mf1 s50 chip

INTEGRATED CIRCUITS Standard Card IC MF1 IC S50 Functional Specification May 2001Product Specification Revision 5.1 Philips Semiconductors Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 2 CONTENTS 1 FEATURES....................................................................................................................... 4 1.1 MIFAREâ RF Interface (ISO/IEC 14443 A) .......................................................................... 4 1.2 EEPROM .......................................................................................................................... 4 1.3 Security ............................................................................................................................ 4 2 GENERAL DESCRIPTION................................................................................................. 5 2.1 Contactless Energy and Data Transfer................................................................................ 5 2.2 Anticollision....................................................................................................................... 5 2.3 User Convenience............................................................................................................. 5 2.4 Security ............................................................................................................................ 5 2.5 Multi-application Functionality............................................................................................. 5 2.6 Delivery Options ................................................................................................................ 6 3 FUNCTIONAL DESCRIPTION............................................................................................ 6 3.1 Block Description............................................................................................................... 6 3.2 Communication Principle.................................................................................................... 7 3.2.1 REQUEST STANDARD / ALL ............................................................................................ 7 3.2.2 ANTICOLLISION LOOP ..................................................................................................... 7 3.2.3 SELECT CARD ................................................................................................................. 7 3.2.4 3 PASS AUTHENTICATION............................................................................................... 7 3.2.5 MEMORY OPERATIONS ................................................................................................... 8 3.3 Data Integrity..................................................................................................................... 8 3.4 Security ............................................................................................................................ 8 3.4.1 THREE PASS AUTHENTICATION SEQUENCE.................................................................. 8 3.5 RF Interface ...................................................................................................................... 8 3.6 Memory Organisation......................................................................................................... 9 3.6.1 MANUFACTURER BLOCK .............................................................................................. 10 3.6.2 DATA BLOCKS ............................................................................................................... 10 3.6.3 SECTOR TRAILER (BLOCK 3) ........................................................................................ 11 3.7 Memory Access .............................................................................................................. 12 3.7.1 ACCESS CONDITIONS ................................................................................................... 13 3.7.2 ACCESS CONDITIONS FOR THE SECTOR TRAILER...................................................... 13 3.7.3 ACCESS CONDITIONS FOR DATA BLOCKS................................................................... 15 4 DEFINITIONS ................................................................................................................. 16 Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 3 5 LIFE SUPPORT APPLICATIONS ..................................................................................... 16 6 REVISION HISTORY ....................................................................................................... 17 MIFAREâ is a registered trademark of Philips Electronics N.V. Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 4 1 FEATURES 1.1 MIFAREâ RF Interface (ISO/IEC 14443 A) · Contactless transmission of data and supply energy (no battery needed) · Operating distance: Up to 100mm (depending on antenna geometry) · Operating frequency: 13.56 MHz · Fast data transfer: 106 kbit/s · High data integrity: 16 Bit CRC, parity, bit coding, bit counting · True anticollision · Typical ticketing transaction: < 100 ms (including backup management) 1.2 EEPROM · 1 Kbyte, organized in 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 byte) · User definable access conditions for each memory block · Data retention of 10 years. · Write endurance 100.000 cycles 1.3 Security · Mutual three pass authentication (ISO/IEC DIS9798-2) · Data encryption on RF-channel with replay attack protection · Individual set of two keys per sector (per application) to support multi-application with key hierarchy · Unique serial number for each device · Transport key protects access to EEPROM on chip delivery Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 5 2 GENERAL DESCRIPTION Philips has developed the MIFARE® MF1 IC S50 to be used in contactess smart cards according to ISO/IEC 14443A. The communication layer ( MIFARE® RF Interface) complies to parts 2 and 3 of the ISO/IEC 14443A standard. The security layer sports the field-proven CRYPTO1 stream cipher for secure data exchange of the MIFARE® Classic family. 