MF1SPLUS6001DUD/03 - NXP Semiconductors

1. General description

Migrate classic co ntactless smart card systems to the next security level! MIFARE Plus

brings benchmark security to mainstream contactless smart card applications. It is the

only mainstream IC compatible with MIFARE Classic 1K (MF1ICS50) and MIFARE

Classic 4K (MF1ICS70) which offers an upgrade path for existing infrastructures and

services.

After the security upgrade, MIFARE Plus uses AES-128 (Advanced Encryption Standard)

for authentication, data integrity and encryption. MIFARE Plus is based on open global

standar ds for both air interface and cryptographic methods at the highest security level.

MIFARE Plus is available in two versions: MIFARE Plus S and MIFARE Plus X.

•The MIFARE Plus S (MF1SPLUSx0y1, described in this data sheet) is the standard

version for straight forward migration of MIFARE Classic systems. It is configured to

offer high data integrity.

•The MIFARE Plus X (MF1PLUSx0y1) offers more flexibility to optimize the command

flow for speed and confidentiality . It of fers a rich feature set including proximity checks

against relay attacks.

2. Features and benefits

2 kB or 4 kB EEPROM

Simple fixed memory structure compatible with MIFARE Classic 1K and

MIFARE Classic 4K

Memory structure identical to MIFARE Classic 4K (sectors, blocks)

Access conditions freely configurable

Support s ISO/IEC 14443 Type A1 unique serial number (4-byte or 7-byte), optional

support of random IDs

Multi-sector authentication, Multi-block read and write

AES-128 used for authenticity and integrity

Anti-tearing mechanism for writing AES keys

Keys can be stored as MIFARE CRYPTO1 keys (2 × 48-bit per sector) and as AES

keys (2 × 128-bit per sector)

Basic support of virtual card concept

Communicatio n speed up to 848 kbit/s

MF1SPLUSx0y1

Mainstream contactless smart card IC for fast and easy

solution development

Rev. 3.1 — 19 April 2010

187031 Product short data sheet

PUBLIC

1. ISO/IEC 14443-x used in this data sheet refers to ISO/IEC 14443 Type A.

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 2 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

Number of single write operations: 200000 cycles (typical)

Common Criteria Certification: EAL4+

3. Applications

Public transportation

Access management such as employee, school or campus cards

Electronic toll collection

Closed loop micro payment

Car parking

Internet cafés

Loyalty programs

4. Quick reference data

[1] Measured with LCR meter.

Table 1. Quick reference data

Symbol Parameter Conditions Min Typ Max Unit

Ciinput capacitance Tamb = 22 °C; fi = 13.56

MHz; 2.8 V RMS [1] 15.0 17.0 19.04 pF

fiinput frequency - 13.56 - MHz

EEPROM characteristics

tret retention time Tamb = 22 °C 10 - - year

Nendu(W) write endurance Tamb = 22 °C; excluding

anti-tearing for AES keys or

sector trailers in security

level 3

100000 200000 - cycle

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 3 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

5. Ordering information

Table 2. Orderi ng information

Type number Package

Commercial

Name Name Description Version

MF1SPLUS8001DUD/03 FFC - 8 inch wafer (sawn; 120 µm thickness, on film frame

carrier; electronic fail die marking according to SECS-II

format) see Ref. 3, 4 kB EEPROM, 7-byte UID

MF1SPLUS8001DA4/03 MOA4 PLLMC plastic leadless module carrier package; 35 mm wide tape,

4 kB EEPROM, 7-byte UID SOT500-2

MF1SPLUS8011DUD/03 FFC - 8 inch wafer (sawn; 120 µm thickness, on film frame

carrier; electronic fail die marking according to SECS-II

format) see Ref. 3, 4 kB EEPROM, 4-byte UID

MF1SPLUS8011DA4/03 MOA4 PLLMC plastic leadless module carrier package; 35 mm wide tape,

4 kB EEPROM, 4-byte UID SOT500-2

MF1SPLUS8021DUD/03 FFC - 8 inch wafer (sawn; 120 µm thickness, on film frame

carrier; electronic fail die marking according to SECS-II

format) see Ref. 3, 4 kB EEPROM, 4-byte UID,

UID0 = XFh according to ISO/IEC 14443-3

MF1SPLUS8021DA4/03 MOA4 PLLMC plastic leadless module carrier package; 35 mm wide tape,

