
NXP Mifare Plus 恩智浦提供非接觸式卡片系統新一層安全保護

mifare plus

重點摘要︰有AES以及CRYPTO1加密功能, 向下相容, 防金鑰更新中斷, 7-Byte唯一ID和亂數ID, 距離估計(防止relay)。
防金鑰更新中斷機制, 如果卡片在key更新時被有心人(攻擊者)強制中斷, 會自動認定失敗並回復至先前的key (我未看先猜是dual-mode保護機制, 也就是存兩組key, 只有更新成功才把pointer指到新的那組, 從規格2x128bit AES key應該可以證實我的猜測)。

Key applications(主要應用)
  • 交通 Public transportation
  • 存取管理 Access management, e.g. employee, school or campus cards
  • 道路電子收費 Electronic toll collection
  • 停車Car parking
  • 認同卡 Loyalty programs
Key features(功能規格)
  • 2 or 4-KB EEPROM
  • Simple fixed memory structure compatible with MIFARE Classic 1 K (MF1ICS50), MIFARE Classic 4 K (MF1ICS70)
  • Access conditions freely configurable
  • Smooth migration from MIFARE Classic to MIFARE Plus security level supported
  • Open standard AES crypto for authentication, integrity and encryption
  • Common Criteria Certification: EAL4+ for IC HW and SW
  • ISO/IEC 14443-A unique serial number, 4 or 7 byte and random IDs
  • Multi-sector authentication, multi-block read and write
  • Anti-tear function for writing AES keys
  • Keys can be stored as MIFARE Classic CRYPTO1 keys (2 x 48 bit per sector) or as AES keys (2 x 128 bit sector)
  • Supports virtual card concept
  • High data rates up to 848 kbit/s
  • Available in MOA4 modules or 8-inch sawn bumped wafer
NXP MIFARE Plus is based on open global standards both for air interface and cryptographic methods. It is available in two versions: MIFARE Plus S, the Slim version, for straightforward migration of MIFARE Classic systems, and MIFARE Plus X, the eXpert version, which offers more flexibility to optimize the command flow for speed, privacy and confidentiality. MIFARE Plus X offers a rich feature set, including proximity checks against relay attacks.
MIFARE Plus is fully functional backwards compatible with MIFARE Classic 1 K / 4 K. Interoperability with MIFARE Classic has been verified by the independent MIFARE Certification Institute. MIFARE Plus offers the possibility to issue cards seamlessly into existing MIFARE Classic applications, before the infrastructure is upgraded. Once the security upgrades are in place, MIFARE Plus cards can be switched to a more secure mode in the field with no customer interaction necessary. AES (advanced encryption standard) is then being used for authentication, encryption and data integrity.
MIFARE Plus supports high-speed communication between card and terminal at up to 848 kbps/s, for time critical services. The read range of up to 10 cm increases the convenience of the touch-and-go experience.

Security Levels(可以切換幾個安全等級)
MIFARE Plus cards supports one pre-personalization and 3 security levels. Cards operate in one security level at any given time and can only be switched to a higher level.
  • Security Level 0 (預先燒錄key, AES和CRYPTO1保護memory?)
    MIFARE Plus cards are pre-personalized with configuration keys, level switching keys, MIFARE Classic CRYPTO1 and AES keys for the memory.
  • Security Level 1 (向下相容模式)
    In this level the cards are 100% functionally backwards compatible with MIFARE Classic 1K / 4K cards. Cards work seamlessly in existing MIFARE Classic infrastructure.
  • Security Level 2 (用AES做reader認證, 傳輸中用CRYPTO1做資料加密)
    Mandatory AES authentication. MIFARE Classic CRYPTO1 for data confidentiality.
  • Security Level 3 (全部用AES做reader認證, 傳輸資料加密, 資料檢查碼, 額外提供距離偵測)
    Mandatory AES for authentication, communication confidentiality and integrity. Optional proximity detection (MIFARE Plus X only).
自動防中斷機制, 如果卡片在key更新時被有心人(攻擊者)強制中斷, 會自動認定失敗並回復至先前的key, (我未看先猜是dual-mode保護機制, 也就是存兩組key, 只有更新成功才把pointer指到新的那組, 從規格2x128bit AES key應該可以證實我的猜測)
An automatic anti-tear mechanism is available for secure deployment of rolling keys. If a card is removed from the field during a key update, it either concludes the update or automatically falls back to the previous key. NXP recommends 7Byte UID, but offers 4B UID versions of MIFARE Plus during migration. MIFARE Plus is available in the proven MOA4 module and as sawn bumped wafers, no changes for existing manufacturing processes necessary.
Product leaflet
You can download the product leaflet here.
