RFID General Table
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTU
1
ManufacturerType/Model NameFrequencyDescriptionStandard/NotesSecurity
2
Alien TechnologyHiggs 2860~960 MHzEPC up to 192 Bits, TID 64 BitsISO18000-6c - EPC Gen2?none?
3
Higgs 3860~960 MHzEPC up to 480 Bits, TID 64 BitsISO18000-6c - EPC Gen2Dynamic Authentication™ - Enhanced IC security using a non-digital, unique and non-cloneable “finger-print” - Practically eliminates copied tags being applied to counterfeit or goods of higher value. A 64-bit Unique TID for authentication and serialization applications, an extensible EPC memory bank, 512-bits of user memory for distributed data applications, and password protected read and write support capabilities to prevent unauthorized viewing and modifi cation of the tag’s data.
4
Higgs 4860~960 MHzEPC up to 512 Bits, TID 64 BitsISO18000-6c - EPC Gen2An optimized memory footprint includes a 32-bit TID, a 64-bit Unique TID for authentication and next generation serialization applications, a 128-bit EPC memory bank, 128-bits of user memory for distributed data applications, and password protected read and write support capabilities to prevent unauthorized viewing and modification of the tag’s data.
5
InpinjMonza 3860~960 MHzEPC up to 128 BitsEPC Gen2 - ISO18000-6?none?
6
Monza 4D860~960 MHzEPC up to 128 Bits - User Memory 32 BitsEPC Gen2 - ISO18000-6?none?
7
Monza 4E860~960 MHzEPC up to 496 Bits - User Memory 128 BitsEPC Gen2 - ISO18000-6?none?
8
Monza 4QT860~960 MHzEPC up to 128 Bits - User Memory 128 BitsEPC Gen2 - ISO18000-6QT technology’s Short-Range Mode adds a layer of physical protection to a user’s private data by reducing the tag’s read range to less than one-tenth of its normal range. So while a reader can always singulate the tag and read its currently exposed identifier (EPC or alternate product identifier) from normal range, any attempts to access the Private Data Profile from a distance will cause the tag to lose power and drop out of its dialog with the reader. The short-range feature ensures that protected information is not readable unless the tag is very close to a reader antenna.
9
Monza 5860~960 MHzUser Memory 128 BitEPC Gen2 - ISO18000-6?none?
10
Monza X-2K Dura860~960 MHz/I2CEPC up to 128 Bits - User Memory 2176 BitsEPC Gen2 - ISO18000-6QT technology’s Short-Range Mode adds a layer of physical protection to a user’s private data by reducing the tag’s read range to less than one-tenth of its normal range. So while a reader can always singulate the tag and read its currently exposed identifier (EPC or alternate product identifier) from normal range, any attempts to access the Private Data Profile from a distance will cause the tag to lose power and drop out of its dialog with the reader. The short-range feature ensures that protected information is not readable unless the tag is very close to a reader antenna.
11
Monza X-8K Dura860~960 MHz/I2CEPC up to 128 Bits - User Memory 8192 BitsEPC Gen2 - ISO18000-6QT technology’s Short-Range Mode adds a layer of physical protection to a user’s private data by reducing the tag’s read range to less than one-tenth of its normal range. So while a reader can always singulate the tag and read its currently exposed identifier (EPC or alternate product identifier) from normal range, any attempts to access the Private Data Profile from a distance will cause the tag to lose power and drop out of its dialog with the reader. The short-range feature ensures that protected information is not readable unless the tag is very close to a reader antenna.
