MIFARE

Last updated

MIFARE Logo Mifare logo rgb.svg
MIFARE Logo

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

Contents

The brand includes proprietary solutions based on various levels of the ISO/IEC 14443 Type-A 13.56 MHz contactless smart card standard. It uses AES and DES/Triple-DES encryption standards, as well as an older proprietary encryption algorithm, Crypto-1. According to NXP, 10 billion of their smart card chips and over 150 million reader modules have been sold. [1]

The MIFARE trademark is owned by NXP Semiconductors, which was spun off from Philips Electronics in 2006. [2] [3]

Variants

MIFARE products are embedded in contactless and contact smart cards, smart paper tickets, wearables and phones. [4] [5]

The MIFARE brand name (derived from the term MIKRON FARE collection and created by the company Mikron) covers four families of contactless cards:

MIFARE Classic
Employs a proprietary protocol compliant with parts 1–3 of ISO/IEC 14443 Type A, with an NXP proprietary security protocol for authentication and ciphering.[ citation needed ]

Subtypes: MIFARE Classic EV1 (other subtypes are no longer in use).

MIFARE Plus
Drop-in replacement for MIFARE Classic with certified security level (AES-128 based) and is fully backwards compatible with MIFARE Classic.[ citation needed ]

Subtypes: MIFARE Plus S, MIFARE Plus X, MIFARE Plus SE and MIFARE Plus EV2.

MIFARE Ultralight
Low-cost ICs that are useful for high volume applications such as public transport, loyalty cards and event ticketing.

Subtypes: MIFARE Ultralight C, MIFARE Ultralight EV1, MIFARE Ultralight Nano and MIFARE Ultralight AES.

MIFARE DESFire
Contactless ICs that comply with parts 3 and 4 of ISO/IEC 14443-4 Type A with a mask-ROM operating system from NXP. The DES in the name refers to the use of a DES, two-key 3DES, three-key 3DES and AES encryption; while Fire is an acronym for Fast, innovative, reliable, and enhanced.

Subtypes: MIFARE DESFire EV1, MIFARE DESFire EV2, MIFARE DESFire EV3 and MIFARE DESFire Light.

There is also the MIFARE SAM AV2 contact smart card. This can be used to handle the encryption in communicating with the contactless cards. The SAM (Secure Access Module) provides the secure storage of cryptographic keys and cryptographic functions.

MIFARE Classic family

The MIFARE Classic IC is a basic memory storage device, where the memory is divided into segments and blocks with simple security mechanisms for access control. They are ASIC-based and have limited computational power. Due to their reliability and low cost, those cards are widely used for electronic wallets, access control, corporate ID cards, transportation or stadium ticketing. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.[ citation needed ]

MIFARE Classic encryption has been compromised; see below for details.[ citation needed ]

The MIFARE Classic with 1K memory offers 1,024 bytes of data storage, split into 16 sectors; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. MIFARE Classic with 4K memory offers 4,096 bytes split into forty sectors, of which 32 are the same size as in the 1K with eight more that are quadruple size sectors. MIFARE Classic Mini offers 320 bytes split into five sectors. For each of these IC types, 16 bytes per sector are reserved for the keys and access conditions and can not normally be used for user data. Also, the very first 16 bytes contain the serial number of the card and certain other manufacturer data and are read-only. That brings the net storage capacity of these cards down to 752 bytes for MIFARE Classic with 1K memory, 3,440 bytes for MIFARE Classic with 4K memory, and 224 bytes for MIFARE Mini.[ citation needed ]

The Samsung TecTile NFC tag stickers use MIFARE Classic chips. This means only devices with an NXP NFC controller chip can read or write these tags. At the moment BlackBerry phones, the Nokia Lumia 610 (August 2012 [6] ), the Google Nexus 4, Google Nexus 7 LTE and Nexus 10 (October 2013 [7] ) can't read/write TecTile stickers.[ citation needed ]

MIFARE Plus family

MIFARE Plus

MIFARE Plus is a replacement IC solution for the MIFARE Classic.

It is less flexible than a MIFARE DESFire EV1 contactless IC.

MIFARE Plus was publicly announced in March 2008 with first samples in Q1 2009. [8]

MIFARE Plus, when used in older transportation systems that do not yet support AES on the reader side, still leaves an open door to attacks. Though it helps to mitigate threats from attacks that broke the Crypto-1 cipher through the weak random number generator, it does not help against brute force attacks and crypto analytic attacks. [9]

During the transition period from MIFARE Classic to MIFARE Plus where only a few readers might support AES in the first place, it offers an optional AES authentication in Security Level 1 (which is in fact MIFARE Classic operation). This does not prevent the attacks mentioned above but enables a secure mutual authentication between the reader and the card to prove that the card belongs to the system and is not fake.

In its highest security level SL3, using 128-bit AES encryption, MIFARE Plus is secured from attacks.[ citation needed ]

MIFARE Plus EV1

MIFARE Plus EV1 was announced in April 2016. [10]

New features compared to MIFARE Plus X include:

Sector-wise security-level switching
The choice of crypto algorithm used in the authentication protocol can be set separately for each sector. This makes it possible to use the same card with both readers that can read MIFARE Classic products (with sectors protected by 48-bit CRYPTO1 keys, "Security Level 1") and readers that can read MIFARE Plus products (with sectors protected by 128-bit AES keys, "Security Level 3"). This feature is intended to make it easier to gradually migrate existing MIFARE Classic product-based installations to MIFARE Plus, without having to replace all readers at the same time.
ISO 7816-4 wrapping
The card can now be accessed in either the protocol for MIFARE (which is not compliant with the ISO 7816-4 APDU format), or using a new protocol variant that runs on top of ISO 7816-4. This way the cards become compatible with NFC reader APIs that can only exchange messages in ISO 7816-4 APDU format, with a maximum transfer data buffer size of 256 bytes.
Proximity check
While the protocol for MIFARE Classic tolerated message delays of several seconds, and was therefore vulnerable to relay attacks, MIFARE Plus EV1 now implements a basic "ISO compliant" distance-bounding protocol. This puts tighter timing constraints on the permitted round-trip delay during authentication, to make it harder to forward messages to far-away cards or readers via computer networks.
Secure end-2-end channel
Permits AES-protected over-the-air updates even to Crypto1 application sectors (SL1SL3 mix mode).
Transaction MAC
The card can produce an additional message-authentication code over a transaction that can be verified by a remote clearing service, independent of the keys used by the local reader during the transaction.

MIFARE Plus EV2

The MIFARE Plus EV2 was introduced to the market on 23 June 2020. [11] It comes with an enhanced read performance and transaction speed compared to MIFARE Plus EV1. [12]

New features compared to MIFARE Plus EV1 include:

Transaction Timer
To help mitigate man-in-the-middle attacks, the Transaction Timer feature, which is also available on NXP's MIFARE DESFire EV3 IC, makes it possible to set a maximum time per transaction, so it's harder for an attacker to interfere with the transaction.

MIFARE Ultralight family

MIFARE Ultralight

The MIFARE Ultralight has only 512 bits of memory (i.e. 64 bytes), without cryptographic security. The memory is provided in 16 pages of 4 bytes. Cards based on these chips are so inexpensive that they are often used for disposable tickets for events such as the 2006 FIFA World Cup. It provides only basic security features such as one-time-programmable (OTP) bits and a write-lock feature to prevent re-writing of memory pages but does not include cryptography as applied in other MIFARE product-based cards.