4 kB EEPROM, 4-byte UID, UID0 = XFh according to

ISO/IEC 14443-3

SOT500-2

MF1SPLUS6001DUD/03 FFC - 8 inch wafer (sawn; 120 µm thickness, on film frame

carrier; electronic fail die marking according to SECS-II

format) see Ref. 3, 2 kB EEPROM, 7-byte UID

MF1SPLUS6001DA4/03 MOA4 PLLMC plastic leadless module carrier package; 35 mm wide tape,

2 kB EEPROM, 7-byte UID SOT500-2

MF1SPLUS6011DUD/03 FFC - 8 inch wafer (sawn; 120 µm thickness, on film frame

carrier; electronic fail die marking according to SECS-II

format) see Ref. 3, 2 kB EEPROM, 4-byte UID

MF1SPLUS6011DA4/03 MOA4 PLLMC plastic leadless module carrier package; 35 mm wide tape,

2 kB EEPROM, 4-byte UID SOT500-2

MF1SPLUS6021DUD/03 FFC - 8 inch wafer (sawn; 120 µm thickness, on film frame

carrier; electronic fail die marking according to SECS-II

format) see Ref. 3, 2 kB EEPROM, 4-byte UID,

UID0 = XFh according to ISO/IEC 14443-3

MF1SPLUS6021DA4/03 MOA4 PLLMC plastic leadless module carrier package; 35 mm wide tape,

2 kB EEPROM, 4-byte UID, UID0 = XFh according to

ISO/IEC 14443-3

SOT500-2

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 4 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

6. Block diagram

7. Pinning information

7.1 Smart card contactless module

Fig 1. Block diagram

001aah38

INTERFACE

UART

ISO/IEC

14443A

AES CRYPTO

CO-PROCESSOR

CPU/LOGIC UNIT CRC

EEPROMRAMROM

TRUE RANDOM

NUMBER

GENERATOR

CRYPTO1

SECURITY

SENSORS

POWER ON

RESET

VOLTAGE

REGULATOR

CLOCK

INPUT FILTER

RESET

GENERATOR

Fig 2. Contact assignments for SOT500-2 (MOA4 )

Table 3. Bonding pad assignments to smart card contactless module

Contactless interface module MF1SPLUSx0y1DA4/z3

Antenna contacts Symbol Description

LA LA antenna coil connection LA

LB LB antenna coil connection LB

001aaj82

LA LBtop view

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 5 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

8. Functional description

8.1 Memory organization

The 4 kB EEPROM memory (MF1SPLUS80x) is organized in 32 sectors of 4 blocks and

in 8 sectors of 16 blocks. The 2 kB EEPROM memory (MF1SPLUS60x) is organized in

32 sectors of 4 block s.

One block consists of 16 bytes.

8.1.1 Manufacturer block

The first data block (block 0) of the first sector (sector 0) contains the PICC manufacturer

data. This block is programmed and write protected at production test.

8.1.2 Data blocks

Sectors 0Dto 31D contain 3 blocks each and sectors 32Dto 39D cont ain 15 blocks for data

storage. The data blocks can be configured using the access bits as:

•read/write blocks for storing binary data

•value blocks (only available in security level 1)

(1) CRYPTO1 Key A in security level 0, 1, 2; plain text access byte in security level 3

Fig 3. Me mory organiza tio n

001aaj843

SECTOR BLOCK DESCRIPTION0

15 CRYPTO1 key A access bytes

BYTE NUMBERS WITHIN A BLOCK

CRYPTO1 key B or data

CRYPTO1 key A access bytes CRYPTO1 key B or data

...

sector trailer 39

data

...

data

sector trailer 32

data

...

data

...

sector trailer 31

...

data

sector trailer 0

data

manufacturer data0

1 2 3 4 5(1) 6 7 8 9 10 11 12 13 14 15

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 6 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

Value blocks are special counters where the stored value can be manipulated with

specific comma nd s suc h as M F In cre m ent, MF Decrement and M F Transfer.

