INTEGRATED CIRCUITS
Standard Card IC
MF1 IC S50
Functional Specification
May 2001Product Specification
Revision 5.1
Philips
Semiconductors
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
2
CONTENTS
1 FEATURES....................................................................................................................... 4
1.1 MIFAREâ RF Interface (ISO/IEC 14443 A) .......................................................................... 4
1.2 EEPROM .......................................................................................................................... 4
1.3 Security ............................................................................................................................ 4
2 GENERAL DESCRIPTION................................................................................................. 5
2.1 Contactless Energy and Data Transfer................................................................................ 5
2.2 Anticollision....................................................................................................................... 5
2.3 User Convenience............................................................................................................. 5
2.4 Security ............................................................................................................................ 5
2.5 Multi-application Functionality............................................................................................. 5
2.6 Delivery Options ................................................................................................................ 6
3 FUNCTIONAL DESCRIPTION............................................................................................ 6
3.1 Block Description............................................................................................................... 6
3.2 Communication Principle.................................................................................................... 7
3.2.1 REQUEST STANDARD / ALL ............................................................................................ 7
3.2.2 ANTICOLLISION LOOP ..................................................................................................... 7
3.2.3 SELECT CARD ................................................................................................................. 7
3.2.4 3 PASS AUTHENTICATION............................................................................................... 7
3.2.5 MEMORY OPERATIONS ................................................................................................... 8
3.3 Data Integrity..................................................................................................................... 8
3.4 Security ............................................................................................................................ 8
3.4.1 THREE PASS AUTHENTICATION SEQUENCE.................................................................. 8
3.5 RF Interface ...................................................................................................................... 8
3.6 Memory Organisation......................................................................................................... 9
3.6.1 MANUFACTURER BLOCK .............................................................................................. 10
3.6.2 DATA BLOCKS ............................................................................................................... 10
3.6.3 SECTOR TRAILER (BLOCK 3) ........................................................................................ 11
3.7 Memory Access .............................................................................................................. 12
3.7.1 ACCESS CONDITIONS ................................................................................................... 13
3.7.2 ACCESS CONDITIONS FOR THE SECTOR TRAILER...................................................... 13
3.7.3 ACCESS CONDITIONS FOR DATA BLOCKS................................................................... 15
4 DEFINITIONS ................................................................................................................. 16
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
3
5 LIFE SUPPORT APPLICATIONS ..................................................................................... 16
6 REVISION HISTORY ....................................................................................................... 17
MIFAREâ is a registered trademark of Philips Electronics N.V.
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
4
1 FEATURES
1.1 MIFAREâ RF Interface (ISO/IEC 14443 A)
· Contactless transmission of data and supply
energy (no battery needed)
· Operating distance: Up to 100mm (depending
on antenna geometry)
· Operating frequency: 13.56 MHz
· Fast data transfer: 106 kbit/s
· High data integrity: 16 Bit CRC, parity, bit
coding, bit counting
· True anticollision
· Typical ticketing transaction: < 100 ms (including
backup management)
1.2 EEPROM
· 1 Kbyte, organized in 16 sectors with 4 blocks of
16 bytes each (one block consists of 16 byte)
· User definable access conditions for each
memory block
· Data retention of 10 years.
· Write endurance 100.000 cycles
1.3 Security
· Mutual three pass authentication (ISO/IEC
DIS9798-2)
· Data encryption on RF-channel with replay
attack protection
· Individual set of two keys per sector (per
application) to support multi-application with key
hierarchy
· Unique serial number for each device
· Transport key protects access to EEPROM on
chip delivery
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
5
2 GENERAL DESCRIPTION
Philips has developed the MIFARE® MF1 IC S50 to
be used in contactess smart cards according to
ISO/IEC 14443A. The communication layer (
MIFARE® RF Interface) complies to parts 2 and 3 of
the ISO/IEC 14443A standard. The security layer
sports the field-proven CRYPTO1 stream cipher for
secure data exchange of the MIFARE® Classic
family.
2.1 Contactless Energy and Data Transfer
In the MIFARE® system, the MF1 IC S50 is connec-
ted to a coil with a few turns and then embedded in
plastic to form the passive contactless smart card.
No battery is needed. When the card is positioned in
the proximity of the Read Write Device (RWD)
antenna, the high speed RF communication
interface allows to transmit data with 106 kBit/s.
2.2 Anticollision
An intelligent anticollision function allows to operate
more than one card in the field simultaneously. The
anticollision algorithm selects each card individually
and ensures that the execution of a transaction with
a selected card is performed correctly without data
corruption resulting from other cards in the field.
2.3 User Convenience
The MIFARE® system is designed for optimal user
convenience. The high data transmission rate for
example allows complete ticketing transactions to be
handled in less than 100 ms. Thus, the
MIFAREâ card user is not forced to stop at the RWD
antenna leading to a high throughput at gates and
reduced boarding times onto busses. The MIFARE®
card may also remain in the wallet during the
transaction, even if there are coins in it.
