Karty Bezstykowe RFID MIFARE 4K

MIFARE MF1S703x to be used in a contactless smart card according to ISO/IEC 14443 Type A.

The MIFARE MF1S703x IC is used in applications like public transport ticketing and can also be used for various other applications. An intelligent anti-collision function allows to operate more than one card in the field simultaneously. The anti-collision algorithm selects each card individually and ensures that the execution of a transaction with a selected card is performed correctly without interference from another card in the field.  The MF1S703x is designed for simple integration and user convenience which allows complete ticketing transactions to be handled in less than 100 ms.

Security :

• Manufacturer programmed 4 byte Non-Unique IDentifier (NUID) for each device
• Mutual three pass authentication (ISO/IEC DIS 9798-2)
• Individual set of two keys per sector to support multi-application with key hierarchy

Feature & Benefits :

-Contactless transmission of data and supply energy
-Operating distance up to 100 mm depending on antenna geometry and reader configuration
-Operating frequency of 13.56 MHz, Data transfer of 106 kbit/s
-Data integrity of 16-bit CRC, parity, bit coding, bit counting
-Anti-collision
-Typical ticketing transaction time of less than 100 ms (including backup management)

EEPROM :

-4 kB, organized in 32 sectors of 4 blocks and 8 sectors of 16 blocks (one block consists of 16 byte)
-User definable access conditions for each memory block
-Data retention time of 10 years, Write endurance 100.000 cycles

Applications :

-Public transportation, Access management
-Electronic toll collection, Car parking
-School and campus cards, Employee cards
-Internet cafés, Loyalty

Description :

The MF1S703x chip consists of a 4 kB EEPROM, RF interface and Digital Control Unit. Energy and data are transferred via an antenna consisting of a coil with a small number of turns which is directly connected to the MF1S703x. No further external components are necessary. Refer to the document Ref. 1 for details on antenna design.

• RF interface:
– Modulator/demodulator
– Rectifier
– Clock regenerator
– Power-On Reset (POR)
– Voltage regulator

• Anti-collision: Multiple cards in the field may be selected and managed in sequence

• Authentication: Preceding any memory operation the authentication procedure ensures that access to a block is only possible via the two keys specified for each block

• Control and Arithmetic Logic Unit: Values are stored in a special redundant format and can be incremented and decremented

• EEPROM interface

• Crypto unit: The CRYPTO1 stream cipher of the MF1S703x is used for authentication and encryption of data exchange.

• EEPROM: 4 kB is organized in 32 sectors with 4 blocks and 8 sectors with 16 blocks each. A block contains 16 bytes. The last block of each sector is called “trailer”, which contains two secret keys and programmable access conditions for each block in this sector. The commands are initiated by the reader and controlled by the Digital Control Unit of the MF1S703x. The command response is depending on the state of the IC and for memory operations also on the access conditions valid for the corresponding sector. After Power-On Reset (POR) the card answers to a request REQA or wakeup WUPA command with the answer to request code (see Section 9.4, ATQA according to ISO/IEC 14443A). In the anti-collision loop the identifier of a card is read. If there are several cards in the operating field of the reader, they can be distinguished by their identifier and one can be selected (select card) for further transactions. The unselected cards return to the idle state and wait for a new request command.
Remark: The identifier retrieved from the card is not defined to be unique. With the select card command the reader selects one individual card for authentication and memory related operations. The card returns the Select Acknowledge (SAK) code which determines the type of the selected card. After selection of a card the reader specifies the memory location of the following memory access and uses the corresponding key for the three pass authentication procedure. After a successful authentication all memory operations are encrypted.

Memory operations
After authentication any of the following operations may be performed:
• Read block
• Write block
• Decrement: Decrements the contents of a block and stores the result in an internal data-register
• Increment: Increments the contents of a block and stores the result in an internal data-register
• Restore: Moves the contents of a block into an internal data-register
• Transfer: Writes the contents of the temporary internal data-register to a value block

Data integrity

Following mechanisms are implemented in the contactless communication link between reader and card to ensure very reliable data transmission:

• 16 bits CRC per block
• Parity bits for each byte
• Bit count checking
• Bit coding to distinguish between “1”, “0” and “no information”
• Channel monitoring (protocol sequence and bit stream analysis)

Three pass authentication sequence

1. The reader specifies the sector to be accessed and chooses key A or B.
2. The card reads the secret key and the access conditions from the sector trailer. Then the card sends a random number as the challenge to the reader (pass one).
3. The reader calculates the response using the secret key and additional input. The response, together with a random challenge from the reader, is then transmitted to the card (pass two).
4. The card verifies the response of the reader by comparing it with its own challenge and then it calculates the response to the challenge and transmits it (pass three).
5. The reader verifies the response of the card by comparing it to its own challenge. After transmission of the first random challenge the communication between card and reader is encrypted.

RF interface

The RF-interface is according to the standard for contactless smart cards ISO/IEC 14443 A.
For operation, the carrier field from the reader always needs to be present (with short pauses when transmitting), as it is used for the power supply of the card. For both directions of data communication there is only one start bit at the beginning of each frame. Each byte is transmitted with a parity bit (odd parity) at the end. The LSB of the byte with the lowest address of the selected block is transmitted first. The maximum frame length is 163 bits (16 data bytes + 2 CRC bytes = 16 ,  9 + 2 , 9 + 1 start bit).

Memory organization

The 4096 8 bit EEPROM memory is organized in 32 sectors of 4 blocks and 8 sectors of 16 blocks. One block contains 16 bytes.

Manufacturer block

This is the first data block (block 0) of the first sector (sector 0). It contains the IC manufacturer data. This block is programmed and write protected in the production test.

Data blocks

The first 32 sectors contain 3 blocks of 16 bytes for storing data (Sector 0 contains only two data blocks and the read-only manufacturer block). The last 8 sectors contain 15 blocks of 16 bytes for storing data. The data blocks can be configured by the access bits as :

• read/write blocks
• value blocks
Value blocks can be used for e.g. electronic purse applications, where additional commands like increment and decrement for direct control of the stored value are provided. A successful authentication has to be performed to allow any memory operation.
Remark: The default content of the data blocks at delivery is not defined.

Value blocks

The value blocks allow performing electronic purse functions (valid commands: read, write, increment, decrement, restore, transfer). Value blocks have a fixed data format which permits error detection and correction and a backup management.

A value block can only be generated through a write operation in the value block format:

• Value: Signifies a signed 4-byte value. The lowest significant byte of a value is stored in the lowest address byte. Negative values are stored in standard 2´s complement format. For reasons of data integrity and security, a value is stored three times, twice non-inverted and once inverted.
• Adr: Signifies a 1-byte address, which can be used to save the storage address of a block, when implementing a powerful backup management. The address byte is stored four times, twice inverted and non-inverted. During increment, decrement, restore and transfer operations the address remains unchanged. It can only be altered via a write command.