These value blocks have a fixed data format enabling error detection and correction with

backup management to be performed. Value blocks are only available in security level 1.

A successful mutual authentication is required to allow any data operation.

8.1.2.1 A c ce s s co n di tions

The access conditions for every data block and the sector trailer itself are stored in the

sector trailer of the corresponding sector.

The access bits control the rights of memory operations using the secret keys A and B.

The access conditions may be altered after authentication with the relevant key and the

current access condition allows this operation.

Furthermore, value blocks are configured using the access bits.

8.1.3 AES keys

AES keys are not shown in the memory map. The keys are stored on top of the other data

and can be updated and used by referencing the so-called Key Number. In security

level 3, anti-tearing is supported for the update of AES keys as well as for the update of

the sector trailer. This anti-tearing mechanism is done by the PICC itself. The EEPROM

stays in a defined status, even if the PICC is removed from the electromagnetic field

during the write operation.

8.1.4 Multi-sector authentic ation

A new feature has been provided in se curity le vel 3 for data which is spread over multiple

sectors to improve transaction performance.

Providing that such sectors are secured with identical keys (key value and key type) only

one authentication is required to read and/or write data from these sectors. There is no

need to re-authenticate when accessing any data within th es e sec to rs. The r efo re it is

possible to configure a card in such a way that operating with only one authentication is

needed in security level 3 to access all sectors.

8.1.5 Originality function

The originality function is implemented by an AES authentication with the originality key.

The authentication is performed in ISO/IEC 14443-4 protocol layer.

8.2 Card activation and communication protocol

The ISO/IEC 14443-3 anticollision mechanism allows for simultaneous handling of

multiple PICCs in the field. The anticollision algorithm selects each PICC individually and

ensures that execution of a transaction with a selected PICC is performed correctly

without data cor ruption from other PICCs in the field.

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 7 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

There are three different versions of the PICC. The first two have the UID programmed

into a locked pa rt of the NV-memory which is reserved for the manu facturer:

•the first is a unique 7-byte serial number

•the second is a unique 4-b yte ser i al num be r

Due to security and system requirements, these byte s ar e writ e- pr otected after being

programmed by the PICC manufacturer at production.

The third version has a p seudo-unique ID according to ISO/IEC 14443-3 and uses the

XFh ID range.‘

The customer must decide which UID length to use when ordering the product, see

Table 2 for ordering information.

During person alization, the PICC can be con f igured to support Random ID in security

level 3. The user can co nfigure whethe r Random ID o r fixed UID shall be us ed. According

to ISO/IEC 14443-3 (see Ref. 5), the first anticollision loop returns the Random Number

Tag 08h, the 3-byte Rando m Number a nd the BCC, if Random ID is used. The retrieval of

the UID in this case can be done using the Virtual Card Support Last command (see

Ref. 3) or by reading out block 0.

8.2.1 Backwards compatibility protocol

The backwards compatibility of this product, as used in security level 1 and security

level 2, runs on the same protocol layer as MIFARE Classic 1K and MIFARE Classic 4K.

The protocol is formed out of the following components:

•Frame definition: according to ISO/IEC 14443-3

•Bit encoding: according to ISO/IEC 14443-2

•Error code handling: handling is proprietary as error codes are for matted in half bytes.

•Command specification: commands are p roprietary. Please use the specification as in

Ref. 1 and Ref. 2 and the additional commands which are only implemented in

MIFARE Plus as described in this document and in Ref. 3.

The following secur ity lev els ca n ru n on this pr ot oc ol:

•Security Level 0

•Security Level 1

8.2.2 ISO/IEC 14443-4 Protocol

The ISO/IEC 14443-4 Protocol (also known as T=CL) is used in many processor cards.

This protocol is used for the MIFARE Plus with the following security levels:

•Security Level 0: all commands

•Security Level 1: only the security level switch and originality function.

•Security Level 3: all commands

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 8 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

8.3 Security level switching

The MIFARE Plus S offers a unique feature to support migration from CRYPTO1 based

systems to AES based operation. The migration on the card-side is done using different

security levels supporting different cryptographic algorithms and protocols. There are

three security levels:

•Security level 0: initial delivery configuration, used for card personalization

•Security level 1: backwards functional compatibility mode (with MIFARE Classic 1K

and MIFARE Classic 4K) with an optional AES authentication

•Security level 3: 3-Pass authentication based on AES, data manipulation commands

secured by AES encryption and an AES based MACing method.