2.1 Contactless Energy and Data Transfer In the MIFARE® system, the MF1 IC S50 is connec- ted to a coil with a few turns and then embedded in plastic to form the passive contactless smart card. No battery is needed. When the card is positioned in the proximity of the Read Write Device (RWD) antenna, the high speed RF communication interface allows to transmit data with 106 kBit/s. 2.2 Anticollision An intelligent anticollision function allows to operate more than one card in the field simultaneously. The anticollision algorithm selects each card individually and ensures that the execution of a transaction with a selected card is performed correctly without data corruption resulting from other cards in the field. 2.3 User Convenience The MIFARE® system is designed for optimal user convenience. The high data transmission rate for example allows complete ticketing transactions to be handled in less than 100 ms. Thus, the MIFAREâ card user is not forced to stop at the RWD antenna leading to a high throughput at gates and reduced boarding times onto busses. The MIFARE® card may also remain in the wallet during the transaction, even if there are coins in it. 2.4 Security Special emphasis has been placed on security against fraud. Mutual challenge and response authentication, data ciphering and message authentication checks protect the system from any kind of tampering and thus make it attractive for ticketing applications. Serial numbers, which can not be altered, guarantee the uniqueness of each card. 2.5 Multi-application Functionality The MIFARE® system offers real multi-application functionality comparable to the features of a processor card. Two different keys for each sector support systems using key hierarchies. contacts La , Lb 4 turns wire coil MF1 IC S50 chip embedded into a module MIFAREâ card Energy Data MIFARE® card reader antenna Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 6 2.6 Delivery Options · Die on wafer · Bumped die on wafer · Chip Card Module 3 FUNCTIONAL DESCRIPTION 3.1 Block Description The MF1 IC S50 chip consists of the 1 Kbyte EEPROM, the RF-Interface and the Digital Control Unit. Energy and data are transferred via an antenna, which consists of a coil with a few turns directly connected to the MF1 IC S50. No further external components are necessary. (For details on antenna design please refer to the document MIFAREâ Card IC Coil Design Guide.) · RF-Interface: – Modulator/Demodulator – Rectifier – Clock Regenerator – Power On Reset – Voltage Regulator · Anticollision: Several cards in the field may be selected and operated in sequence · Authentication: Preceding any memory operation the authentication procedure ensures that access to a block is only possible via the two keys specified for each block · Control & Arithmetic Logic Unit: Values are stored in a special redundant format and can be incremented and decremented · EEPROM-Interface · Crypto unit: The field-proven CRYPTO1 stream cipher of the MIFARE® Classic family ensures a secure data exchange · EEPROM: 1 Kbyte are organized in 16 sectors with 4 blocks each. A block contains 16 bytes. The last block of each sector is called “trailer”, which contains two secret keys and programmable access conditions for each block in this sector. antenna RF-Interface Digital Control Unit EEPROM Anti- collision Authenti- cation Control & ALU EEPROM- Interface Crypto Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 7 3.2 Communication Principle The commands are initiated by the RWD and con- trolled by the Digital Control Unit of the MF1 IC S50 according to the access conditions valid for the corres-ponding sector. 3.2.1 REQUEST STANDARD / ALL After Power On Reset (POR) of a card it can answer to a request command - sent by the RWD to all cards in the antenna field - by sending the answer to request code (ATQA according to ISO/IEC 14443A). 3.2.2 ANTICOLLISION LOOP In the anticollision loop the serial number of a card is read. If there are several cards in the operating range of the RWD, they can be distinguished by their unique serial numbers and one can be selected (select card) for further transactions. The unselected cards return to the standby mode and wait for a new request command. 3.2.3 SELECT CARD With the select card command the RWD selects one individual card for authentication and memory rela- ted operations. The card returns the Answer To Se- lect(ATS) code (= 08h), which determines the type of the selected card. Please refer to the document MIFAREâ Standardised Card Type Identification Procedure for further details. 3.2.4 3 PASS AUTHENTICATION After selection of a card the RWD specifies the memory location of the following memory access and uses the corresponding key for the 3 pass authentication procedure. After a successful authen- tication all memory operations are encrypted. Request Standard Request All Anticollision Loop Get Serial Number Select Card 3 Pass Authentication sector specific Read Block Write Block Decre- ment Incre- ment Re- store Halt Transfer Identification and Selection Procedure 3 ms without collision + 1 ms for each collision Typical Transaction Time Authentication Procedure 2 ms Memory Operations 2.5 ms read block 6.0 ms write block 2.5 ms dec/increment Transaction SequencePOR Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 8 3.2.5 MEMORY OPERATIONS After authentication any of the following operations may be performed: · Read block · Write block · Decrement: Decrements the contents of a block and stores the result in