MIFARE Ultralight EV1

MIFARE Ultralight EV1 [13] introduced in November 2012 the next generation of paper ticketing smart card ICs for limited-use applications for ticketing schemes and additional security options. [14] It comes with several enhancements above the original MIFARE Ultralight:

  • 384 and 1024 bits user memory product variants
  • OTP, lock bits, configurable counters for improved security
  • Three independent 24-bit one-way counters to stop reloading
  • Protected data access through 32-bit password
  • NXP Semiconductors originality signature function, this is an integrated originality checker and is effective cloning protection that helps to prevent counterfeit of tickets. However, this protection is applicable only to "mass penetration of non NXP originated chips and does not prevent hardware copy or emulation of a single existing valid chip" [15]

MIFARE Ultralight C

Introduced at the Cartes industry trade show in 2008, the MIFARE Ultralight C IC is part of NXP's low-cost MIFARE product offering (disposable ticket). With Triple DES, MIFARE Ultralight C uses a widely adopted standard, enabling easy integration in existing infrastructures. The integrated Triple DES authentication provides an effective countermeasure against cloning.[ citation needed ]

Key applications for MIFARE Ultralight C are public transportation, event ticketing, loyalty and NFC Forum tag type 2.

MIFARE Ultralight AES

It was introduced in 2022.

MIFARE DESFire family

MIFARE DESFire

The MIFARE DESFire (MF3ICD40) was introduced in 2002 and is based on a core similar to SmartMX, with more hardware and software security features than MIFARE Classic. It comes pre-programmed with the general-purpose MIFARE DESFire operating system which offers a simple directory structure and files. They are sold in four variants: One with Triple-DES only and 4 KiB of storage, and three with AES (2, 4, or 8 kiB; see MIFARE DESFire EV1). The AES variants have additional security features; e.g., CMAC. MIFARE DESFire uses a protocol compliant with ISO/IEC 14443-4. [16] The contactless IC is based on an 8051 processor with 3DES/AES cryptographic accelerator, making very fast transactions possible.

The maximal read/write distance between card and reader is 10 centimetres (3.9 in), but the actual distance depends on the field power generated by the reader and its antenna size.

In 2010, NXP announced the discontinuation of the MIFARE DESFire (MF3ICD40) after it had introduced its successor MIFARE DESFire EV1 (MF3ICD41) in late 2008. In October 2011 researchers of Ruhr University Bochum [17] announced that they had broken the security of MIFARE DESFire (MF3ICD40), which was acknowledged by NXP [18] (see MIFARE DESFire security).

MIFARE DESFire EV1

First evolution of MIFARE DESFire contactless IC, broadly backwards compatible. Available with 2 KiB, 4 KiB, and 8 KiB non-volatile memory. Other features include: [19]

  • Support for random ID.
  • Support for 128-bit AES
  • Hardware and operating system are Common Criteria certified at level EAL 4+

MIFARE DESFire EV1 was publicly announced in November 2006.[ citation needed ]

MIFARE DESFire EV2

The second evolution of the MIFARE DESFire contactless IC family, broadly backwards compatible. [20] New features include:

  • MI smart App enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys
  • Transaction MAC to authenticate transactions by 3rd parties
  • Virtual Card Architecture for privacy protection
  • Proximity check against relay attacks

MIFARE DESFire EV2 was publicly announced in March 2016 at the IT-TRANS event in Karlsruhe, Germany

MIFARE DESFire EV3

The latest evolution of the MIFARE DESFire contactless IC family, broadly backward compatible. New features include:

  • ISO/IEC 14443 A 1–4 and ISO/IEC 7816-4 compliant
  • Common Criteria EAL5+ certified for IC hardware and software
  • NFC Forum Tag Type 4 compliant
  • SUN message authentication for advanced data protection within standard NDEF read operation
  • Choice of open DES/2K3DES/3K3DES/AES crypto algorithms
  • Flexible file structure: hosts as many applications as the memory size supports
  • Proof of transaction with card generated MAC
  • Transaction Timer mitigates risk of man-in-the-middle attacks

MIFARE DESFire EV3 was publicly announced on 2 June 2020. [21]

MIFARE SAM AV2

MIFARE SAMs are not contactless smart cards. They are secure access modules designed to provide the secure storage of cryptographic keys and cryptographic functions for terminals to access the MIFARE products securely and to enable secure communication between terminals and host (backend). MIFARE SAMs are available from NXP in the contact-only module (PCM 1.1) as defined in ISO/IEC 7816-2 and the HVQFN32 format.[ citation needed ]

Integrating a MIFARE SAM AV2 in a contactless smart card reader enables a design that integrates high-end cryptography features and the support of cryptographic authentication and data encryption/decryption.[ citation needed ] Like any SAM, it offers functionality to store keys securely and perform authentication and encryption of data between the contactless card and the SAM and the SAM towards the backend. Next to a classical SAM architecture, the MIFARE SAM AV2 supports the X-mode which allows a fast and convenient contactless terminal development by connecting the SAM to the microcontroller and reader IC simultaneously.[ citation needed ]

MIFARE SAM AV2 offers AV1 mode and AV2 mode where in comparison to the SAM AV1 the AV2 version includes public key infrastructure (PKI), hash functions like SHA-1, SHA-224, and SHA-256. It supports MIFARE Plus and secure host communication. Both modes provide the same communication interfaces, cryptographic algorithms (Triple-DES 112-bit and 168-bit key, MIFARE products using Crypto1, AES-128 and AES-192, RSA with up to 2048-bit keys), and X-mode functionalities.[ citation needed ] The MIFARE SAM AV3 is the third generation of NXP's Secure Access Module, and it supports MIFARE ICs as well as NXP's UCODE DNA, ICODE DNA and NTAG DNA ICs. [22]

MIFARE 2GO

A cloud-based platform that digitizes MIFARE product-based smart cards and makes them available on NFC-enabled smartphones and wearables. With this, new Smart City use cases such as mobile transit ticketing, mobile access and mobile micropayments are being enabled. [23]

Byte layout

Byte-level layout of MiFare cards. MiFare Byte Layout.png
Byte-level layout of MiFare cards.

History

The MIFARE product portfolio was originally developed by Mikron in Gratkorn, Austria. Mikron was acquired by Philips in 1995. [24] Mikron sourced silicon from Atmel in the US, Philips in the Netherlands, and Siemens in Germany.[ citation needed ]

Infineon Technologies (then Siemens) licensed MIFARE Classic from Mikron in 1994 [25] and developed both stand alone and integrated designs with MIFARE product functions. Infineon currently produces various derivatives based on MIFARE Classic including 1K memory (SLE66R35) and various microcontrollers (8 bit (SLE66 series), 16 bit (SLE7x series), and 32 bit (SLE97 series) with MIFARE implementations, including devices for use in USIM with Near Field Communication. [26]

Motorola tried to develop MIFARE product-like chips for the wired-logic version but finally gave up. The project expected one million cards per month for start, but that fell to 100,000 per month just before they gave up the project. [27]

In 1998 Philips licensed MIFARE Classic to Hitachi [28] Hitachi licensed MIFARE products for the development of the contactless smart card solution for NTT's IC telephone card which started in 1999 and finished in 2006.[ citation needed ] In the NTT contactless IC telephone card project, three parties joined: Tokin-Tamura-Siemens, Hitachi (Philips-contract for technical support), and Denso (Motorola-only production).[ citation needed ] NTT asked for two versions of chip, i.e. wired-logic chip (like MIFARE Classic) with small memory and big memory capacity. Hitachi developed only big memory version and cut part of the memory to fit for the small memory version.

