NXP’s MIFARE is a proven, reliable, and robust technology for contactless smart cards. It’s been on the market for more than 10 years and is now the world’s most widely used technology for automatic fare collection. It gives passengers a simple, convenient way to access transportation — travelers just wave their prepaid cards over a reader at the turnstile or entry, and they’re on their way.

MIFARE Classic, the original version of the technology, is now used for public transport schemes in more than 650 cities in more than 50 countries. Many of these installations are starting to migrate to solutions that offers higher levels of performance, flexibility, and security. For many of these systems, MIFARE Plus is a significant security upgrade, and for others, MIFARE DESFire EV1 is a way to increase security while opening up opportunities for multi-applications use.

MIFARE Plus
MIFARE Plus brings benchmark security to mainstream contactless smart card applications. It is the only mainstream IC compatible with MIFARE Classic and offers a direct upgrade path for existing infrastructure and services. MIFARE Plus supports the pre-issuance of new cards and coexists with current and new cards. After upgrading the system infrastructure, service operators can switch MIFARE Plus-based cards in the field to a higher security level using AES encryption without needing to revoke or re-issue the cards.

The Los Angeles County Metropolitan Transportation Authority (LA Metro), which attracts approximately 480 million boardings each year, is one of the first public transport systems to migrate their MIFARE Classic system to MIFARE Plus.

MIFARE DESFire EV1
MIFARE DESFire EV1 is an ideal solution for developers and providers wanting to combine and support multiple applications on one smart card. It fully complies with the requirements for fast and secure data transmission, flexible memory organization, and interoperability with existing infrastructure. It delivers the perfect balance of speed, performance, and cost efficiency. Its open concept allows future seamless integration of other media, such as smart paper tickets, key fobs, and mobile ticketing based on NFC. It is also fully compatible with the existing MIFARE reader hardware platform.

Smart Card & Identity
There have been lots of discussions over the security of the Mifare card particularly because of the extended business applications such as an ePurse being proposed for this platform. Expressions such as low security are thrown around in a way that could confuse or even misrepresent the platform. In any scheme it is the overall security that matters not the individual components. It is also fundamental to ensure that the components are used in the right way, in most high visibility failures it has been a protocol or procedure failure that has resulted in the end disaster. However memory cards such as Mifare do have restricted security functionality and when the cryptographic security relies on keeping the algorithm secret that is an additional risk that has now exploded. It should be noted that the researchers have not published their findings in detail (and may never do so) but they have publicly demonstrated not only that it is possible with limited equipment to reverse engineer the random number generator and the algorithm but also to point out many weaknesses in the actual Crypto-1 implementation. The Mifare chip technology is based on a simple contactless memory device with discrete logic to provide some security functionality across the air gap with the reader (i.e. at the radio frequency level). This technology is proprietary to Philips Semiconductors and requires their IPR to be available in both the Smart Card chip and the Mifare reader. In practice this means that both the smart card and the reader need to have a Philips (or a Mifare licensed chip, e.g. Infineon) chip embedded within them. The original Mifare 1K memory was introduced in 1994 and there are now 6 chips in the Mifare range from NXP (previously Philips Semiconductors);
• Mifare Classic (1 Kbytes of EEPROM non-volatile memory),
• Mifare 4K (4 Kbytes of EEPROM),
• Mifare DESFire (4 Kbytes of EEPROM),
• Mifare Ultralite (64 bytes of EEPROM),
• Mifare ProX (1 Kbytes or 4 Kbytes Mifare emulation in a micro controller chip. Total chip EEPROM including Mifare emulation memory is 16 Kbytes)
• Smart MX (a more advanced Mifare ProX replacement series with up to 72 Kbytes of EEPROM).
The Mifare ProX and the Smart MX are micro controller based chips and provide the Mifare functionality as an emulation in the chip. These chips are used for example by the IBM JCOP30 and JCOP40 Java Cards respectively. The discussion that follows relates to the Classic 1k Mifare but the arguments would hold for most other memory cards.