Hardware architecture and working principle
MIFARE Ultralight MIFARE Classic MIFARE Plus MIFARE DESFire
MIFARE Ultralight EV1 MIFARE Ultralight C MIFARE Classic EV1 MIFARE Plus (S/X) MIFARE Plus SE MIFARE DESFire EV1 MIFARE DESFire EV2
RF interface ISO/IEC 14443-2, TYPE A
Communication Protocol ISO/IEC 14443-3 ISO/IEC 14443-3&4 ISO/IEC 14443-2
UID code UID: 7 bytes UID: 7 bytes, RID: 4-bit group (without UID) UID: 7 bytes
Communication speed 106Kbps 106Kbps-848Kbps
Data storage capacity 48bytes 128bytes 144bytes 1K, 4Kbytes 2K, 4Kbytes 1Kbytes 2K, 4K, 8Kbytes
Verification key type None TDES Crypot-1 Crypo-2, AES TDES, AES
Machine Card Verification Type Triple Authentication
Machine Card Communication Encryption Type None Encrypted Plain, Encrypted, and CMACed
Common Criteria Authentication Type
(Common Criteria Certification) None EAL4 Based on CC Certification EAL4+ EAL5
UID: Unique Identifier, RID: Random Security Identifier
Data storage block diagram
Block Block 0 Block 1 Block 2 Block 3
0 Manufacturer Code Data Area Data Area Key, Access Permissions
1 Data area Data area Data area Key and access rights
2 data area data area data area key, access rights
: : : : : :
14 Data Area Data Area Data Area Key and Access Rights
15 Data area Data area Data area Key and access rights
Card architecture: The card has a unique set of identification codes, a communication interface (including antenna and modem) and an ASIC containing communication logic, encryption control logic and data storage area (EEPROM), which can be used as an electronic wallet or other access control, Diligence assessment, library card and other purposes.
Data storage block: It can be divided into 16 blocks (sector 0-15), each block is composed of 4 blocks (block 0-3), and each block is an independent unit, each 1 zone The size of the block is 16 bytes. The last block of each block is used to store two sets of keys (KeyA, KeyB) and their corresponding access rights.
The first block (sector 0, block 0) of the first block of each card can only read data that cannot be written, which is called Manufacturer Code. The first 1-4 byte is the UID. The 5th byte is a bit count check code, and the rest stores the card manufacturer's data. So only 15 blocks can actually be used per card. Even so it can be used for 15 different applications.
Read and write card machine architecture: The card reader contains CPU, power supply module, read (write) module, memory module, control module, and some other display module, timing module and other modules.
Workflow: When the card is close to the reading and writing card machine entering the sensing range of the communication antenna (about 2.5 cm to 10 cm), the card reader will provide a trace of power (after about 2 volts) to drive the circuit on the card. At this time, the card and the machine encrypt the communication contents with MANCHESTER Encoding and Miller encoding, and then use Amplitude Shift Keying (ASK) to send and receive radio wave signals through the modem to verify whether the card is correct or not. If the verification result is correct, reading and writing the card machine will confirm the data storage block to be accessed, and perform password verification on the block. After the card and the machine triple authentication are correct, the actual working communication may be performed through encryption. This process takes only about 0.1 seconds to complete. If more than one card enters the card reader's sensing range at the same time, the card reader will identify the card number and select one card to verify until all the card verifications (called anti-collision mechanisms) are completed or the sensing range is left.
The card triple authentication procedure: 1. The card generates a random number RB to send to the card reader. 2. The reader will encrypt the encoded TokenAB number according to the received random number RB and send it back to the card. 3. After receiving the token AB, the card will interpret the encrypted part and compare parameter B and random number RB. At the same time, according to the received random number RA, the reference formula is encoded and then the TokenBA is sent back to the reader. 4. After the reader receives the TokenBA, it interprets the encrypted part again, compares the random number RB, RA with the RB and RA solved in the TokenBA, and can complete the instruction correctly (debiting, unlocking the door lock). Or register other things).