Card activation and communication protocol:
The ISO/IEC 14443-3 anticollision mechanism allows for simultaneous handling of multiple PICCs in the field. The anticollision algorithm selects each PICC individually and ensures that execution of a transaction with a selected PICC is performed correctly without data corruption from other PICCs in the field.

There are three different versions of the PICC. The first two have the UID programmed into a locked part of the NV-memory reserved for the manufacturer:
-the first is a unique 7-byte serial number.
-the second is a unique 4-byte serial number.

Due to security and system requirements, these bytes are write-protected after being programmed by the PICC manufacturer at production.

The third version has a pseudo-unique ID according to ISO/IEC 14443-3 and uses the XFh ID range.

The customer must decide which UID length to use when ordering the product.

During personalization, the PICC can be configured to support Random ID in security level 3. The user can configure whether Random ID or fixed UID shall be used. According to ISO/IEC 14443-3 the first anticollision loop  returns the Random Number Tag 08h, the 3-byte Random Number and the BCC, if Random ID is used. The retrieval of the UID in this case can be done using the Virtual Card Support Last command, or by reading out block 0.

Backwards compatibility protocol:
The backwards compatibility of this product, as used in security level 1 and security level 2, runs on the same protocol layer as MIFARE Classic 1K and MIFARE Classic 4K.
The protocol is formed out of the following components:
-Frame definition: according to ISO/IEC 14443-3
-Bit encoding: according to ISO/IEC 14443-2
-Error code handling: handling is proprietary as error codes are formatted in half bytes.
-Command specification: commands are proprietary.

The following security levels can run on this protocol:
-Security Level 0
-Security Level 1
-Security Level 2

ISO/IEC 14443-4 Protocol:
The ISO/IEC 14443-4 Protocol (also known as T=CL) is used in many processor cards.
This protocol is used for the MIFARE Plus with the following security levels:
-Security Level 0: all commands.
-Security Level 1: only the security level switch and originality function.
-Security Level 2: updating AES keys and configuration blocks as well as the security level switch and originality function.
-Security Level 3: all commands.

Security level switching:
The MIFARE Plus X offers a unique feature to support migration from CRYPTO1 based systems to AES based operation. The migration on the card-side is done using different security levels supporting different cryptographic algorithms and protocols.

There are foursecurity levels:

-Security level 0: initial delivery configuration, used for card personalization.

-Security level 1: backwards functional compatibility mode (with MIFARE Classic 1K and MIFARE Classic 4K) with optional AES authentication.

-Security level 2: 3-Pass authentication based on AES followed by MIFARE CRYPTO1 authentication, communication secured by MIFARE CRYPTO1 The MIFARE CRYPTO1 uses session keys derived from the AES and MIFARE CRYPTO1 authentication.

-Security level 3: 3-Pass authentication based on AES, data manipulation commands secured by AES encryption and an AES based MACing method.
If the card is a L3 card the Commit Perso command will switch the card directly from security level 0 to security level 3 instead of security level 1.

The security level switching (i.e. from security level 1 to security level 3) is performed using the dedicated AES authentication switching keys.

The security level can only be switched from a lower to a higher level, never in the opposite direction.