2.4 Security
Special emphasis has been placed on security
against fraud. Mutual challenge and response
authentication, data ciphering and message
authentication checks protect the system from any
kind of tampering and thus make it attractive for
ticketing applications. Serial numbers, which can not
be altered, guarantee the uniqueness of each card.
2.5 Multi-application Functionality
The MIFARE® system offers real multi-application
functionality comparable to the features of a
processor card. Two different keys for each sector
support systems using key hierarchies.
contacts La , Lb
4 turns wire coil
MF1 IC S50 chip
embedded into a module
MIFAREâ card
Energy
Data
MIFARE® card reader
antenna
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
6
2.6 Delivery Options
· Die on wafer
· Bumped die on wafer
· Chip Card Module
3 FUNCTIONAL DESCRIPTION
3.1 Block Description
The MF1 IC S50 chip consists of the 1 Kbyte
EEPROM, the RF-Interface and the Digital Control
Unit. Energy and data are transferred via an
antenna, which consists of a coil with a few turns
directly connected to the MF1 IC S50. No further
external components are necessary. (For details on
antenna design please refer to the document
MIFAREâ Card IC Coil Design Guide.)
· RF-Interface:
– Modulator/Demodulator
– Rectifier
– Clock Regenerator
– Power On Reset
– Voltage Regulator
· Anticollision: Several cards in the field may be
selected and operated in sequence
· Authentication: Preceding any memory
operation the authentication procedure ensures
that access to a block is only possible via the
two keys specified for each block
· Control & Arithmetic Logic Unit: Values are
stored in a special redundant format and can be
incremented and decremented
· EEPROM-Interface
· Crypto unit: The field-proven CRYPTO1 stream
cipher of the MIFARE® Classic family ensures a
secure data exchange
· EEPROM: 1 Kbyte are organized in 16 sectors
with 4 blocks each. A block contains 16 bytes.
The last block of each sector is called “trailer”,
which contains two secret keys and
programmable access conditions for each block
in this sector.
antenna
RF-Interface
Digital Control Unit
EEPROM
Anti-
collision
Authenti-
cation
Control & ALU
EEPROM-
Interface
Crypto
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
7
3.2 Communication Principle
The commands are initiated by the RWD and con-
trolled by the Digital Control Unit of the MF1 IC S50
according to the access conditions valid for the
corres-ponding sector.
3.2.1 REQUEST STANDARD / ALL
After Power On Reset (POR) of a card it can answer
to a request command - sent by the RWD to all
cards in the antenna field - by sending the answer to
request code (ATQA according to ISO/IEC 14443A).
3.2.2 ANTICOLLISION LOOP
In the anticollision loop the serial number of a card is
read. If there are several cards in the operating
range of the RWD, they can be distinguished by
their unique serial numbers and one can be selected
(select card) for further transactions. The unselected
cards return to the standby mode and wait for a new
request command.
3.2.3 SELECT CARD
With the select card command the RWD selects one
individual card for authentication and memory rela-
ted operations. The card returns the Answer To Se-
lect(ATS) code (= 08h), which determines the type of
the selected card. Please refer to the document
MIFAREâ Standardised Card Type Identification
Procedure for further details.
3.2.4 3 PASS AUTHENTICATION
After selection of a card the RWD specifies the
memory location of the following memory access
and uses the corresponding key for the 3 pass
authentication procedure. After a successful authen-
tication all memory operations are encrypted.
Request Standard Request All
Anticollision Loop
Get Serial Number
Select Card
3 Pass Authentication
sector specific
Read
Block
Write
Block
Decre-
ment
Incre-
ment
Re-
store Halt
Transfer
Identification and Selection
Procedure
3 ms without collision
+ 1 ms for each collision
Typical Transaction Time
Authentication Procedure
2 ms
Memory Operations
2.5 ms read block
6.0 ms write block
2.5 ms dec/increment
Transaction SequencePOR
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
8
3.2.5 MEMORY OPERATIONS
After authentication any of the following operations
may be performed:
· Read block
· Write block
· Decrement: Decrements the contents of a block
and stores the result in a temporary internal
data-register
· Increment: Increments the contents of a block
and stores the result in the data-register
· Restore: Moves the contents of a block into the
data-register
· Transfer: Writes the contents of the temporary
internal data-register to a value block
3.3 Data Integrity
Following mechanisms are implemented in the
contactless communication link between RWD and
card to ensure very reliable data transmission:
· 16 bits CRC per block
· Parity bits for each byte
· Bit count checking
· Bit coding to distinguish between "1", "0", and no
information
· Channel monitoring (protocol sequence and bit
stream analysis)
3.4 Security
To provide a very high security level a three pass
authentication according to ISO 9798-2 is used.