The security level switching (i.e. from security level 1 to security level 3) is performed

using the dedicated AES authentication switching keys.

The security level can only be switched from a lower level to a higher level, never in the

opposite direction.

8.4 Security level 0

Security level 0 is the initial delivery configuration of the PICC. The card can be operated

either using the backwards compatibility protocol or the ISO/IEC 14443-4 protocol.

In this level, the card can be personalized including the programming of user data as well

as of CRYPTO1 and/or AES keys. In addition, the originality function can be used.

The following mandatory AES keys need to be written using the Write Perso command

before the PICC can be switched to security level 1 or security level 3 (for L3 card) .

Security level switching is performed using the Commit Perso command:

•Card Configuration Key

•Card Master Key

•Level 3 Switch Key

Using the originality function, it is possible to verify that the chip is a genuine

NXP Semiconductors MIFARE Plus.

8.5 Security level 1

Security level 1 offers the same functionality as a MIFARE Classic 1K and MIFARE

Classic 4K using the backwards compatibility protocol. The MIFARE Classic 1K and

MIFARE Classic 4K products are specified in Ref. 1 and Ref. 2.

Furthermore, an optional AES authentication is available in this level without af fecting the

MIF ARE Classic 1K and MIFARE Classic 4K functionality. The authenticity of the card can

be proven using strong cryptographic means with this additional functionality.

The timings may differ from the MIFARE Classic 1K and MI FARE Classic 4K pro duc ts.

Using the originality function, it is possible to verify that the chip is a genuine

NXP Semiconductors MIFARE Plus.

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 9 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

8.6 Security level 3

The operation in security level 3 is solely based on the ISO/IEC 14443-4 protocol layer.

The usage of the backwards compatibility protocol is not possible.

In security level 3, a mandatory AES authentication between PICC and reader is

conducted, where two keys are gen erated as a function of the random numbers from the

PICC and the reader as well as of the shared key. These two session keys are used to

secure the data wh ich is exchanged on the interf ace between the card and r eader. One of

the two keys is used to ensure the confidentiality o f the comm and and th e response while

the other key ensures the integrity of the command and the response.

All commands carry a MAC, such that the PICC will only accept commands from the

reader with which it is au thenticated. Tampering of opera nds and messages is detected by

checking the MAC. Also all responses contain a MAC, so that the reader on each

response knows that neither the command nor the response has been tampered with.

Each response carries a MAC. When the appropriate MAC is received, due to linking of

MACs, the reader knows that the command and commands before it was properly

executed.

All commands between two cons ecutive first authenticate commands belong to one

transaction and the MACing mechanism assures inte gr ity of th e whole tran sa ct ion .

9. Look-up tables

9.1 Security level 0, 1, 3: ISO/IEC 14443-3

Table 4. ISO/IEC 14443-3

Command Description

REQA the REQA and ATQA commands are fully implemented according to

ISO/IEC 14443-3.

WUPA the WAKE-UP command is fully implemented according to

ISO/IEC 14443-3.

ANTICOLLISION/SELECT

cascade level 1 the ANTICOLLISION and SELECT commands are fully implemented

according to ISO/IEC 14443-3. The response is part 1 of the UID.

ANTICOLLISION/SELECT

cascade level 2 for 7 byte

UID version

the ANTICOLLISION and SELECT commands are fully implemented

according to ISO/IEC 14443-3. The response is part 2 of the UID.

HALT the HALT command is fully implemented according to

ISO/IEC 14443-3

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 10 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

9.2 Security level 0, 1, 3: ISO/IEC 14443-4

Please find more information on ISO/IEC 14443 in Ref. 5 as well as on the settings of

ATQA, SAK and ATS in Ref. 4.

9.3 Security level 0 command overview

9.4 Security level 1 command overview

Table 5. ISO/IEC 14443-4

Command Description

RA TS the response to the RA TS command identifies the PICC type to the

PCD.