The deal with Hitachi was upgraded in 2008 by NXP (by then no longer part of Philips) to include MIFARE Plus and MIFARE DESFire to the renamed semiconductor division of Hitachi Renesas Technology. [29]

In 2010 NXP licensed MIFARE products to Gemalto. In 2011 NXP licensed Oberthur to use MIFARE products on SIM cards. In 2012 NXP signed an agreement with Giesecke & Devrient to integrate MIFARE product-based applications on their secure SIM products. These licensees are developing Near Field Communication products [30] [31]

Security

MIFARE Classic

The encryption used by the MIFARE Classic IC uses a 48-bit key. [32]

A presentation by Henryk Plötz and Karsten Nohl [33] at the Chaos Communication Congress in December 2007 described a partial reverse-engineering of the algorithm used in the MIFARE Classic chip. Abstract and slides [34] are available online. A paper that describes the process of reverse engineering this chip was published at the August 2008 USENIX security conference. [35]

In March 2008 the Digital Security [36] research group of the Radboud University Nijmegen made public that they performed a complete reverse-engineering and were able to clone and manipulate the contents of an OV-Chipkaart which is using MIFARE Classic chip. [37] For demonstration they used the Proxmark3 device, a 125 kHz / 13.56 MHz research instrument. [38] The schematics and software are released under the free GNU General Public License by Jonathan Westhues in 2007. They demonstrate it is even possible to perform card-only attacks using just an ordinary stock-commercial NFC reader in combination with the libnfc library.

The Radboud University published four scientific papers concerning the security of the MIFARE Classic:

In response to these attacks, the Dutch Minister of the Interior and Kingdom Relations stated that they would investigate whether the introduction of the Dutch Rijkspas could be brought forward from Q4 of 2008. [43]

NXP tried to stop the publication of the second article by requesting a preliminary injunction. However, the injunction was denied, with the court noting that, "It should be considered that the publication of scientific studies carries a lot of weight in a democratic society, as does inform society about serious issues in the chip because it allows for mitigating of the risks." [44] [45]

Both independent research results are confirmed by the manufacturer NXP. [46] These attacks on the cards didn't stop the further introduction of the card as the only accepted card for all Dutch public transport the OV-chipkaart continued as nothing happened [47] but in October 2011 the company TLS, responsible for the OV-Chipkaart announced that the new version of the card will be better protected against fraud. [48]

The MIFARE Classic encryption Crypto-1 can be broken in about 200 seconds on a laptop from 2008, [49] if approx. 50 bits of known (or chosen) keystream are available. This attack reveals the key from sniffed transactions under certain (common) circumstances and/or allows an attacker to learn the key by challenging the reader device.

The attack proposed in [50] recovers the secret key in about 40 ms on a laptop. This attack requires just one (partial) authentication attempt with a legitimate reader.

Additionally, there are a number of attacks that work directly on a card and without the help of a valid reader device. [51] These attacks have been acknowledged by NXP. [52] In April 2009 new and better card-only attack on MIFARE Classic has been found. It was first announced at the rump session of Eurocrypt 2009. [53] This attack was presented at SECRYPT 2009. [54] The full description of this latest and fastest attack to date can also be found in the IACR preprint archive. [55] The new attack improves by a factor of more than 10 all previous card-only attacks on MIFARE Classic, has instant running time, and does not require a costly precomputation. The new attack allows recovering the secret key of any sector of the MIFARE Classic card via wireless interaction, within about 300 queries to the card. It can then be combined with the nested authentication attack in the Nijmegen Oakland paper to recover subsequent keys almost instantly. Both attacks combined and with the right hardware equipment such as Proxmark3, one should be able to clone any MIFARE Classic card in 10 seconds or less. This is much faster than previously thought.

In an attempt to counter these card-only attacks, new "hardened" cards have been released in and around 2011, such as the MIFARE Classic EV1. [56] These variants are insusceptible for all card-only attacks publicly known until then, while remaining backward compatible with the original MIFARE Classic. In 2015, a new card-only attack was discovered that is also able to recover the secret keys from such hardened variants. [57] Since the discovery of this attack, NXP is officially recommending to migrate from MIFARE Classic product-based systems to higher security products. [58]

MIFARE DESFire

In November 2010, security researchers from the Ruhr University released a paper detailing a side-channel attack against MIFARE product-based cards. [59] The paper demonstrated that MIFARE DESFire product-based cards could be easily emulated at a cost of approximately $25 in "off the shelf" hardware. The authors asserted that this side-channel attack allowed cards to be cloned in approximately 100 ms. Furthermore, the paper's authors included hardware schematics for their original cloning device, and have since made corresponding software, firmware and improved hardware schematics publicly available on GitHub. [60]

In October 2011 David Oswald and Christof Paar of Ruhr-University in Bochum, Germany, detailed how they were able to conduct a successful "side-channel" attack against the card using equipment that can be built for nearly $3,000. Called "Breaking MIFARE DESFire MF3ICD40: Power Analysis and Templates in the Real World", [61] they stated that system integrators should be aware of the new security risks that arise from the presented attacks and can no longer rely on the mathematical security of the used 3DES cipher. Hence, to avoid, e.g. manipulation or cloning of smart cards used in payment or access control solutions, proper actions have to be taken: on the one hand, multi-level countermeasures in the back end allow to minimize the threat even if the underlying RFID platform is insecure," In a statement [62] NXP said that the attack would be difficult to replicate and that they had already planned to discontinue the product at the end of 2011. NXP also stated "Also, the impact of a successful attack depends on the end-to-end system security design of each individual infrastructure and whether diversified keys – recommended by NXP – are being used. If this is the case, a stolen or lost card can be disabled simply by the operator detecting the fraud and blacklisting the card, however, this operation assumes that the operator has those mechanisms implemented. This will make it even harder to replicate the attack with a commercial purpose."

MIFARE Ultralight

In September 2012 a security consultancy Intrepidus [63] demonstrated at the EU SecWest event in Amsterdam, [64] that MIFARE Ultralight product-based fare cards in the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free in a talk entitled "NFC For Free Rides and Rooms (on your phone)". [65] Although not a direct attack on the chip but rather the reloading of an unprotected register on the device, it allows hackers to replace value and show that the card is valid for use. This can be overcome by having a copy of the register online so that values can be analyzed and suspect cards hot-listed. NXP has responded by pointing out that they had introduced the MIFARE Ultralight C in 2008 with 3DES protection and in November 2012 introduced the MIFARE Ultralight EV1 [66] with three decrement only counters to foil such reloading attacks.