12
EM-Marin Microelectronic (acquired Sokymat in 2003)H400150/130/400 kHzRead only, 64 Bitsnone
13
EM4102/H4102 (replaced by EM4200)125 kHzRead only, 64 Bitsnone
14
H4003125 kHz - 3.25 MHzRead only, 64 Bitsnone
15
EM4005/EM4105 (old H4005 - replaced by EM4200)100~150 kHzRead only, 128 BitsISO11784/85 Compatiblenone
16
EM4006 (old H4006)13.56 MHzRead only, 64 Bitsnone
17
EM4022/P4022MultifrequencyRead only, 64 Bitsnone
18
EM4025/EM4125100~150 kHzRead only, 55 Bitsnone
19
EM4026125 kHzRead only, 64 Bitsnone
20
EM403313.56 MHzRead only, 64 BitsISO15693none
21
EM4034 (same as EM4035 but no crypto)13.56 MHzR/W, 448 BitsISO15693Password (block 0) is never readable but written only in Secure mode. Super User Memory, EAS and Lock Block (block2) can be read by all users but written only in Secure mode. Lock block defines which memory blocks are locked against programming. All user memory words (Blocks 3 to 13) are always readable. Write access rights to User Words (blocks 3 to 11) depend on appropriate Lock Block. Secure mode is enabled by Login command. Login proprietary command is E4 and it checks password stored in block0 - password cannot be read - password can be changed only after a succesful login (Secure Mode).
22
EM4035 (same as EM4034 & EM4135 but with crypto)13.56 MHzR/W, 3.2K BitsISO15693The 3.2k bit EEPROM memory contained in the chip is organized in 50 words of 64 bits, each word can be irreversibly locked [same as EM4034?].
23
V4050125 KHzR/W, 1024 BitsThe chip contains 1 KBit of EEPROM which can be configured by the user, allowing a write inhibited area, a read protected area, and a read area output continuously at power on. The memory can be secured by using the 32 bit password (stored in block0) for all write and read protected operations. The password can be updated, but never read. Also chip has a control word (block2-bit16 pwd on/off) and a protection word (block1 - set blocks protection for read/write).
24
EM4055125 kHzR/W, 1K BitsThe memory can be secured by using the 32-bit password for all write and read protected operations. The password can be updated but never read. User defined Write protected words. User defined Read protected words.
25
EM4056/P4056 (aka MicroCID 1106)100~150 kHzR/W, 2K BitsThe user can define a password and protect part or all of the memory - password is (optionally) linked to a decremental counter; if the counter readches 0 all memory is totally locked, only non-protected blocks can be read-only. Each block can be read and/or write protected and this protection (bit=1) is OTP (unreversible).
26
EM4069/EM4169 (old Sokymat T5/Nova?)100~150 kHzR/W, 128 Bitsnone
27
V4070125 kHzR/W, 160 BitsThe chip contains an implementation of a crypto-algorithm with 96 Bits of user configurable secret-key (unreadable) contained in EEPROM. Blocks 4 through 9 contain the 96 bits of secret key. These bits influence the crypto-algorithm but cannot be read directly.
28
V4082chip-onlyROM, 64 Bitsnone
29
EM4083115~140 kHzR/W, 512 Bitsnone
30
P4092100~150 kHzBase Stations-
31
EM409413.56 MHzBase StationISO15693-14443A/B-
32
EM4095 (old P4095)125 kHzBooster Circuits-
33
EM4100 (old H4100 - replaced by EM4200)100~150 kHzRead only, 64 Bitsnone
34
EM4102 (old H4102 - replaced by EM4200)125 kHzRead only, 64 Bitsnone
35
EM4105/EM4005125 kHzRead only, 128 Bitsnone
36
EM4122860~960 MHzRead only, 64 Bitsnone
37
EM4123 (protocol compatible with EM4122 & EM4222)860~960 MHzRead only, 64 Bitsnone
38
EM4124860~960 MHzR/W, 176 BitsISO1800032 bit Kill Password (block0+block1), and 32 bit Access Password (block2+block3) [default pwds = 0000'0000'0000'0000]
39
EM4126860~960 MHzR/W, 224 BitsISO18000none
40
EM413313.56 MHzR/W, 512 BitsISO15693Password is located at block0 (it is never readable but written only in Secure mode after a successful Login command). Super User Memory, EAS and the Lock Block area (block2) can be read by all users but written only in Secure mode. Lock block bits define which memory blocks are locked against programming/writing operations. All user memory words (Blocks 3 to 13) are always readable and can be write protected with the corresponding lock bits. Write access rights to User Words (blocks 3 to 11) depend on appropriate Lock Block bit. Secure mode is enabled only by a successful Login command (right password value).