PPS the PPS command allows an individual selection of the

communication baud rate between PCD and PICC. It is possible

for the MF1SPLUSx0y1 to individually set the communication baud

rate independently of each other fo r both directions i.e.

MF1SPLUSx0y1 allows a non-symmetrical information

interchange speed.

DESELECT deselection according to ISO/IEC 14443-4

Table 6. Security level 0 command overview

Command Description

Write Perso pre-personalization of AES keys and all blocks

Commit Perso switch to security level 1

First Authenticate (part 1) first authenticate

Following Authenticate (part 1) following authenticate

Authenticate (part 2) second authentication step

Table 7. Security level 1 command overview

MF1ICS50, MF1ICS70,

MF1ICS20 commands Description

MF Authenticate key A authentication with key A

MF Authenticate key B authentication with key B

MF Read reading data

MF Write writing data

MF Increment incrementing a value

MF Decremen t decrementin g a val ue

MF Restore restoring a value

MF T ransfer transferring a value

Commands using backwards compatibility protocol, see Section 8.2.1

Following Authenticate (part 1) following authenticate; protocol used as described in

Section 8.2.1

Authenticate (part 2) second authentication step; protocol used as described in

Section 8.2.1

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 11 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

9.5 Security level 3 command overview

10. Limiting values

[1] Stresses above one or more of the limiting values may cause permanent damage to the device.

[2] Exposure to limiting values for extended periods may affect device reliability.

[3] MIL Standard 883-C method 3015; Human body model: C = 100 pF, R = 1.5 kΩ.

Command set for security level switch and originality function using ISO/IEC 14443-4

protocol

First Authenticate (part 1) first authenticate

Following Authenticate (part 1) following authenticate

Authenticate (part 2) second authentication step

Table 7. Security level 1 command overview …continued

MF1ICS50, MF1ICS70,

MF1ICS20 commands Description

Table 8. Security level 3 command overview

Command Description

MIFARE Plus commands

First Authenticate (part 1) first authenticate

Following Authenticate (part 1) following authenticate

Authenticate (part 2) second authentication step

ResetAuth reset the authentication step

READ commands

Read Plain MACed reading in plain, MAC on response, MAC on command

WRITE commands

Write MACed writing encrypted, MAC on response, MAC on command

Write Plain MACed writing in plain, MAC on response, MAC on command

Virtual card concept

Virtual Card Support Last check if the virtual card concept is supported, communicate PCD

capabilities and retrieve the UID

Deselect Virtual Card deselect the virtual card

Table 9. Limiting values

In accordance with the Absolute Maximum Rating System (IEC 60134).

Symbol Parameter Conditions Min Max[1][2] Unit

IIinput current - 30 mA

Ptot/pack total power dissipation per package - 200 mW

Tstg storage temperature −55 125 °C

Tamb ambient temperature −25 70 °C

VESD electrostatic discharge voltage [3] 2- kV

Ilu latch-up current ±100 - mA

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 12 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

11. Abbreviations

12. References

[1] Data sheet — MF1ICS50 Functional specification, BU-ID Doc. No. 0010**2.

[2] Data sheet — MF1ICS70 Functional specification, BU-ID Doc. No. 0435**.

[3] Data sheet — M1PLUSx0y1 MIFARE Plus functional specification,

BU-ID Doc. No. 1637**.

[4] Application note — MIFARE Type identification procedure, BU-ID Doc. No. 1843**.

[5] Application note — ISO 14443 PICC selection, BU-ID Doc. No. 1308**.

[6] NIST Special Publication 800 -38A — Recommendation for block cipher modes of

operation: methods and techniques, 2001.

[7] NIST Special Publication 800 -38B — Recommendation for block cipher modes of

operation: The CMAC mode for authentication.

[8] ISO/IEC Standard — ISO/IEC 14443 Identification cards - contactless integrated

circuit cards - proximity cards.

[9] FIPS PUB 197 ADVANCED ENCRYPTION STANDARD — Recommendation for

block cipher modes of operation: Methods and techniques.

[10] ISO/IEC Standard — ISO/IEC 9797-1 Information technology - security techniques

- Message Authentica tion Codes (MACs) - Par t 1: Mechanisms using a block ciphe r.