Considerations for systems integration

For systems based on contactless smartcards (e.g. public transportation), security against fraud relies on many components, of which the card is just one. Typically, to minimize costs, systems integrators will choose a relatively cheap card such as a MIFARE Classic and concentrate security efforts in the back office. Additional encryption on the card, transaction counters, and other methods known in cryptography are then employed to make cloned cards useless, or at least to enable the back office to detect a fraudulent card, and put it on a blacklist. Systems that work with online readers only (i.e., readers with a permanent link to the back office) are easier to protect than systems that have offline readers as well, for which real-time checks are not possible and blacklists cannot be updated as frequently.

Certification

Another aspect of fraud prevention and compatibility guarantee is to obtain certification called to live in 1998 ensuring the compatibility of several certified MIFARE product-based cards with multiple readers. With this certification, the main focus was placed on the contactless communication of the wireless interface, as well as to ensure proper implementation of all the commands of MIFARE product-based cards. The certification process was developed and carried out by the Austrian laboratory called Arsenal Research. Today, independent test houses such as Arsenal Testhouse, UL and LSI-TEC, perform the certification tests and provide the certified products in an online database. [67]

Places that use MIFARE products

Transportation

Card nameLocalityTypeDetails
SUBE card Argentina (Buenos Aires)MIFARE Classic 1KUsed for public transport, such as Metro, trains and buses [68]
Tarjeta Sin Contacto MOVI Argentina (Rosario) MIFARE DESFire EV1 SAM V2 [69] Means of payment for urban transport and as of 2015 payment for public bicycles and parking meters.
Adelaide Metro metroCard Australia (Adelaide) MIFARE DESFire EV1 Adelaide Metro network (Bus, Train and Tram) [70]
Baku metrocard Azerbaijan (Baku)MIFARE Classic 1K, MIFARE Plus S 1K [71] For use on the subway rides on the Baku Metro.
M-CardCanada (St. John's)MIFARE Classic 1KUsed on the Metrobus Transit system. [72]
Compass Card Canada (Metro Vancouver)MIFARE DESFire EV1 4K, MIFARE Ultralight (single use) [73] Used for public transit (TransLink). $6 refundable deposit. [74]
Tarjeta Metroval [75] Chile (Valparaíso)MIFARE Classic 1K Valparaíso Metro uses this card as a unique payment method
Tarjeta Bip! Chile (Santiago de Chile)MIFARE Classic 1K and 4K (if bank bip or university bip are used)Metro de Santiago, Transantiago [76]
In Karta Czech Republic (nationwide)MIFARE DESFire, MIFARE DESFire EV1, [77] Used for transport on trains, aimed at regular train users. Using the card enables 25% discount on fares.
Hradecká karta Czech Republic (Hradec Králové)MIFARE Classic 4KCard is issued by DPMHK a.s. (Transport company of Hradec Králové), no longer compatible with Pardubická karta. [78]
Matkakortti Finland (Helsinki)MIFARE DESFireCan be used with all forms of public transport systems within Helsinki Metropolitan Area. [79]
Metromoney Georgia (Tbilisi)MIFARE Classic 1KUsed in municipal transport (metro, bus) and while traveling by Rike-Narikala ropeway. [80]
Delhi Metro Rail Corporation India MIFARE Ultralight Used in Metro transit system and for paying fares in DTC and cluster buses. [81]
Namma Metro Smart CardIndia (Bengaluru)MIFARE DESFire EV1Can be used to travel in Namma Metro in Bengaluru [82]
TFI Leap Card Ireland (Dublin) MIFARE DESFire EV1 [83] replaces the individual Luas, Dart and Dublin Bus smartcards
AltoAdige/Südtirol PassItaly (Trentino-Alto Adige/Südtirol)MIFARE DESFire EV1Southern Tirol network (Bus, Train and Cable-cars) [84]
Tallinja Card Malta MIFARE Plus X 2KUsed by Malta Public Transport (buses); https://www.publictransport.com.mt/en/tallinja-card
AT HOP card New Zealand (Auckland)MIFARE DESFire EV1Introduced as the regional integrated ticketing card. The previous branded HOP card aka "Snapper/HOP" uses the JCOP standard and was phased out of use in Auckland in 2013. [85]
SmartTech Production Hong KongMIFARE Golden Partner [86]
TransCard Slovakia MIFARE DESFire EV1Used by almost every public transport system in Slovakia. In most cases only referred to as BČK – Bezkontaktná čipová karta (contactless smart card). Managed by Zväz autobusovej dopravy (Association of bus transport) as Slovenský dopravný pas (Slovak transport pass). [87]
Urbana Slovenia (Ljubljana)MIFARE DESFire EV1Used by buses, parking spaces, libraries, museums, the Ljubljana Castle funicular, sports institutes and cultural events. [88]
T-mobilitat Spain (Barcelona)MIFARE DESFire [89] Metro, trains and buses, with compatibility with Bicing bike rentals, car parks.
Resekortet SwedenMIFARE Classic 1K [90] Travel ticket for buses and trains.
EasyCard Taiwan MIFARE Classic, MIFARE Plus [91]
Oyster card United Kingdom (London)MIFARE DESFire EV1Migrated from MIFARE Classic to MIFARE DESFire EV1 in 2011 [92]
Transit Access Pass United States (Los Angeles, California)MIFARE Classic 1K / MIFARE Plus [93] Used as electronic ticketing for most public transport within Los Angeles County.
Hop Fastpass United States (Portland, Oregon)MIFARE DESFire EV1 256B [94]
Breeze Card United States (Atlanta Metropolitan Area, Georgia)MIFARE DESFire EV1, MIFARE Ultralight (Breeze Ticket)Used on transport in the Greater Atlanta area on systems such as MARTA, CobbLinc, Ride Gwinnett, and GRTA Xpress regional busses. [95]
Clipper Card United States (San Francisco Bay Area, California)MIFARE DESFire EV1 4KReplacing TransLink, which used a Motorola Card. [96]
Talon Card United States (Kennesaw State University)MIFARE Classic 4KUsed for door access and on campus payments
SmarTrip United States (Washington Metropolitan Area, Washington, D.C.)MIFARE Plus X 2KUsed on the Washington Metropolitan Area Transit Authority and neighbouring transit systems; accepted on systems in Baltimore, Maryland
Metrorrey México(Monterrey)MIFARE Classic 1KUsed in public transport like, metro, metrobus, and the new generation of metropolitan bus Muevo Leon
Beep (smart card) Philippines (Metro Manila)MIFARE Classic, MIFARE DESFire EV1 [97] Used on the LRT Line 1 (Metro Manila), LRT Line 2, MRT Line 3 (Metro Manila), [98] BGC Bus [99]
Freedom Card United States (Philadellphia)MIFARE DESFire EV1 4KUsed for fare collection at PATCO stations