41
EM4135 (same as EM4035 but no crypto)13.56 MHzR/W, 2432 BitsISO15693The 2.4k bit EEPROM memory contained in the chip is organized in 38 words of 64 bits, each word can be irreversibly locked [same as EM4034?].
42
EM4150/EM4350 (replaced by EM4450/EM4550)100~150 kHzR/W, 1K BitsThe memory can be secured by using the 32 bit password (stored in block0) for all write and read protected operations. The password can be updated, but never read. Also chip has a control word (block2-bit16 pwd on/off) and a protection word (block1 - set blocks protection for read/write).
43
EM4170125 kHzR/W, 256 BitsThe chip contains an implementation of a crypto-algorithm with 96 Bits of user configurable secret-key contained in EEPROM. Bits 15 and 14 of word 1 are used as Lock-Bits. The memory can only be accessed for writing or erasing if these two bits have the contents "x0" as when they are delivered. The memory can be unlocked by using the PIN-code command; in that case, the lock-bits are reset from the value "x1" to the value "x0". Words 4 through 9 contain the 96 bits of secret key. These bits influence the crypto-algorithm but cannot be read directly. Words 11 and 12 contain the 32 bits of PINCode. These two words can be written when the lock bits are in unlocked state. They cannot be read out as for the secret key.
44
EM4200 (replaces EM4100/4102/4005/4105)125~134.2 kHzRead only, 64 BitsISO11784/85 Compatiblenone
45
EM4205/EM4305125~134.2 kHzR/W, 512 BitsISO11784/85 CompatibleWord 2 contains a 32 bit password. The password value can be changed only after a successful Login command.The 32 bit Password word has to be sent to the chip during a Login command to enable password protected operations. The password word can not be read out with a read word command. There is also a "Read Login Bit": When set to logic 1, the reading of all words, except Words 0 and 1 (manufacturer and UID blocks), by using the Read Word command is protected. Reading any of these words using the Read Word command, can be done upon successful execution of a Login command.There is also a "Write Login Bit": when the Write Login bit is set to logic 1, modification of EEPROM content is protected. Writing any word using Write Word command or changing protection using Protect command, can be done upon successful execution of a login command.
46
EM4222300MHz~2GHzRead only, 64 Bitsnone
47
EM4223 (replaces EM4035/EM4135)800MHzRead only, 128 Bitsnone
48
EM4233SLIC13.56 MHzR/W, 1K BitsISO15693The enhanced 32 bit password (pwd changeable by write password command only in Secure Mode.) security feature permits a flexible administration of the memory access rights which makes it the right solution for advanced theft protection. In Secure mode (logging with password), the write access to the user’s data memory depends on Lock bits only. A pair of bits define the protection status of the corresponding user’s data memory page against reading and/or writing - Protection bit status is not taken in account in secure mode - Changeable in Secure mode by Protect Page command.
49
EM4233 2k13.56 MHzR/W, 2K BitsISO15693The customer data privacy and security is guaranteed by a powerful and fast crypto engine implemented in the chip associated with a true random generator and a 96 bit secret key. The enhanced on-chip security feature permits a flexible administration of the memory access rights which makes it the right solution for advanced theft protection. Depending on the application requirements, in terms of security, the user can tailor and adjust the security level by selecting either a true mutual authentication process, a login procedure with a 32 bit password or use the chip as a plain text memory (smartcard).
50
EM4237SLIC13.56 MHzR/W, 1K BitsISO15693Security features based on a 32-bit password - Advanced NVM management access conditions - Memory blocks/pages Locking mechanism - Lock mechanism for AFI, DSFIS and EAS - Password protected EAS and AFI functionality - Destroy function to deactivate the chip forever.
