MIFARE Application Directory
The memory of a MIFARE ® transponder is divided into 16 independent segments, known as sectors. Each sector is protected against unauthorised access by two different keys (hierarchical structure). Different access rights can be allocated to each of the two keys in its own access register (configuration). Thus, 16 independent applications that are protected from each other by secret keys can be loaded onto the transponder (Figure 10.17). None of the applications can be read without the secret key, not even for checking or identification. So it is not even possible to determine what applications are stored on the transponder.

Let us now assume that the city of Munich has decided to issue a contactless City-Card, which citizens can use to avail themselves of city services, and which occupies only a small part of the available memory on the card. The remaining memory units on the card could be used by other service providers for their own applications, such as local transport tickets, car rental, filling station cards, parking passes, bonus cards for restaurants and supermarket chains, and many others. However, we cannot find out which of the many possible applications are currently available on the card, because each reader belonging to an application only has access to its own sector, for which it also has the correct key.

To get around this problem, the author, in conjunction with Philips Semiconductors Gratkorn (was Mikron), has developed an application directory for the MIFARE® smart card. Figures 10.18 and 10.19 illustrate the data structure of this directory, the MAD (MIFARE® application directory).

Blocks 1 and 2 of sector 0 are reserved for the MAD, leaving 32 bytes available for the application directory. Two bytes of each make up a pointer, ID1 to ID Fh, to one of the remaining 15 sectors. Reading the content of the pointer yields 2 bytes, the function cluster and the application code, which can be used to look the application up in an external database. Even if the application we are looking for is not registered in the available database, we can still gain an approximate classification from the function cluster, for example ‘airlines’, ‘railway services’, ‘bus services’, ‘city card services’, ‘ski ticketing’, ‘car parking’, etc.

Each application is allocated a unique identification number, made up of the function cluster code and application code. It is possible to request an identification number from the developer of MIFARE® technology, Philips Semiconductors Gratkorn (Mikron) at Graz.

If a function cluster is set at 00 h, then this is an administration code for the management of free or reserved sectors.

Sector 0 itself does not require an ID pointer, because the MAD itself is stored in sector 0. The 2 bytes that this leaves free are used to store an 8-bit CRC, which is used to check the MAD structure for errors, and an info byte. A note can be recorded in the lowest 4 bits of the info byte, giving the sector ID of the card publisher. In our example, this would be the sector ID of one of the sectors in which the data belonging to the city of Munich is stored. This allows the reader to determine the card publisher, even if more than one application is recorded on the smart card.

Another special feature is MAD’s key management system. While key A, which is required for reading the MAD, is published, key B, which is required for recording further applications, is managed by the card publisher. This means that joint use of the card by a secondary service provider is only possible after a joint use contract has been concluded and the appropriate key issued.

Dual Port EEPROM
EEPROM modules with a serial I2C (IIC ) bus interface established themselves years ago, particularly in consumer electronics. I2C bus is the abbreviation for Inter IC bus, because originally it was developed for the connection of microprocessors and other ICs on a common printed circuit board.

The I2C bus is a serial bus and requires only two bidirectional lines, SDA (serial data) and SCL (serial clock). A serial EEPROM can be read or written by the transmission of defined commands via the two lines of the I2C bus.

Some of these serial EEPROM modules now also have an RF interface and can thus be read or written either via the two SDA and SCL lines or via the contactless interface. The block diagram of such a dual port EEPROM (Atmel, 1998) is shown in Figure 10.20.

The EEPROM is accessed via two state machines (‘RF controland ‘serial control’) that are largely independent of each other. The additional arbitration logic prevents conflicts as a result of simultaneous access to the EEPROM via the RF and serial interfaces by simply blocking access to the other interface for the duration of a write or read operation.

The RF interface of the module is designed for inductive coupling in the frequency range of 125 kHz. If no supply voltage is available via the Vcc pin of the module, then the dual port EEPROM can also be supplied with power entirely via the RF interface. The integral power management simply switches off parts of the circuit that are not required in pure contactless operation. The data transfer from the serial EEPROM to a contactless reader takes place by ohmic load modulation in the baseband. Commands from a reader are transferred to the dual port EEPROM by a simple ASK modulation (modulation index m> 10%). See Figures 10.21 and 10.22 for the pin assignment and memory configuration.

The total memory space of 1 Kbyte (8 Kbit) available on the dual port EEPROM was divided into eight segments (blocks 0–7). Each of these eight blocks was subdivided into eight subsegments (pages 0–7), each of 16 bytes. An additional 16 bytes are available as an access protection page. The structure of the access protection page is shown in Figure 10.23. The access protection page permits different access rights to the eight blocks of the EEPROM to be set independently of each other for the I2C bus and the RF interface. However, read and write access to the access protection page itself is only possible via the I2C bus interface.