Application references

ApplicationApplication categoryProjectNXP partnerLocalityProduct usedUsecase
Automatic fare collectionSmart mobility Moscow Metro Smart Technologies GroupMoscowMIFARE UltralightContactless smartcards for payment in the AFC System of the Moscow Metro [100]
ParkingSmart mobilityPay on Foot systemSkidataIrelandUsed for cashless vending applications for parking [101]
Mobile ticketingAccessMIFARE4MobileGemalto, Giesecke & Devrient, Oberthur Technologies, STMicroelectronicsMIFARE on SmartMXAccess to buildings through smartphone [102]
Tourist cardSmart mobilityMobilis CardAgencia Valenciana de Mobilidad (aVM)ValenciaMIFARE on SmartMXTourist card, bike rental, electric car rental, transport ticketing, taxi card, access management and payment function [103]
Tourist cardSmart mobility Oyster card LondonMIFARE Classic 1KUsed for public transport [100]
Fuel cardSmart mobility Shell PlastkartTurkeyMIFARE Classic 1KLoyalty programs at petrol stations [104]
Fuel cardSmart mobilityPetrol OfisiPlastkartTurkeyMIFARE Classic 1KLoyalty programs at petrol stations [105]
Taxi cardSmart mobilityTouch Travel CardDialog Axiata, Silverleap TechnologySri LankaMIFARE DESFire EV1Payment solution in taxis [106]
Taxi cardSmart mobilityNOLRTADubaiMuliapplication card also used for taxi payment [107]
Ferry cardSmart mobility Opal card SydneyMIFARE DESFire EV1Card for transport and ferry services [100]
Car sharingSmart mobility Car2Go DaimlerMIFARE DESFire EV1Used for car sharing [108]
Bike rentalSmart mobilityCallockBike rental [109]
Corporate accessAccess Nestlé KABAMIFARE DESFire EV1Access Security Solution [110]
Bike rentalSmart mobilityCallockBike rental [109]
Home accessAccessAirKeyEVVAMIFARE on SmartMXMobile access [109]
Home accessAccessImmobilienfirma Top-Invest sárlSaltoLuxemburgMIFARE DESFire EV1Smart lock for home access [111]
Hotel accessAccessMarriott Hotel CardKABAHotel access card [112]
Campus card AccessCampus Card University of CambridgeSaltoCambridge, UKMIFARE DESFire EV1Multiapplication campus card [113]
Campus Card AccessCampus Card University of OxfordOxford, UKMIFARE DESFire EV2 8KMultiapplication campus card [114]
Event ticketingAccessFC KölnPayment SolutionsKöln, GermanyMIFARE DESFire EV1Event ticketing application for soccer games [115]
Event ticketingAccessTicket FIFA 2014BrazilEvent ticketing for soccer WM [116]
Museum cardAccessMüze KartMapikart, TürsabIstanbul, TurkeyMIFARE Classic 1KAccess to museum [117]
Membership cardLoyaltyManchester City Football Club – Stadium Membership CardGemaltoManchesterAccess, loyalty, membership, payment function [118]
Loyalty cardLoyaltyRabbit Card – Carrot RewardsBangkok, ThailandMIFARE DESFire EV1Used for transport, shops, restaurants, identification, access control, security and Carrot Reward [119] [120]
Loyalty cardLoyaltyTrans Studio Amusement ParkBank MegaIndonesiaMIFARE DESFire EV1Trans Studio Amusement Park [121]
NFC tagsNFCNFC tagSMARTRACNFC enabled smartphones [122]
Health cardIdentificationSesam-Vitale cardFranceMIFARE on SmartMXHealth and identification card [123]
Digital signatureIdentificationVingcardAssa AbloyDigital signature used for access [124]
Micropayment MicropaymentYeldi Identiv IndiaMIFARE DESFire EV1Cashless payments via mobile phones [125]
Multiapplication cardMultiapplicationTouch travel cardDialog Axiata, Silverleap TechnologySri LankaMIFARE DESFire EV1; MIFARE SAM AV2Transport, micropayments, payment for shops or taxis, NFC mobile ticketing [106]
Multiapplication cardMultiapplicationPassolig (TFF)E-Kart, E-Kent, AktifbankTurkeyMIFARE DESFire EV1; JCOPStadium access – ticketing, micropayments, payments, transport [126]
Smart paper ticketMoscow Metropolitan CardSmart Technologies GroupMoscow, RussiaMIFARE UltralightUsed for electronic smart paper ticketing in public transport [127]

Institutions

See also

Related Research Articles

<span class="mw-page-title-main">Smart card</span> Pocket-sized card with authentication circuitry

A smart card (SC), chip card, or integrated circuit card, is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

ISO/IEC 14443Identification cards – Contactless integrated circuit cards – Proximity cards is an international standard that defines proximity cards used for identification, and the transmission protocols for communicating with it.

<span class="mw-page-title-main">Near-field communication</span> Radio communication established between devices by bringing them into proximity

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection through a simple setup that can be used for the bootstrapping of capable wireless connections. Like other proximity card technologies, NFC is based on inductive coupling between two electromagnetic coils present on a NFC-enabled device such as a smartphone. NFC communicating in one or both directions uses a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band, compliant with the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s.

<span class="mw-page-title-main">Security token</span> Device used to access electronically restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

FeliCa is a contactless RFID smart card system from Sony in Japan, primarily used in electronic money cards. The name stands for Felicity Card. First utilized in the Octopus card system in Hong Kong, the technology is used in a variety of cards also in countries such as Singapore, Japan, Indonesia, Macau, the Philippines and the United States.

Java Card OpenPlatform (JCOP) is a smart card operating system for the Java Card platform developed by IBM Zürich Research Laboratory. On 31 January 2006 the development and support responsibilities transferred to the IBM Smart Card Technology team in Böblingen, Germany. Since July 2007 support and development activities for the JCOP operating system on NXP / Philips silicon are serviced by NXP Semiconductors.

<span class="mw-page-title-main">HID Global</span> American manufacturer

HID Global Corporation is an American manufacturer of secure identity products. The company is an subsidiary of Assa Abloy, a multinational door and access control conglomerate. Björn Lidefelt was appointed CEO on 27 January 2020. He succeeded Stefan Widing, who led HID Global for over four years.

A contactless smart card is a contactless credential whose dimensions are credit card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.

<span class="mw-page-title-main">Rejsekort</span> Electronic fare card used in Denmark

Rejsekort is an electronic ticket system for public transport in Denmark. The system is a collaborative work between DSB, HUR, Ørestadsselskabet, and various regional bus companies, and work on it started on August 18, 2003. In June 2005, Thales Group and Accenture were chosen as suppliers.

<span class="mw-page-title-main">Breeze Card</span> Public transit smart card used in Atlanta, Georgia

The Breeze Card is an American stored value smart card that passengers use as part of an automated fare collection system which the Metropolitan Atlanta Rapid Transit Authority (MARTA) introduced to the general public in early October 2006. The card automatically debits the cost of the passenger’s ride when placed on or near the Breeze Target at the fare gate. Transit riders are able to add value or time-based passes to the card at Breeze Vending Machines (BVM) located at all MARTA stations. The major phases of MARTA's Breeze transformation took place before July 1, 2007 when customers were still able to purchase TransCards from ridestores or their employers. They were also able to obtain paper transfers from bus drivers to access the train. As of July 1, 2007 the TransCard and the paper transfers were discontinued and patrons now use a Breeze Card or ticket to access the system, and all transfers are loaded on the card. Breeze Vending Machines (BVM) distribute regional transit provider passes The Breeze Card employs passive RFID technology currently in use in many transit systems around the world.

