Migrate classic contactless smart card systems to the next security level

MIFARE Plus brings benchmark security to mainstream contactless smart card applications. It is the only mainstream IC compatible with MIFARE™ Classic offering a seamless upgrade path, with minimal effort, for existing infrastructure and services.

Key applications

  • Public transportation
  • Access management, e.g. employee, school or campus cards
  • Electronic toll collection
  • Car parking
  • Loyalty programs

Key features

  • 2 or 4-KB EEPROM
  • Simple fixed memory structure compatible with MIFARE Classic 1 K (MF1ICS50), MIFARE Classic 4 K (MF1ICS70)
  • Access conditions freely configurable
  • Smooth migration from MIFARE Classic to MIFARE Plus security level supported
  • Open standard AES crypto for authentication, integrity and encryption
  • Common Criteria Certification: EAL4+ for IC HW and SW
  • ISO/IEC 14443-A unique 7 byte or non-unique 4 byte serial number and random IDs
  • Multi-sector authentication, multi-block read and write
  • Anti-tear function for writing AES keys
  • Keys can be stored as MIFARE Classic CRYPTO1 keys (2 x 48 bit per sector) or as AES keys (2 x 128 bit sector)
  • Supports virtual card concept
  • High data rates up to 848 kbit/s
  • Available in MOA4 modules or 8-inch sawn bumped wafer

NXP MIFARE Plus is based on open global standards both for air interface and cryptographic methods. It is available in two versions: MIFARE Plus S, the Slim version, for straightforward migration of MIFARE Classic systems, and MIFARE Plus X, the eXpert version, which offers more flexibility to optimize the command flow for speed, privacy and confidentiality. MIFARE Plus X offers a rich feature set, including proximity checks against relay attacks.

MIFARE Plus is fully functional backwards compatible with MIFARE Classic 1 K and MIFARE Classic 4 K. Interoperability with MIFARE Classic has been verified by the independent MIFARE Certification Institute. MIFARE Plus offers the possibility to issue cards seamlessly into existing MIFARE Classic applications, before the infrastructure is upgraded. Once the security upgrades are in place, MIFARE Plus cards can be switched to a more secure mode in the field with no customer interaction necessary. AES (advanced encryption standard) is then being used for authentication, encryption and data integrity.  MIFARE Plus supports high-speed communication between card and terminal at up to 848 kbps/s, for time critical services. The read range of up to 10 cm increases the convenience of the touch-and-go experience.

Security Levels

MIFARE Plus cards support one pre-personalization and 3 security levels. Cards operate in one security level at any given time and can only be switched to a higher level.

Security Level 0:  MIFARE Plus cards are pre-personalized with configuration keys, level switching keys, MIFARE Classic CRYPTO1 and AES keys for the memory.
Security Level 1:  In this level the cards are 100% functionally backwards compatible with MIFARE Classic 1K and MIFARE Classic 4K cards. Cards work seamlessly in existing MIFARE Classic infrastructure.
Security Level 2:  Mandatory AES authentication. MIFARE Classic CRYPTO1 for data confidentiality.
Security Level 3:  Mandatory AES for authentication, communication confidentiality and integrity. Optional proximity detection (MIFARE Plus X only).

An automatic anti-tear mechanism is available for secure deployment of rolling keys. If a card is removed from the field during a key update, it either concludes the update or automatically falls back to the previous key. NXP recommends 7Byte UID, but offers 4B UID versions of MIFARE Plus during migration. MIFARE Plus is available in the proven MOA4 module and as sawn bumped wafers, no changes for existing manufacturing processes necessary.


Return to MIFARE