51
EM423713.56 MHzR/W, 2K BitsISO15693Chip Security based on Grain128A crypto algorithm - Mutual Authentication based on challenge/response - Secure Messaging - encryption of the RF communication channel - Message Authentication Code (MAC) - Possibility to select security level based on a 32-bit password - Optional Random ID for enhanced security and privacy - EEPROM blocks/pages Locking mechanisms - Destroy function to deactivate the chip forever.
52
EM4269125 kHzR/W, 512 BitsISO FDX-BRead and write access to EEPROM can be protected by 32 bit password. All EEPROM words can be write protected by setting lock bits which transform them in read-only. 32 bit Password read and write protection
53
EM429413.56 MHzFront EndISO15693/ISO 14443A/BThe reader integrates the crypto algorithm of the EM4035 transponder IC associated with 4 secret keys. Each secret key is 96 bit length and it gives access to the EM4035 tag protected memory after a true mutual authentication process between the tag and the reader. The secret key can not be read by an external evice and their integrity is protected by a 32 bit password.
54
EM4298860~960 MHzDecoderISO18000UHF Decoder/Encoder circuit, iP-X, ISO 18000-6A/B & C compliant
55
EM4322125kHz+6.8MHzRead only, 64 Bitsnone
56
EM4324860~960 MHzRead only, 1024 BitsISO1800032-bit password-protected Kill command. 32-bit password-protected Access command. Anti-tearing feature to prevent malicious unlocking
57
EM4325860~960 MHzR/W, 4096 BitsISO1800032-bit password-protected Kill command. 32-bit password-protected Access command. BlockPermalock command for User memory (block is defined to be one page (4 words) in EEPROM. Only for User memory).
58
EM433313.56 MHzR/W, 1K System+4K User+64KCodeISO15693-ISO14443ASecurity thanks to Hardware AES-128-Hardware DES/3DES-Hardware Random Number Generator FIPS140-2. New stream cipher Grain128a with 128-bit key. High secure proprietary crypto with 96 bit key. Hardware Random Number Generator. Three pass mutual authentication according to standard ISO 9798-2. Data authenticity protected with 32 bits MAC. The VICC offers three modes of secure modes: Normal mode used by all users / Safe Access mode granted to power users / Administration mode for card personalization. The Safe Access and Administration mode can be protected by different level of security:
- Password protection
- Mutual authentication with proprietary crypto compliant with EM Microelectronic HF family
- Mutual authentication and MAC using new state-of-the-art stream cipher Grain128a
The Grain128a stream cipher uses key length of 128 bits and it allows not only mutual authentication but also message authentication code (MAC) of 32 bits to ensure security of all data transfers. Every page in full 4kB memory can be protected against read or write access separately using protection bits. The protected pages can be then accessed or modified only in Safe Access or Administration mode. Symmetric encryption / decryption algorithm can be achieved using AES, DES and Triple DES on chip HW accelerators. The crypto modes can be used in different modes as EBC, CBC and CTR. AES offers state-of-the-art security with 128 bit key length. DES/3DES offers backward compatibility to previous products.
59
EM4350/EM4150100~150 kHzR/W, 1K BitsThe memory can be secured by using the 32 bit password (stored in block0) for all write and read protected operations. The password can be updated, but never read. Also chip has a control word (block2-bit16 pwd on/off) and a protection word (block1 - set blocks protection for read/write).
60
EM4369125 kHzR/W, 512 BitsISO FDX-B32 bit Password read and write protection. Lock feature convert EEPROM words in read only. All EEPROM words can be write protected by setting lock
bits which transform them in read-only.
61
EM4444300MHz-2.4GHzR/W, 512 Bits7 pages of user programmable and lockable memory (64-bit pages)
62
EM4450/EM4550 (replaces EM4150/EM4350)125 kHzR/W, 1024 BitsThe memory can be secured by using the 32 bit password (stored in block0) for all write and read protected operations. The password can be updated, but never read. Also chip has a control word (block2-bit16 pwd on/off) and a protection word (block1 - set blocks protection for read/write).