<span class="mw-page-title-main">Contactless payment</span> Technology enabling payment without physical contact

Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near-field communication (NFC) for making secure payments. The embedded integrated circuit chip and antenna enable consumers to wave their card, fob, or handheld device over a reader at the point-of-sale terminal. Contactless payments are made in close physical proximity, unlike other types of mobile payments which use broad-area cellular or Wi-Fi networks and do not involve close physical proximity.

Calypso is an international electronic ticketing standard for microprocessor contactless smart cards, originally designed by a group of transit operators from 11 countries including Belgium, Canada, France, Germany, Italy, Latvia, México, Portugal and others. It ensures multi-sources of compatible products, and allows for interoperability between several transport operators in the same area.

<span class="mw-page-title-main">Crypto-1</span> Stream cipher

Crypto1 is a proprietary encryption algorithm and authentication protocol created by NXP Semiconductors for its MIFARE Classic RFID contactless smart cards launched in 1994. Such cards have been used in many notable systems, including Oyster card, CharlieCard and OV-chipkaart.

Massachusetts Bay Transportation Authority v. Anderson, et al., Civil Action No. 08-11364, was a challenge brought by the Massachusetts Bay Transportation Authority (MBTA) to prevent three Massachusetts Institute of Technology (MIT) students from publicly presenting a security vulnerability they discovered in the MBTA's CharlieCard automated fare collection system. The case concerns the extent to which the disclosure of a computer security flaw is a form of free speech protected by the First Amendment to the United States Constitution.

MIFARE4Mobile is a technical specification published by NXP Semiconductors in December 2008 to manage MIFARE-based applications in mobile devices. The specification provides mobile network operators and service providers with a single, interoperable programming interface, easing the use of the contactless MIFARE technology in future mobile Near Field Communication (NFC) devices.

Urbana is a travel card used on public transport services in Ljubljana, the capital of Slovenia. It is a credit-card sized plastic card on which the customer electronically loads money and/or passes. It was introduced to enhance the technology of the public transportation system and eliminate the burden of carrying and collecting tokens or cash.

<span class="mw-page-title-main">TFI Leap Card</span> Irish rapid transit payment card

The TFI Leap Card is a contactless smart card for automated fare collection overseen by Transport for Ireland (TFI). It was introduced in the Greater Dublin area in 2011 for Luas, DART, Iarnród Éireann and Dublin Bus, but acceptance has significantly expanded, and it is now accepted in cities nationwide and on some longer distance commuter routes. Initially, Leap Cards offered only a pre-paid electronic wallet system for single-trip fares; since May 2014, it has also been possible to load it with weekly, monthly and annual subscriptions. In September 2017, there were over 2.5 million Leap Card users according to the National Transport Authority. The Leap Card is the result of many years' work by the Railway Procurement Agency and the National Transport Authority as part of the rollout of an integrated ticketing scheme for public transport in Dublin city. Fares are generally discounted compared to cash prices, and integrated ticketing is offered in the Dublin area via a flat fare system across all modes of transport. The minimum top-up for the card is currently €5, and it can be topped up via iPhone/Android App, at LUAS or DART ticketing machines, and in convenience stores offering Payzone services.

<span class="mw-page-title-main">Hop Fastpass</span> Public transit smart card used in Portland, Oregon and Vancouver, Washington

Hop Fastpass is a contactless smart card for public transit fare payment on most transit modes in the Portland, Oregon, metropolitan area including MAX Light Rail, WES commuter rail, Portland Streetcar, The Vine, and all TriMet and C-TRAN buses. An initial release to the general public began on July 5, 2017, with the official launch on July 17. The program is managed by TriMet.

<span class="mw-page-title-main">Proxmark3</span>

Proxmark3 is a multi-purpose hardware tool for radio-frequency identification (RFID) security analysis, research and development. It supports both high frequency and low frequency proximity cards and allows users to read, emulate, fuzz, and brute force the majority of RFID protocols.

On Track Innovations Ltd. (OTI), founded in 1990, is a global company that focuses on creating contactless payment solutions. OTI does this through the use of NFC technologies.