Table 10. Abbreviations and symbols

Acronym Description

AES Advanced Encryption Standard

EEPROM Electrically Erasable Programmable Read-Only Memory

LCR L = inductance, Capacitance, Resistance (LCR meter)

MAC Message Authentication Code

NV Non-Volatile memory

PCD Proximity Coupling Device (Contactless Reader)

PICC Proximity Integrated Circuit Card (Contactless Card)

PPS Protocol Parameter Selection

RATS Request Answer To Select

REQA REQuest Answer

SAK Select AcKnowledge, type A

SECS-II SEMI Equipment Communications Standard part 2

UID Unique IDentifier

VC Virtual Card, one MIFARE Plus PICC is one virtual card

WUPA Wake-Up Protocol type A

2. ** ... document version number

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 13 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

13. Revision history

Table 11. Revision history

Document ID Release date Data sheet status Ch ange notice Supersedes

MF1SPLUSx0y1_31 20100419 Product short data sheet - 187030

Modifications: •Minor text and standardization modifications.

187030 20100211 Product short data sheet - -

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 14 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

14. Legal information

14.1 Data sheet status

[1] Please consult the most recently issued document before initiating or completing a design.

[2] The term ‘short data sheet’ is explained in section “Definitions”.

[3] The product status of de vice(s) descr ibed in th is document m ay have cha nged since thi s document w as publish ed and may di ffe r in case of multiple devices. The latest product status

information is available on the Internet at URL http://www.nxp.com.

14.2 Definitions

Draft — The document is a draft version only. The content is still under

internal review and subject to formal approval, which may result in

modifications or additions. NXP Semiconductors does not give any

representations or warranties as to the accuracy or completeness of

information included herein and shall have no liab ility for the consequences of

use of such information.

Short data sheet — A short data sheet is an extract from a full data sheet

with the same product type number(s) and tit le. A short data sh eet is intended

for quick reference only and shou ld not b e relied u pon to cont ain det ailed and

full information. For detailed and full information see the relevant full data

sheet, which is available on request via the local NXP Semicond uctors sales

office. In case of any inconsistency or conflict with the short data sheet, the

full data sheet shall pre va il.

Product specificatio n — The information and data provided in a Product

data sheet shall define the specification of the product as agreed between

NXP Semiconductors and its customer, unless NXP Semiconductors and

customer have explicitly agreed otherwise in writing. In no event however,

shall an agreement be valid in which the NXP Semiconductors product is

deemed to off er functions and qualities beyond those described in the

Product data sheet.

14.3 Disclaimers

Limited warr a nty and liability — Information in this document is believed to

be accurate and reliable. However, NXP Semiconductors does not give any

representations or warrant ies, expressed or implied, as to the accuracy or

completeness of such information and shall have no liability for the

consequences of use of such information.

In no event shall NXP Semiconductors be liable for any indirect, incidental,

punitive, special or consequ ential damages (including - wit hout limitation - lost

profits, lost savings, business interruption, costs related to the removal or

replacement of any products or rework charges) whether or not such

damages are based on tort (including negligence), warranty, breach of

contract or any other legal theory.

Notwithstanding any damages that customer might incur for any reason

whatsoever, NXP Semiconductors’ aggregate and cumulat ive liability toward s

customer for the products described herein shall be limited in accordance

with the Terms and conditions of commercial sale of NXP Semiconductors.

Right to make changes — NXP Semiconductors reserves the right to make

changes to information published in this document, including without

limitation specifications and product descriptions, at any time and without

notice. This document supersedes and replaces all informa tion supplied prior

to the publication hereof .

Suitability for use — NXP Semiconductors products are not designed,

authorized or warranted to be suitable for use in medical, military, aircraft,

space or life support equipment, nor in applications where failure or

malfunction of an NXP Semiconductors product can reasonabl y be expected

to result in perso nal injury, death or severe property or environmental

damage. NXP Semiconductors accepts no liab ility for inclusion and/or use of

NXP Semiconductors products in such equipment or applications and

therefore such inclusion and/or use is at the customer’s own risk.