a temporary internal data-register · Increment: Increments the contents of a block and stores the result in the data-register · Restore: Moves the contents of a block into the data-register · Transfer: Writes the contents of the temporary internal data-register to a value block 3.3 Data Integrity Following mechanisms are implemented in the contactless communication link between RWD and card to ensure very reliable data transmission: · 16 bits CRC per block · Parity bits for each byte · Bit count checking · Bit coding to distinguish between "1", "0", and no information · Channel monitoring (protocol sequence and bit stream analysis) 3.4 Security To provide a very high security level a three pass authentication according to ISO 9798-2 is used. 3.4.1 THREE PASS AUTHENTICATION SEQUENCE a) The RWD specifies the sector to be accessed and chooses key A or B. b) The card reads the secret key and the access conditions from the sector trailer. Then the card sends a random number as the challenge to the RWD (pass one). c) The RWD calculates the response using the secret key and additional input. The response, together with a random challenge from the RWD, is then transmitted to the card (pass two). d) The card verifies the response of the RWD by comparing it with its own challenge and then it calculates the response to the challenge and transmits it (pass three). e) The RWD verifies the response of the card by comparing it to its own challenge. After transmission of the first random challenge the communication between card and RWD is encrypted. 3.5 RF Interface The RF-interface is according to the standard for contactless smart cards ISO/IEC 14443A. The carrier field from the RWD is always present (with short pauses when transmitting), because it is used for the power supply of the card. For both directions of data communication there is only one start bit at the beginning of each frame. Each byte is transmitted with a parity bit (odd parity) at the end. The LSB of the byte with the lowest address of the selected block is transmitted first. The maximum frame length is 163 bits (16 data bytes + 2 CRC bytes = 16 * 9 + 2 * 9 + 1 start bit). Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 9 3.6 Memory Organisation The 1024 x 8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. In the erased state the EEPROM cells are read as a logical “0”, in the written state as a logical “1”. 0 Data 1 Data 2 Data Sector Block 1 Byte Number within a Block Description3 5 7 9 11 13 15 3 Sector Trailer 15 0 Data 2 Data 1 Data 14 3 Sector Trailer 14 0 Data 2 Data 1 Data 0 3 Sector Trailer 0 2 Data 1 Data 0 2 4 6 8 10 12 14 15 Key A Access Bits Key B Key A Access Bits Key B : : : : : : 1 3 Sector Trailer 1Key A Access Bits Key B 0 Manufacturer Block Key A Access Bits Key B Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 10 3.6.1 MANUFACTURER BLOCK This is the first data block (block 0) of the first sector (sector 0). It contains the IC manufacturer data. Due to security and system requirements this block is 3.6.2 DATA BLOCKS All sectors contain 3 blocks of 16 bytes for storing data (Sector 0 contains only two data blocks and the read-only manufacturer block). The data blocks can be configured by the access bits as · read/write blocks for e.g. contactless access control or · value blocks for e.g. electronic purse applica- tions, where additional commands like increment and decrement for direct control of the stored value are provided. An authentication command has to be carried out before any memory operation in order to allow further commands. 3.6.2.1 Value Blocks The value blocks allow to perform electronic purse functions (valid commands: read, write, increment, write protected after having been programmed by the IC manufacturer at production. decrement, restore, transfer). The value blocks have a fixed data format which permits error detection and correction and a backup management. A value block can only be generated through a write operation in the value block format: · Value: Signifies a signed 4-byte value. The lowest significant byte of a value is stored in the lowest address byte. Negative values are stored in standard 2´s complement format. For reasons of data integrity and security, a value is stored three times, twice non-inverted and once inverted. · Adr: Signifies a 1-byte address, which can be used to save the storage address of a block, when implementing a powerful backup manage- ment. The address byte is stored four times, twice inverted and non-inverted. During incre- ment, decrement, restore and transfer operations the address remains unchanged. It can only be altered via a write command. Byte Number 1514131211109876543210 Description AdrValue Value Value Adr Adr Adr Byte 1514131211109876543210 Serial Number Check Byte Manufacturer Data 0xxxxxxx LSBMSB Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 11 3.6.3 SECTOR TRAILER (BLOCK 3) Each sector has a sector trailer containing the · secret keys A and B(optional), which return logi- cal “0”s when read and · the access conditions for the four blocks of that sector, which are stored in bytes 6...9. The access bits also specify the type (read/write or value) of the data blocks. If key B is not needed, the last 6 bytes of block 3 can be used as data bytes. Byte 9 of the sector trailer is available for user data. For this byte apply the same access rights as for byte 6, 7 and 8. Byte Number 1514131211109876543210 Description Key A Access Bits Key B (optional) Philips Semiconductors Product Specification Rev. 5.1 Mai 2001 Functional Specification Standard Card IC MF1 IC S50 12 3.7 Memory Access Before any memory operation can be carried out, the card has to be selected and authenticated as described previously. The possible memory operations for an addressed block depend on the