63
EM4469/EM4569 (same as EM4469 with extended range)100~150 KHzR/W, 512 BitsISO11785 CompatibleRead and write access to EEPROM can be protected by 32 bit password. All EEPROM words can be write protected by setting lock bits which transform them in read-only. 32 bit Password read and write protection. The 32 bit Password word has to be sent in Login command to enable password protected operations. the Password word can not be read out by Read Word command. The Protection word protects EEPROM words from being written. Every EEPROM word is protected by a pair of bits in Protection word. Once this bit pair is set to 11 the word cannot be written (it becomes read-only).
64
EM4522125kHz+6.8MHzR/W, 640 Bits7 pages of user programmable and lockable memory (64-bit pages).
65
EM4550/EM4450 (replaces EM4150/EM4350)125 kHzR/W, 1024 BitsThe memory can be secured by using the 32 bit password (stored in block0) for all write and read protected operations. The password can be updated, but never read. Also chip has a control word (block2-bit16 pwd on/off) and a protection word (block1 - set blocks protection for read/write).
66
NF413.56 MHzR/W, 8K/32K/64K BytesISO14443AThe chip security features are based on AES-128 cryptography. In order to enforce the confidentiality level of the data exchanged between the reader and the NF4 chip, the contactless communication can be optionally encrypted including also a Message Authentication Code (MAC). Optional Secure Messaging (SM). Encryption of the RF communication channelThe chip maximizes flexibility in terms of access conditions to memory data.
67
Atmel (acquired Temic Semiconductor's Integrated Circuit Business in 1998)TK5530125 kHzRead only, 126 Bitsnone
68
TK5551125 kHzR/W, 264 BitsISO11784, 11785The AOR mode is an anti-collision procedure for transponders to read, e.g., ten transponders in the field during 500ms (RF/32, maxblock 2). The number of transponders and the time to read out are dependent on the application. If the AOR mode has been configured by AOR bit at block 0, the transponder remains in sleep mode while putting it into the field. If the specified AOR wake-up command is sent, the dedicated transponder generates an internal RESET (see section “OP Code Formats” in the Atmel e5551 datasheet). Due to the RESET the transponder is woken up. That means, the transponder is able to modulate the field (read mode). The AOR wake-up command consists of the OP code and the 32-bit password. The time duration to send the AOR wake-up sequence is between 8.7ms and 27.5ms according to Figure 10-1. The time duration is dependent on the minimum/maximum values of the measured write-time frames and the content of the password. To select another transponder in the field, it is necessary to end the stop OP code to stop the modulation of the transponder. The blocks can be protected against overwriting by using lock bits.
69
e5561125 kHz36 BytesnoneThe blocks can be protected against overwriting by using lock bits. One block is reserved for setting the operation modes of the IC: the crypto circuit uses the certified AUT64 algorithm to encrypt the challenge which is written to the e5561. The computed result can be read out by the base station. Comparing the encryption results of the base station and the e5561, a high-security authentification procedure is established. This procedure requires the crypto key of the e5561 and the base station to be equal. The crypto key is stored in blocks 5 to 8 of the EEPROM and can be locked by the user to avoid read out or changes. Another block contains a password to prevent unauthorized writing: If the password (saved at block9) protection is enabled, the e5561 remains in ID mode even if it has received a correct write sequence. The only possible operation is to modify the content of block 9 by sending the correct password bits. In all other cases, an error handling procedure is started and the e5561 enters ID mode. A lock-bit is a physical part of the EEPROM's content and is under user control. The lock-bit protection mechanism has two different effects:
• Avoid programming (modifying data) of the EEPROM's blocks
• Avoid reading out the crypto key from the EEPROM using the direct-access mode
If the base station tries to read out the crypto key and the corresponding lock-bit is set, the e5561 will enter ID mode immediately. Once the crypto key lock-bit is set, the crypto key can not be modified or read out any more. There are several lock-bits available, each affecting a special data region of the EEPROM. The main groups of lock-bits are:
• Lock-bits to inhibit programming of the specified blocks of the EEPROM
• Lock-bits to inhibit programming of the specified blocks of a specific address range
In both cases, an attempt to modify a data region protected by a lock-bit will cause an error handling procedure (i.e., the e5561 enters ID mode).
