potentially insufficient protection of privacy and insufficient security, since, if a reader is able to parse all the MIFARE memory to retrieve data this reader is also able to access other information than the one actually needed, and may violate the user's privacy by gathering information that was not meant for it.