Applications — Applications that are described herein for any of these

products are for illustrative purposes only. NXP Semiconductors makes no

representation or warranty that such applications will be suitable for the

specified use without further testing or modification.

NXP Semiconductors does not accept any liability related to any default ,

damage, costs or problem which is based on a weakness or default in the

customer application /use or t he application/use of customer’s third party

customer(s) (hereinafter both referred to a s “A pplication”). It is customer’s

sole responsibility to check whether the NXP Semiconductors product is

suitable and fit for the Appl ica tion plann ed. Customer has to do all necessary

testing for the Application in order to avoid a default of the Application and t he

product. NXP Semiconductors does not accept any liability in this respect.

Limiting values — Stress above one or more limiting values (as defined in

the Absolute Maximum Ratings System of IEC 60134) will cause permanent

damage to the device. Limiting values are stress ratings only and (proper)

operation of the device at these or any other conditions above those given in

the Recommended operating conditions section (if present) or the

Characteristics sections of this document is not warranted. Constant or

repeated exposure to limiting values will permanently and irreversibly affect

the quality and reliability of the device.

Terms and conditions of commercial sale — NXP Semiconductors

products are sold subject to the general terms and conditions of commercial

sale, as published at http://www.nxp.com/profile/terms, unless otherwise

agreed in a valid written individua l agreement. In case an individual

agreement is concluded only the ter m s and conditions of the respective

agreement shall apply. NXP Semiconductors hereby expressly objects to

applying the customer’s general terms and conditions with regard to the

purchase of NXP Semiconductors products by customer.

No offer to sell or license — Nothing i n this document may be interpreted or

construed as an of fer t o sell product s that is open for accept ance or the gr ant,

conveyance or implication of any license under any copyrights, patents or

other industrial or inte llectual property rights.

Quick reference data — The Quick reference data is an extract of the

product data given in the Limiting values and Characteristics sections of this

document, and as such is not complete, exhaustive or legally binding.

Export control — This document as well as the item(s) described herein

may be subject to export control regulatio ns. Export might require a prior

authorization from national authorities.

Non-automotive qualified products — Unless this data sheet expressly

states that t his specific NXP Semiconductors product is automotive qualified,

the product is not suit ab le for aut omotive u se. It is neit her qua lifi ed n or test ed

in accordance with automotive testing or application requirement s. NXP

Semiconductors accepts no liability for inclu sio n and/or use of

non-automotive qualifie d products in automotive equipment or applications.

Document status[1][2] Product status[3] Definition

Objective [short] data sheet Development This document cont ains data from the objective specification for product development.

Preliminary [short] dat a sheet Qualification This document contains data from the preliminary specification.

Product [short] data sheet Production This document contains the product specification.

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 15 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

In the event that customer uses the product for design-in and use in

automotive applications to automot ive specifications and standards, custome r

(a) shall use the product without NXP Semiconductors’ warranty of the

product for such au tomotive applications, use and specifications, and (b)

whenever customer uses the product for automotive applications beyond

NXP Semiconductors’ specifications such use shall be solely at customer’s

own risk, and (c) customer fully indemnifies NXP Semiconductors for any

liability, damages or failed product claims resulting from customer design and

use of the product for automotive appl ications beyond NXP Semiconductors’

standard warrant y and NXP Semiconductors’ product specifications.

14.4 Licenses

14.5 Trademarks

Notice: All referenced b rands, produc t names, service names and trademarks

are the property of their respective ow ners.

MIFARE — is a trademark of NXP B.V.

MIFARE Plus — is a trademark of NXP B.V.

15. Contact information

For more information, please visit: http://www.nxp.com

For sales office addresses, please send an email to: salesaddresses@nxp.com

ICs with DPA Countermeasures functionality

NXP ICs containing functionality

implementing countermeasures to

Differential Power Analysis and Simple

Power Analysis are produced and sold

under applicable license from

Cryptography Research, Inc.