70
ATA5550125 KHzR/W, 264 BitsThe blocks can be protected against overwriting. One block is reserved for setting the operation modes of the IC. Another block can obtain a password to prevent unauthorized writing
71
ATA5551125 KHzR/W, 264 BitsThe AOR mode is an anti-collision procedure for transponders to read, e.g., ten transponders in the field during 500ms (RF/32, maxblock 2). The number of transponders and the time to read out are dependent on the application. If the AOR mode has been configured by AOR bit at block 0, the transponder remains in sleep mode while putting it into the field. If the specified AOR wake-up command is sent, the dedicated transponder generates an internal RESET (see section “OP Code Formats” in the Atmel e5551 datasheet). Due to the RESET the transponder is woken up. That means, the transponder is able to modulate the field (read mode). The AOR wake-up command consists of the OP code and the 32-bit password. The time duration to send the AOR wake-up sequence is between 8.7ms and 27.5ms according to Figure 10-1. The time duration is dependent on the minimum/maximum values of the measured write-time frames and the content of the password. To select another transponder in the field, it is necessary to end the stop OP code to stop the modulation of the transponder. The blocks can be protected against overwriting by using lock bits.
72
T/TK/5552125 KHzR/W, 1024 BitsISO11784, 11785Bit 0 of every block is the lock bit for that block. Once locked, the block (including the lockbit itself) cannot be field-reprogrammed.
73
T5554100-150 KHzR/W, 264 BitsISO11784, 11785Blocks 1 to 6 are freely programmable. Block 7 may be used as a password. If password protection is not required, it may be used for user data. When password mode is on (usePWD = 1), the first 32 bits after the OP-code are regarded as the password. They are compared bit-by-bit with the contents of block 7, starting at bit 1. If the comparison fails, the IC will not program the memory, but restart in read mode at block 1 once writing has completed. Notes: (1) If PWD is not set, but the IC receives a write datastream containing any 32 bits in place of a password, the IC will enter programming mode. (2) In password mode, MAXBLK should be set to a value below 7 to prevent the password from being transmitted by (3) Every transmission of 2 OP-code bits, 32 password bits, one lock bit, 32 data bits and 3 address bits (= 70 bits) needs about 35 ms. Testing all 232 possible combinations (about 4.3 billion) takes about 40,000 h, or over four years. This is a sufficient password protection for a general-purpose IDIC. Bit 0 of every block is the lock bit for that block. Once locked, the block (including the lockbit itself) cannot be field-reprogrammed.
74
T5556125 KHzR/W, 256OTP+224 BitsBit 0 of every block is the lock bit for that block. Once locked, the block (including the lockbit itself) cannot be modified again during configuration.
75
ATA5557100-150 KHzR/W, 330 BitsIn password mode (PWD bit set), the direct access to a single block needs the valid 32-bit password to be transmitted. Bit 0 of every block is the lock bit for that block. Once locked, the block (including the lock bit itself) is not re-programmable through the RF field again.
