MIFARE Ultralight AES: Enhanced Security for Limited-Use Contactless Applications
2023-10-31 View:
MIFARE Ultralight AES is a smart IC serving the requirements of limited use applications for contactless tickets and RFID key cards managed by one single entity. MIFARE Ultralight AES is offering a powerful mix between performance, security, privacy and flexibility. It addresses the needs of limited use applications such as public transport, hospitality, access, event ticketing and loyalty applications, by expanding the MIFARE Ultralight ticketing IC portfolio and adds Advanced Encryption Standards (AES) into it.
MIFARE Ultralight AES comes with AES-128 cryptography and enables product protection mechanisms in terms of product authenticity and integrity. Its enhanced feature and command set enables efficient
implementations and offers flexibility in system designs and is a perfect contactless ticketing expansion to the smart card contactless IC families such as MIFARE DESFire or MIFARE Plus. Based on these parameters the MIFARE Ultralight AES is a trusted platform targeting the secure authentication of people with an intuitive convenient user experience.
MIFARE Ultralight AES is fully compliant with the contactless proximity smart card protocol according to ISO/ IEC 14443-3 making it compatible with the majority of existing contactless infrastructure devices. Its contactless performance supports advanced user convenience and reading distances up to 10 cm (depending on various parameters as e.g. field strength and antenna geometry).
MIFARE Ultralight AES has a 4 byte per one page memory structure with a total user memory of 144-byte. To protect sensitive data against unauthorized access, MIFARE Ultralight AES offers a 3-pass mutual authentication based on AES with a 128-bit key. For data integrity protection an optional CMAC calculation for commands and response can be enabled, following NIST Special Publication 800-38B. Besides the data protection MIFARE Ultralight AES serves the option to protect one out of the three independent 24-bit one-way counters by an AES authentication. To prevent undefined counters values due to tear-off in the field or originating from interrupted programming cycles an advanced anti-tearing support is implemented.
MIFARE Ultralight AES is also ready to support contactless applications addressing privacy sensitive use-cases. With its optional support of Random ID, it enables compliance with latest user data protection
regulations.
MIFARE Ultralight AES enables check of the manufacturing origin of a ticket by verification of an asymmetric signature retrieved from the IC using the UID and an ECC-based originality signature. The default NXP signature can be overwritten with a customer-specific signature during personalization. The purpose of originality check is to identify mass penetration of none-genuine MIFARE Ultralight AES ICs into an infrastructure.
MIFARE Ultralight AES is designed to support smart ticket antenna designs with a 17 pF input capacitance as well as smaller form factors for key fobs, tags or wristbands by providing 50 pF input capacitance. This is offered by FFC deliveries and MOA8 modules to ensure high user convenience throughout different form factors.
Privacy and Ownership
- 7-byte UID with optional Random ID support for enhanced privacy
- ECC-based originality signature (pre-programmed)
- Originality check based on 128-bit originality key leveraging the AES authentication
Contactless Performance
- ISO/IEC 14443 A -2 / -3 compliant
- Operating distance of up to 10 cm
- Data transfer of 106 kbit/s
Security and privacy
- Common Criteria certification: EAL3+ (AVA_VAN.2)
- 3-pass mutual AES authentication based on a key length of 128-bit
- Configurable secure messaging communication mode
CMAC for message integrity protection according to NIST Special Publication 800-38B.
- Three independent 24-bit one-way counters with optional AES authentication protection of one counter
- Unique 7-byte IDentifier for each device
- Random ID (optional) for enhanced privacy. Compliant to ISO14443-3
- 32-bit user programmable OTP area
- Field programmable read-only locking function per page for the first 512 bit
- Read-only locking per block of 2 pages for the memory above 512 bit
- Pre-programmed ECC-based originality signature, offering the possibility for customizing and permanently locking
- AES-based originality key leveraging the AES authentication to check the NXP origin of the IC via NXP tools.
Features and benefits
- Contactless transmission of data and supply energy compliant to ISO/IEC 14443 -2/ -3 A, see [1]and [2]
- Operating frequency of 13.56 MHz
- Data transfer of 106 kbit/s
- Data integrity of 16-bit CRC, parity, bit coding, bit counting
- Anti-collision function allows to operate more than one card in the field simultaneously
- Low power consumption enabling operating distances of up to 10 cm.
- Fast start-up time for reliable and robust detection
- Support of double size (7-byte) Unique IDentifiers (UID) and optionally Random ID (RID) according to ISO/IEC 14443-3 A, [2]
- Optional CMAC calculation for data integrity protection
- 3-pass mutual authentication with AES based on a 128-bit key
- ECC-based originality signature, offering the possibility for customizing and permanently locking
- Fast read command
- 17 pF and 50 pF input capacitance to support high user convenience throughout different form factors
- Fast counter transaction
Memory
- 144 bytes freely available Read/Write user memory, organized in 36 pages with 4 bytes per page
- 4 bytes One Time Programmable (OTP) access bits
- Anti-tearing support for counters, Lock bits, OTP bits
- Field programmable read-only locking function per page for the first 16 pages
- Field programmable read-only locking function above the first 16 pages per 2 pages
- Configurable AES authentication for data access protection with optional limit of unsuccessful attempts
- Configurable data protection access rights for available user memory
- Pre-programmed ECC-based originality signature, offering the possibility for customizing and permanently locking
- Compatibility to allow NFC Type 2 Tag compliant configurations
- Data retention time of 10 years
- Write endurance of 100.000 cycles
Scalability
- Easy design-in by using the same memory structure with the predecessor MIFARE Ultralight products
- Helps to streamline integration and supports scalability within the MIFARE IC family with the use of same AES authentication commands.
The target applications of the MIFARE Ultralight AES are primarily designed for single or limited use applications such as:
- Public transport for limited use ticketing
- Hospitality RFID basic guest card
- Event ticketing
- Electronic voucher
- Loyalty tickets