Product short data sheet

PUBLIC Rev. 3.1 — 19 April 2010

187031 16 of 17

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

16. Tables

Table 1. Quick reference data . . . . . . . . . . . . . . . . . . . . .2

Table 2. Ordering information . . . . . . . . . . . . . . . . . . . . .3

Table 3. Bonding pad assignments to smart card

contactless module . . . . . . . . . . . . . . . . . . . . . .4

Table 4. ISO/IEC 14443-3 . . . . . . . . . . . . . . . . . . . . . . . .9

Table 5. ISO/IEC 14443-4 . . . . . . . . . . . . . . . . . . . . . . .10

Table 6. Security level 0 command overview . . . . . . . . 10

Table 7. Security level 1 command overview . . . . . . . . 10

Table 8. Security level 3 command overview . . . . . . . . 11

Table 9. Limiting values . . . . . . . . . . . . . . . . . . . . . . . . 11

Table 10. Abbreviations and symbols . . . . . . . . . . . . . . . 12

Table 11. Revision history . . . . . . . . . . . . . . . . . . . . . . . . 13

17. Figures

Fig 1. Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Fig 2. Contact assignments for SOT500-2 (MOA4) . . . .4

Fig 3. Memory organization . . . . . . . . . . . . . . . . . . . . . . .5

NXP Semiconductors MF1SPLUSx0y1

Mainstream con tactless smart card IC

For more information, please visit: http://www.nxp.com

For sales office addresses, please send an email to: salesaddresses@nxp.com

Date of release: 19 April 2010

187031

Please be aware that important notices concerning this document and the product(s)

described herein, have been included in section ‘Legal information’.

18. Contents

1 General description. . . . . . . . . . . . . . . . . . . . . . 1

2 Features and benefits . . . . . . . . . . . . . . . . . . . . 1

3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

4 Quick reference data . . . . . . . . . . . . . . . . . . . . . 2

5 Ordering information. . . . . . . . . . . . . . . . . . . . . 3

6 Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 4

7 Pinning information. . . . . . . . . . . . . . . . . . . . . . 4

7.1 Smart card contactless module . . . . . . . . . . . . 4

8 Functional description . . . . . . . . . . . . . . . . . . . 5

8.1 Memory organization . . . . . . . . . . . . . . . . . . . . 5

8.1.1 Manufacturer block. . . . . . . . . . . . . . . . . . . . . . 5

8.1.2 Data blocks. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

8.1.2.1 Access conditions. . . . . . . . . . . . . . . . . . . . . . . 6

8.1.3 AES keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

8.1.4 Multi-sector authentication . . . . . . . . . . . . . . . . 6

8.1.5 Originality function . . . . . . . . . . . . . . . . . . . . . . 6

8.2 Card activation and communication protocol . . 6

8.2.1 Backwards compatibility protocol . . . . . . . . . . . 7

8.2.2 ISO/IEC 14443-4 Protocol . . . . . . . . . . . . . . . . 7

8.3 Security level switching . . . . . . . . . . . . . . . . . . 8

8.4 Security level 0. . . . . . . . . . . . . . . . . . . . . . . . . 8

8.5 Security level 1. . . . . . . . . . . . . . . . . . . . . . . . . 8

8.6 Security level 3. . . . . . . . . . . . . . . . . . . . . . . . . 9

9 Look-up tables . . . . . . . . . . . . . . . . . . . . . . . . . . 9

9.1 Security level 0, 1, 3: ISO/IEC 14443-3 . . . . . . 9

9.2 Security level 0, 1, 3: ISO/IEC 14443-4 . . . . . 10

9.3 Security level 0 command overview . . . . . . . . 10

9.4 Security level 1 command overview . . . . . . . . 10

9.5 Security level 3 command overview . . . . . . . . 11

10 Limiting values. . . . . . . . . . . . . . . . . . . . . . . . . 11

11 Abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . 12

12 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

13 Revision history. . . . . . . . . . . . . . . . . . . . . . . . 13

14 Legal information. . . . . . . . . . . . . . . . . . . . . . . 14

14.1 Data sheet status . . . . . . . . . . . . . . . . . . . . . . 14

14.2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

14.3 Disclaimers. . . . . . . . . . . . . . . . . . . . . . . . . . . 14

14.4 Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

14.5 Trademarks. . . . . . . . . . . . . . . . . . . . . . . . . . . 15

15 Contact information. . . . . . . . . . . . . . . . . . . . . 15

16 Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

17 Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

18 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17