76
ATA5558125 kHz1344 Bits (1024+320)ISO11784, 11785Password Protection - The user memory is subdivided into continuous page areas which can be configured so that write or read/write operations on blocks within these pages can only be carried out after the appropriate password has been transmitted to the tag (LoginRead or LoginWrite command). The read and write password protections are independent and user definable. The read and write passwords are found in blocks 54 and 55 and the page security levels are defined in the Page Security register of block 62. - Lock Bit - Each memory block, consists of 32 data bits and an associated lock bit. Once a block is locked (lock bit = 1), the entire block including the lock bit itself can no longer be reprogrammed. - Master Key - The Master Key controls various operating modes as described in Table 2-2. For production test purposes, other Master Key codes are used, but once the Configuration block has been double locked these test functions can never be reactivated. If the Master Key is set to 0110, the blocks within the system memory section have different access protection (see Figure 2-5 on page 7). These access rights are fixed and not influenced by the Page Security Register. Access to password protected system memory blocks can only be performed after the corresponding LoginWrite or LoginRead has been successfully executed. The password blocks themselves are non-readable. Traceability and configuration can always be read but the traceability data cannot be altered. A new ATA5558 device, when received by the customer can be considered as being unprogrammed (all 0 state), the only exception to this being the preprogrammed non-alterable traceability information. For the tag manufacturer to be able to easily set up the tag passwords, it is possible to provisionally switch the password protection off. i.e Master Key = 0. In this state, it is possible to read and write all non-locked (lock bits = 0) memory blocks irrespective of the page security. In this way, new tag passwords or Tag ID’s can be defined and written. Blocks, which have once been locked (block lock bit = 1) can however not be rewritten. When the customer has completed the tag configuration, the Master Key is set to the “safe” state (= 6) thus
enabling the full password protection, and then finally the configuration block itself may be locked. In this double locked condition, the configuration and all other locked blocks are irreversibly set and cannot be changed. This applies to both the user and the majority of the system memory blocks.
77
TK5561A-PP125 kHz128 bitsISO11784, 11785The on-chip non-volatile memory of the 320-bit EEPROM (10 blocks, 32 bits each) can be read and written blockwise by a read/write base station, e.g. based on the U2270B. Up to four blocks consisting of the user programmable ID code, the crypto key and configurations are stored in six blocks. The crypto key and the ID code can be individually protected against overwriting.
78
ATA5567 (upgraded version of ATA5557)100-150 KHzR/W, 330 BitsIn password mode (PWD bit set), the direct access to a single block needs the valid 32-bit password to be transmitted. Bit 0 of every block is the lock bit for that block. Once locked, the block (including the lock bit itself) is not re-programmable through the RF field again). In Temic datasheet a diagram mention the word "password" but it should be an error/typo.
79
ATA5570125 kHzRW, 330 BitsISO11784, 11785In password mode (PWD bit set), the direct access to a single block needs the valid 32-bit password to be transmitted. Bit 0 of every block is the lock bit for that block. Once locked, the block (including the lock bit itself) is not re-programmable through the RF field again.
80
ATA5577 (replaces ATA5567/T5557/TK5551)125 KHzR/W, 363 BitsISO11784/85 CompatiblePassword - When password mode is active (PWD = 1), the first 32 bits after the opcode are regarded as the password. They are compared bit by bit with the contents of block 7, starting at bit 1. If the comparison fails, the ATA5577 will not program the memory, instead it will restart in regular- read mode once the command transmission is finished. Note: In password mode, MAXBLK should be set to a value lower than 7 to prevent the password from being transmitted by the ATA5577. Each transmission of the direct access command (two opcode bits, 32-bit password, '0' bit plus 3 address bits = 38 bits) needs about 18 ms. Testing all possible combinations (about 4.3 billion) would take about two years. Each block
includes a single Lock bit (bit0) which is responsible for write-protecting the associated block. Once locked, the block (including the lock bit itself) is not re-programmable via the RF field - OTP Functionality - If the OTP bit is set to 1, all memory blocks are write protected and behave as if all lock bits are set to 1. If, in addition, the master key is set to 6, the ATA5577 mode of operation is locked forever (one-time-programming functionality). If the master key (bits form b1 to b4) is set to 9, the test-mode access allows the re-configuration of the tag.
