Generic Access Control Data Model, MIFARE Plus, MIFARE DESFire EV1, MIFARE SAM AV2, SmartMX, a generic approach for physical access control applications.

This application note achieves a common data model that can be supported across card and reader manufacturers to provide interoperability between the card and reader on a physical access system.

Applicable Products

Contact and contactless PCD and PICC devices

Abbreviations

The following table lists abbreviations used throughout this document.

Table 1. Abbreviations

Abbreviations Meaning
APDU Application protocol data unit
ATR Answer to reset
BCD Binary Coded Decimal
ASCIIZ ASCII zero delimited string
APPMK Application Master Key
APPVK Application Validation Key
OCPSK Originality Cloning Protection System Key
PACS Physical Access Control System
IV Initial Vector?
CMAC Cipher based Message Authentication Code
RID Random IDentifier
UID Unique IDentifier
P1-P2 Parameter bytes (inserted for clarity, the dash is not significant)
PCD Proximity coupling device
PICC Proximity integrated circuit card
RFU Reserved for future use
SW1-SW2 Status bytes (inserted for clarity, the dash is not significant)
TLV Tag, Length, Value
VCD Vicinity coupling device
VICC Vicinity IC card

Card Definition

The card application shall be defined as an application that contains two objects, the card identifier object and the PACS data object.

The default application identifier shall be 0xf532f0. The last nibble can be used to signify multiple sites 0×0 through 0xf for a maximum of 16 sites. Each site shall have the ability to use different keys for that site and therefore allow for site independence.

Mifare DESFire 4K ISO14443A Cards,Mifare DESFire EV1 4K Contactless Smart Cards,NXP DESFire 4K Pre-printed Card,NXP Mifare DESFire EV1 4K Card,

Fig 1 Card Definition 

Data Model

PACS Data Object

The PACS data object contains a standard implementation for physical access control. This data object will be populated during card personalization and locked before issuance. All data fields must be present in the object but optional fields are not required to be populated. The encryption method used on the data is defined in the Card Identifier Object.

Table 2. PACS Data Object

Field Name Field Type Length (Bytes) Mandatory Optional
Version – Major Binary 1 Mandatory
Version – Minor Binary 1 Mandatory
Customer / Site Code BCD 5 Mandatory
Credential ID BCD 8 Mandatory
Reissue Code BCD 1 Optional
PIN Code BCD 4 Optional
Customer Specific Data Binary 20 Optional
Digital Signature Binary 8 Mandatory
Version – Major

Field Type – Binary data Length – 1 byte Mandatory Usage – This field is used for the major version number of the data model. This value

shall be set to 0×01.

Version – Minor

Field Type – Binary data Length – 1 byte Mandatory Usage – This field is used for the minor version number of the data model. This value

shall be set to 0×00.

Customer / Site Code

Field Type – Binary Coded Decimal Length – 5 bytes Mandatory Usage – This field contains a 10 digit numerical BCD data representation of the

customer / site code. Example – 0×0000001234 would represent a customer /site of 1234

Credential ID

Field Type – Binary Coded Decimal Length – 8 bytes Mandatory Usage – This field contains a 16 digit numerical BCD data representation of the

customer ID. Example – 0×1122334455667788 would represent a customer ID of 1122334455667788

Reissue Code

Field Type – Binary Coded Decimal Length – 1 byte Optional Usage – This optional field contains a 2 digit numerical BCD data representation of the

reissue code. Example – 0×01 would represent a reissue code of 01.

Pin Code

Field Type –Binary Coded Decimal Length – 4 bytes Optional Usage – This field contains a 8 digit numerical BCD data representation of the pin code. Example – 0×00001234 would represent a pin code of 00001234.

Customer Specific Data

Field Type – Binary Length – 20 bytes Optional

 

Usage -Customer Specific Data shall be a binary scratch pad defined by the end user. The data in this field will be customer specific.

Example – This is where a binary wiegand representation of the card information can be stored for the access control reader. The access control reader would be able to read this data and output the data without interpreting the data.

3.Digital Signature Field Type – Binary Length – 8 bytes Mandatory Usage -A cryptographic signature of all data in this object not including the digital

signature. Please see Digital Signature section of this document.