References

  1. MIFARE (1 December 2009). "The success of MIFARE". Mifare.net.
  2. "MIFARE Trademark of NXP B.V. - Registration Number 4661504 - Serial Number 79142259 :: Justia Trademarks". trademarks.justia.com. Retrieved 16 December 2023.
  3. "Philips Semiconductors to become NXP". EE Times. 31 August 2006.
  4. "NXP and RioCard Launch New MIFARE® Wearable for Multimodal Transport in Rio | MIFARE". MIFARE | The leading brand of contactless IC products. 18 August 2016. Retrieved 22 September 2023.
  5. "NXP Advances Security for Contactless Single Use Applications with MIFARE Ultralight AES". nxp.com. Retrieved 22 September 2023.
  6. "nfc tags". Nfc-phones.org. Archived from the original on 5 August 2012. Retrieved 5 August 2012.
  7. "nfc tags". Nfcbrief.com. Archived from the original on 21 August 2013. Retrieved 11 August 2013.
  8. "NXP introduces new security and performance benchmark with MIFARE Plus" (Press release). NXP. 1 March 2008.
  9. "BlackHat '08 : MIFARE – Little Security, despite Obscurity" (PDF). Blackhat.com. Retrieved 9 February 2016.
  10. NXP MIFARE Plus EV1 (PDF), NXP
  11. NXP MIFARE Plus EV2, NXP, 23 June 2020
  12. NXP MIFARE Plus EV2, NXP
  13. [ dead link ]
  14. Shirriff, Ken (June 2024). "Inside the tiny chip that powers Montreal subway tickets".
  15. "AN11340 : MIFARE Ultralight and MIFARE Ultralight EV1 Features and Hints" (PDF). Nxp.com. 1 March 2013. Archived from the original (PDF) on 3 March 2016. Retrieved 9 February 2016.
  16. Some ISO/IEC 7816-4 commands are used by MIFARE DESFire EV1, including a proprietary method to wrap native MIFARE DESFire commands into an ISO/IEC 7816 APDU.
  17. "German Researchers Crack Mifare RFID Encryption". Slashdot . 10 October 2011. Retrieved 9 February 2016.
  18. "Security of MF3ICD40". Mifare.net. Archived from the original on 21 February 2013. Retrieved 9 February 2016.
  19. "Gemalto's web site has moved (May 2020)". thalesgroup.com.
  20. "Mifare". Mifare. 2 June 2014. Retrieved 9 February 2016.
  21. 1 2 "NXP Introduces MIFARE DESFire EV3 IC, Ushers in New Era of Security and Connectivity for Contactless Smart City Services | NXP Semiconductors – Newsroom". media.nxp.com. Retrieved 3 June 2020.
  22. NXP MIFARE SAM AV3, NXP
  23. NXP MIFARE 2GO, NXP
  24. "Philips Semiconductors Acquires Mikron". Telecompaper.com. 2 June 1995. Retrieved 17 February 2017.
  25. "Siemens And Mikron Agree Licensing Deal". Telecompaper.com. 7 April 1994. Retrieved 9 February 2016.
  26. "Infineon Adds Security and Convenience to SIM Cards for NFC Applications – Infineon Technologies". Infineon.com. 1 November 2007. Retrieved 9 February 2016.
  27. "Motorola sets smart card targets – CNET". News.cnet.com. 1 October 1997. Retrieved 9 February 2016.
  28. "Smart Card News" (PDF). Smartcard.co.uk. 1 February 1998. Archived from the original (PDF) on 2 November 2013. Retrieved 9 February 2016.
  29. "NXP Semiconductors :: Media Center". Nxp.com. Retrieved 9 February 2016.
  30. "Gemalto's web site has moved (May 2020)" (PDF). thalesgroup.com. Archived from the original on 6 December 2010.
  31. "NXP Semiconductors :: Media Center". Nxp.com. Retrieved 9 February 2016.
  32. "MIFARE Classic 1K specification". 2 February 2009.[ permanent dead link ]
  33. Karsten Nohl. "Karsten Nohl, PhD: University of Virginia, C.S. Dept". Cs.virginia.edu. Archived from the original on 4 February 2020. Retrieved 9 February 2016.
  34. Nohl, Karsten; Henryk Plötz (10 January 2008). "Mifare: Little Security, Despite Obscurity". Chaos Communication Congress.
  35. Nohl, Karsten; David Evans (1 August 2008). "Reverse-Engineering a Cryptographic RFID Tag". Proceedings of the 17th USENIX Security Symposium.
  36. "Digital security – Digital Security". Ru.nl. 8 July 2015. Retrieved 9 February 2016.
  37. Digital Security Group (1 March 2008). "Security Flaw in Mifare Classic" (PDF). Radboud University Nijmegen. Archived from the original (PDF) on 13 May 2021. Retrieved 19 July 2020.
  38. "Proxmark" . Retrieved 25 January 2011.
  39. "A Practical Attack on the MIFARE Classic" (PDF). RU.nl. Archived from the original (PDF) on 22 April 2022. Retrieved 6 July 2017.
  40. "Dismantling MIFARE Classic" (PDF). RU.nl. Archived from the original (PDF) on 8 August 2017. Retrieved 6 July 2017.
  41. "Wirelessly Pickpocketing a MIFARE Classic Card" (PDF). RU.nl. Archived from the original (PDF) on 2 January 2022. Retrieved 6 July 2017.
  42. "Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards" (PDF). RU.nl. Retrieved 25 September 2017.
  43. "Dutch Page". Archived from the original on 2 November 2013. Retrieved 24 March 2012.
  44. Arnhem Court Judge Services (18 July 2008). "Pronunciation, Primary Claim". Rechtbank Arnhem. Archived from the original on 15 February 2012. Retrieved 13 January 2009.
  45. "Judge denies NXP's injunction against security researchers". The Standard. 1 July 2008. Archived from the original on 5 January 2009. Retrieved 13 February 2010.
  46. "mifare.net :: Security" . Retrieved 25 January 2011.
  47. Archived 8 June 2012 at the Wayback Machine
  48. "Nieuwe OV-chip gaat fraude tegen – Webwereld". Webwereld.nl. Retrieved 9 February 2016.
  49. Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil (1 April 2008). "Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards". Cryptology ePrint Archive.
  50. Garcia, Flavio D.; de Koning Gans, Gerhard; Muijrers, Ruben; van Rossum, Peter; Verdult, Roel; Schreur, Ronny Wichers; Jacobs, Bart (4 October 2008). "Dismantling MIFARE Classic" (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. Archived from the original (PDF) on 23 February 2021. Retrieved 19 July 2020.
  51. Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (1 March 2009). "Wirelessly Pickpocketing a Mifare Classic Card" (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. Archived from the original (PDF) on 2 January 2022. Retrieved 19 July 2020.
  52. [ dead link ]
  53. Courtois, Nicolas T. (2 April 2009). "Conditional Multiple Differential Attack on MIFARE Classic" (PDF). Slides presented at the rump session of Eurocrypt 2009 conference.
  54. Courtois, Nicolas T. (7 July 2009). "The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime". In SECRYPT 2009 – International Conference on Security and Cryptography, to appear.
  55. Courtois, Nicolas T. (4 May 2009). "The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime". IACR Cryptology Preprint Archive.
  56. "MIFARE Classic EV1" (PDF). Retrieved 25 September 2017.
  57. Carlo Meijer; Roel Verdult (1 October 2015). "Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards" (PDF). 22nd ACM Conference on Computer and Communications Security (CCS 2015), ACM.
  58. "Security Statement on Crypto1 Implementations". 12 October 2015. Retrieved 25 September 2017.
  59. Timo Kasper; Ingo von Maurich; David Oswald; Christof Paar. "Cloning Cryptographic RFID Cards for 25$ ?" (PDF). Proxmark.org. Retrieved 9 February 2016.
  60. "emsec/ChameleonMini: The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC, ISO 14443 and ISO 15693. It has been designed and maintained by the Chair for Embedded Security of the Ruhr-University in Bochum. The freely programmable platform can be used to emulate and virtualize cards (perfect clones including the UID), for practical penetration tests in RFID environments, or serve as a passively operated NFC device, e.g., as an NFC door lock". GitHub. Retrieved 9 February 2016.
  61. "Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World" (PDF). Iacr.org. Retrieved 9 February 2016.
  62. "Login | MIFARE". mifare.net. Archived from the original on 21 February 2013. Retrieved 22 January 2022.
  63. "Site not found · DreamHost". intrepidusgroup.com. Archived from the original on 6 December 2012.
  64. "EUSecWest Applied Security Conference: Amsterdam, NL". Eusecwest.com. Archived from the original on 5 March 2016. Retrieved 9 February 2016.