3.4.1 THREE PASS AUTHENTICATION
SEQUENCE
a) The RWD specifies the sector to be accessed
and chooses key A or B.
b) The card reads the secret key and the access
conditions from the sector trailer. Then the card
sends a random number as the challenge to the
RWD (pass one).
c) The RWD calculates the response using the
secret key and additional input. The response,
together with a random challenge from the
RWD, is then transmitted to the card (pass
two).
d) The card verifies the response of the RWD by
comparing it with its own challenge and then it
calculates the response to the challenge and
transmits it (pass three).
e) The RWD verifies the response of the card by
comparing it to its own challenge.
After transmission of the first random challenge the
communication between card and RWD is
encrypted.
3.5 RF Interface
The RF-interface is according to the standard for
contactless smart cards ISO/IEC 14443A.
The carrier field from the RWD is always present
(with short pauses when transmitting), because it is
used for the power supply of the card.
For both directions of data communication there is
only one start bit at the beginning of each frame.
Each byte is transmitted with a parity bit (odd parity)
at the end. The LSB of the byte with the lowest
address of the selected block is transmitted first. The
maximum frame length is 163 bits (16 data bytes + 2
CRC bytes = 16 * 9 + 2 * 9 + 1 start bit).
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
9
3.6 Memory Organisation
The 1024 x 8 bit EEPROM memory is organized in
16 sectors with 4 blocks of 16 bytes each.
In the erased state the EEPROM cells are read as a
logical “0”, in the written state as a logical “1”.
0 Data
1 Data
2 Data
Sector Block 1
Byte Number within a Block
Description3 5 7 9 11 13
15 3 Sector Trailer 15
0 Data
2 Data
1 Data
14 3 Sector Trailer 14
0 Data
2 Data
1 Data
0 3 Sector Trailer 0
2 Data
1 Data
0 2 4 6 8 10 12 14 15
Key A Access Bits Key B
Key A Access Bits Key B
: :
: :
: :
1 3 Sector Trailer 1Key A Access Bits Key B
0 Manufacturer Block
Key A Access Bits Key B
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
10
3.6.1 MANUFACTURER BLOCK
This is the first data block (block 0) of the first sector
(sector 0). It contains the IC manufacturer data. Due
to security and system requirements this block is
3.6.2 DATA BLOCKS
All sectors contain 3 blocks of 16 bytes for storing
data (Sector 0 contains only two data blocks and the
read-only manufacturer block).
The data blocks can be configured by the access
bits as
· read/write blocks for e.g. contactless access
control or
· value blocks for e.g. electronic purse applica-
tions, where additional commands like increment
and decrement for direct control of the stored
value are provided.
An authentication command has to be carried out
before any memory operation in order to allow
further commands.
3.6.2.1 Value Blocks
The value blocks allow to perform electronic purse
functions (valid commands: read, write, increment,
write protected after having been programmed by
the IC manufacturer at production.
decrement, restore, transfer).
The value blocks have a fixed data format which
permits error detection and correction and a backup
management.
A value block can only be generated through a write
operation in the value block format:
· Value: Signifies a signed 4-byte value. The
lowest significant byte of a value is stored in the
lowest address byte. Negative values are stored
in standard 2´s complement format. For reasons
of data integrity and security, a value is stored
three times, twice non-inverted and once
inverted.
· Adr: Signifies a 1-byte address, which can be
used to save the storage address of a block,
when implementing a powerful backup manage-
ment. The address byte is stored four times,
twice inverted and non-inverted. During incre-
ment, decrement, restore and transfer
operations the address remains unchanged. It
can only be altered via a write command.
Byte Number 1514131211109876543210
Description AdrValue Value Value Adr Adr Adr
Byte 1514131211109876543210
Serial Number
Check Byte
Manufacturer Data
0xxxxxxx
LSBMSB
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
11
3.6.3 SECTOR TRAILER (BLOCK 3)
Each sector has a sector trailer containing the
· secret keys A and B(optional), which return logi-
cal “0”s when read and
· the access conditions for the four blocks of that
sector, which are stored in bytes 6...9. The
access bits also specify the type (read/write or
value) of the data blocks.
If key B is not needed, the last 6 bytes of block 3 can
be used as data bytes.
Byte 9 of the sector trailer is available for user data.
For this byte apply the same access rights as for
byte 6, 7 and 8.
Byte Number 1514131211109876543210
Description Key A Access Bits Key B (optional)
Philips Semiconductors Product Specification Rev. 5.1 Mai 2001
Functional Specification Standard Card IC MF1 IC S50
12
3.7 Memory Access
Before any memory operation can be carried out,
the card has to be selected and authenticated as
described previously.
The possible memory operations for an addressed
block depend on the