MiFare smart-card authentication for embedded software application
MiFare is the leading industry standard for contactless and dual interface smart card schemes. It is fully compliant with ISO/IEC 14443 Type A and has an immense worldwide installed base.
As well as dual interface ICs that provide a link between the contactless and contact card markets, the MiFare platform offers a full range of compatible contactless smart card and reader ICs.
Below is an overview of an example application recently developed by WyeTec.
The client required secure authentication for users of an embedded system, without the need for them to enter a username and password via a keyboard. MiFare contactless (RF) smart cards were chosen
as a way of storing user information, providing flexible, secure and inexpensive authentication.
Software development brief
The ‘MiFare’ standard allows arbitrary data to be stored on RFID (wireless / contactless) plastic cards and key-fobs, and is commonly used in applications such as access control, security tagging
and payment cards (e.g. public transport, gift cards). There are several versions of the ‘MiFare’ standard. At the simple end of the scale, “MiFare ultralight” provides basic unsecured data storage.
The standard MiFare 1k and 4k cards provide an intermediate level of security and up to 4kB of data storage, with technologies such as “Desfire” providing the stronger encryption and higher levels of
data storage required for payment card type applications and more rigorous access control systems. In this instance, it was decided that the standard MiFare cards offered sufficient protection.
Data on standard MiFare cards is arranged in a series of sectors, each sector containing ‘n’ data blocks. Data encryption keys were set for each sector, along with the details of the data type to be stored and the read/write access rights for that block. By using different encryption keys for each data sector, a major obstacle is created for anyone wishing to clone the card. Furthermore, the MiFare internal system can automatically block data sectors if the security system is violated, adding a further layer of protection against copying.
Above: The ‘MiFare’ standard allows arbitrary data to be stored on RFID (wireless / contactless) plastic cards and key-fobs, and is commonly used in applications such as access control, security tagging
and payment cards
The requirement was to store simple user data, along with details of the user’s privilege level on the embedded system and an expiry date for the user account – a significant difference from the data required for a Microsoft Windows log-on. This custom data was encrypted
and written across the data block on the MiFare cards.
Two layers of encryption for added security
The second layer of encryption and the incorporation of an expiry date meant that in the unlikely event of a card being cloned, it would be of very limited use unless the secondary, 128bit encryption was deciphered also.
Software was incorporated into the embedded application to allow authenticated users to issue and update new smartcards for standard-level users, with a separate stand-alone application being held securely at the client’s
premises allowing creation of cards with elevated user privileges. Contactless smartcards are now issued by the client, printed up with their company logo – providing an additional opportunity to increase brand awareness.
The generic nature of the MiFare standard means that key-fobs and wristbands can also be created to give a thoroughly flexible and versatile product.
To find out more about the development of Mifare smart-card authentication for embedded software applications, please
MiFare contactless RFID
smart card technology
Microsoft® Visual Studio
Microsoft® SQL Server