  65. "NFC subway hack". 2 September 2012. Retrieved 9 February 2016 via YouTube.
  66. "mifare.net :: MIFARE Ultralight EV1". MIFARE.net. 21 February 2013. Archived from the original on 21 February 2013. Retrieved 6 July 2017.
  67. "Certified Mifare Products – Arsenal Testhouse". Arsenal-Testhouse.com. Retrieved 6 July 2017.
  68. "SUBE". Sube.gob.ar. Retrieved 9 February 2016.
  69. "Adquisición de un Sistema de Bicicletas Públicas para Rosario" (PDF). Proyecto de Transporte Sostenible y Calidad del Aire – Secretaría de Transporte del Ministerio del Interior y Transporte a través de la Unidad Ejecutora de Proyecto (UEP). 2013. Archived from the original (PDF) on 2 November 2013.
  70. Archived 4 July 2012 at the Wayback Machine
  71. LOT ltd. "Integrator's web site (subway solutions)". Lotgate.com. Retrieved 9 February 2016.
  72. "Metrobus". metrobus.com. Archived from the original on 6 March 2012.
  73. "NXP Semiconductors :: Media Center". NXP.com. Retrieved 9 February 2016.
  74. "TransLink : If you like FareSavers, you'll love Compass Card". TransLink.ca. Retrieved 9 February 2016.
  75. "Metro Valparaiso Medios de pago". Metro-Valparaiso.cl. 2 June 2014. Archived from the original on 2 November 2013. Retrieved 9 February 2016.
  76. "Tarjeta bip!". TarjetaBip.cl. Retrieved 9 February 2016.
  77. "České dráhy, a.s. | Úvodní stránka". Cd.cz. Retrieved 9 February 2016.
  78. "Používání Městské karty v Pardubicích | Dopravní podnik města Hradce Králové". dpmhk.cz. Retrieved 13 July 2020.
  79. Archived 29 December 2011 at the Wayback Machine
  80. "Metromoney card – Tbilisi Transport Company". Ttc.com.ge. 3 June 2012. Retrieved 9 February 2016.
  81. "Now, Delhi Metro card valid for travel in DTC buses". dna. 2 August 2018. Retrieved 28 December 2018.
  82. "Bengaluru Metro System Adopts NXP's MIFARE Technology | MIFARE". mifare.net. 22 January 2012.
  83. "Triple RFID cardscan". Docs.Google.com. 1 September 2012. Retrieved 9 February 2016.
  84. "Südtirol Mobil | Mobilità Alto Adige". Sii.bz.it (in Italian). Retrieved 9 February 2016.
  85. Archived 21 February 2014 at the Wayback Machine
  86. SmartTech Production. "Card Manufacturer – NXP Mifare Golden Partner".
  87. "Slovenský dopravný pas". dopravnypas.sk. Retrieved 29 March 2022.
  88. Archived 28 June 2012 at the Wayback Machine
  89. MIFARE (4 March 2015). "NXP´s MIFARE DESFire drives smart mobility in Barcelona". Mifare.net. Retrieved 12 April 2018.
  90. Resekortet i Sverige AB. "RKF-specifikationen – Svensk Kollektivtrafik". Sevenskkollektivtrafik.se. Archived from the original on 29 May 2015. Retrieved 9 February 2016.
  91. "Contactless Smartcard Technology Needs More Security" (PDF). Iis.sinica.edu.tw. Archived from the original (PDF) on 24 September 2015. Retrieved 9 February 2016.
  92. Dan Balaban. "Transport for London to Discard Mifare Classic | NFC Times – Near Field Communication and all contactless technology". NFCtimes.com. Retrieved 9 February 2016.
  93. "L.A. Metro Taps NXP's MIFARE Plus for Contactless TAP Ticketing". EE Times. Retrieved 9 February 2016.
  94. "NXP helps the Portland-Vancouver Metro region move intelligence to the cloud with the new Hop Fastpass™ Transit Card used on Buses, the Light Rail and Streetcars" (Press release). MIFARE. 9 October 2017. Retrieved 16 June 2018.
  95. "Page Redirection". breezecard.com. Retrieved 11 April 2024.
  96. "Page Redirection". Clippercard.com. Retrieved 9 February 2016.
  97. "Faq's – beep™". 9 January 2024. Archived from the original on 9 January 2024. Retrieved 9 January 2024.
  98. "Beep cards can now be used on MRT 3, LRT 1, 2 | Inquirer News". 7 October 2015. Archived from the original on 7 October 2015. Retrieved 9 January 2024.
  99. "Tap-and-go beep cards now accepted on BGC buses". 14 July 2022. Archived from the original on 14 July 2022. Retrieved 9 January 2024.
  100. 1 2 3 "SMART TECHNOLOGIES GROUP – Moscow Metro, AFC, contactless smart cards". Smartek.ru. Retrieved 9 February 2016.
  101. "Cork University Hospital". Apsparking.com. Archived from the original on 3 March 2016. Retrieved 9 February 2016.
  102. "NXP Enables Mobile Ticketing for Smart Mobile Devices". Nxp-rfid.com. Retrieved 9 February 2016.
  103. "The secret of Valencia's cutting edge contactless ticketing system". Avmm.es. Archived from the original on 23 September 2015. Retrieved 9 February 2016.
  104. "Petrol Loyalty Card – Fuel Rewards – Shell Drivers' Club UK". Shellsmart.com. Retrieved 9 February 2016.
  105. "Positive Card". PositiveCard.com.tr. Retrieved 9 February 2016.
  106. 1 2 "Orik : News and Press releases". Orik.lk. Archived from the original on 27 May 2014. Retrieved 9 February 2016.
  107. "Dubai, ASK renews agreement for city's multimodal ticketing system". SecureIDNews. Retrieved 9 February 2016.
  108. "Car2Go | NFC Development & Consulting". Nfc.cc. Archived from the original on 24 July 2014. Retrieved 9 February 2016.
  109. 1 2 3 Archived 28 May 2014 at the Wayback Machine
  110. "Techpro – Nestlé Completes Electronic Security Installation". Techpro.vn. 1 September 2013. Archived from the original on 4 March 2016. Retrieved 9 February 2016.
  111. "SALTO Networked Locking System - SALTO Systems stattet Premium-Appartements in Luxemburg mit elektronischem Schließsystem aus". 28 May 2014. Archived from the original on 28 May 2014.
  112. "RFID News Roundup". RFID Journal. Archived from the original on 27 May 2014. Retrieved 9 February 2016.
  113. "SALTO secures the University of Cambridge" (PDF). Godrejlocks.com. Archived from the original (PDF) on 1 September 2013. Retrieved 9 February 2016.
  114. Archived 28 May 2014 at the Wayback Machine
  115. "1. FC Köln Implements Philips Chip Technology For Contactless Ticketing". Rfidsolutionsonline.com. 1 January 2005. Retrieved 9 February 2016.
  116. "Archive – Pictures of the Future – Innovation – Home – Siemens Global Website". Siemens.com. Archived from the original on 27 May 2014. Retrieved 9 February 2016.
  117. "Müzekart". Muzekart.com. Archived from the original on 21 February 2016. Retrieved 9 February 2016.
  118. "Soccer Fans Use RFID Cards to Gain Admission and Buy Food". RFID Journal. Archived from the original on 26 March 2014. Retrieved 9 February 2016.
  119. "แครอท รีวอร์ดส". Carrotrewards.co.th. Archived from the original on 6 February 2016. Retrieved 9 February 2016.
  120. "Culture shock News: New œRabbit Card Brings e-Money System to Bangkok". Free-press-release.com. Retrieved 9 February 2016.
  121. "NXP Semiconductors :: Media Center". Nxp.com. Retrieved 9 February 2016.
  122. Archived 30 March 2014 at the Wayback Machine
  123. Archived 27 May 2014 at the Wayback Machine
  124. "VingCard Signature RFID – ASSA ABLOY Hospitality (VingCard Elsafe) – Electronic hotel locks". VingCard Elsafe. Archived from the original on 25 May 2015. Retrieved 9 February 2016.
  125. "Yeldi selects Identive and NXP for NFC cashless payment solution in India | 2012-10-15". Microwave Journal. 1 October 2012. Retrieved 9 February 2016.
  126. E-Bilet Süresini Uzat. "Spor ve Eğlence Dünyasının Anahtarı". Passolig.com.tr. Archived from the original on 20 April 2014. Retrieved 9 February 2016.
  127. "NXP Semiconductors :: Media Center". Nxp.com. Retrieved 9 February 2016.
  128. "North-West University". NWU. 2 January 2016. Retrieved 9 February 2016.
  129. "Computer Laboratory: Access and security". Cl.cam.ac.uk. Archived from the original on 3 March 2016. Retrieved 9 February 2016.
  130. "Welcome to Clare College – Clare College Cambridge". Clare.cam.ac.uk. Archived from the original on 17 March 2011. Retrieved 9 February 2016.
  131. "** UQ ID Cards are the responsibility of Property and Facilities Division". pf.uq.edu.au. Retrieved 3 June 2018.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.