81
ATA5575M1100-150 KHzR/W, 128 Bits (OTP)The lock bits of the Configuration register are the bits 1 to 5 of the configuration byte (byte 16) and are able to prevent the whole memory
of the Atmel ATA5575M1 from reprogramming. As long as the lock bits are set to '00000b' the memory is alterable and the device can be programmed by the customer. In this case the Atmel ATA5575M1 sends out dummy data (UNIQUE format with header and all digits set to '0'; By setting the lock bits to '01101b' the whole memory is locked and cannot be altered. After Reset the Atmel ATA5575M1 enters regular read mode and sends out the programmed user data. Consequently the user of a Transponder with an Atmel ATA5575M1 can be sure that the device is locked if the programmed data are read out after reset. In delivery state the lock bits are programmed to '00000b'. All other combinations of bit 1 - bit 5 are not defined and may lead to malfunction of the IC.
82
ATA5575M1100-150 KHzR/W, 128 Bits (OTP)ISO11784/85 - FDX-A/BThe lock bits of the Configuration register are the bits 1 to 5 of the configuration byte (byte 16) and are able to prevent the whole memory
of the Atmel ATA5575M1 from reprogramming. As long as the lock bits are set to '00000b' the memory is alterable and the device can be programmed by the customer. In this case the Atmel ATA5575M1 sends out dummy data (UNIQUE format with header and all digits set to '0'; By setting the lock bits to '01101b' the whole memory is locked and cannot be altered. After Reset the Atmel ATA5575M1 enters regular read mode and sends out the programmed user data. Consequently the user of a Transponder with an Atmel ATA5575M1 can be sure that the device is locked if the programmed data are read out after reset. In delivery state the lock bits are programmed to '00000b'. All other combinations of bit 1 - bit 5 are not defined and may lead to malfunction of the IC.
83
AT88RF00113.56 MHzR/W, 256 BitsISO14443BPassword checking (8 bytes password sotred in block3), data locking, a oneway counter. The LOCK command can be executed only after proper password validation has been performed. The LOCK command locks the addressed memory location from future changes. The memory location can still be read with proper password validation. The bits within the LockBits field correspond to the pages within the memory and, if set to “1”, prevent all future writes to the corresponding page; i.e., LockBits field bit 6 locks Page 6 when it is set to a “1”. There is no mechanism to ever “unlock” a page, so once a page is locked, it can never be unlocked and, as such, can never be modified. The 31-bit LockBits field is set to all “0”s upon shipment from the factory. The 16-bit value stored in the counter field of Page 2 is incremented by one each time COUNT is executed. Once the value of the counter reaches 0x8000, no further count operations will be executed, and Page 2 will be effectively locked against further modification. Password validation must occur before the COUNT command is permitted.
84
AT88RF02013.56 MHz256 BytesISO14443BPassword checking (8 bytes password sotred in block3), data locking, a oneway counter. The LOCK command can be executed only after proper password validation has been performed. The LOCK command locks the addressed memory location from future changes. The memory location can still be read with proper password validation. The bits within the LockBits field correspond to the pages within the memory and, if set to “1”, prevent all future writes to the corresponding page; i.e., LockBits field bit 6 locks Page 6 when it is set to a “1”. There is no mechanism to ever “unlock” a page, so once a page is locked, it can never be unlocked and, as such, can never be modified. The 31-bit LockBits field is set to all “0”s upon shipment from the factory. The 16-bit value stored in the counter field of Page 2 is incremented by one each time COUNT is executed. Once the value of the counter reaches 0x8000, no further count operations will be executed, and Page 2 will be effectively locked against further modification. Password validation must occur before the COUNT command is permitted.
85
AT88RF256125kHzR/W, 32 BytesPassword and Write Lock Protection. ID lenght programmable (4-19 bytes)
86
AT88SC0104CRF CRYPTO13.56 MHz128 BytesISO14443B- Symmetrical Dynamic Mutual Authentication with 64-bit Cryptographic Keys ((under exclusive patent license from ELVA))
- Encrypted Passwords with Attempts Counters
- Stream Encryption Ensures Data Privacy
- Four Key Sets for Authentication and Encryption
- Eight Sets of two 24-bit Passwords
- Selectable Access Rights by Zone
- Write Lock Mode
- Tamper Sensors
87
AT88SC0204CRF CRYPTO13.56 MHz256 BytesISO14443B
88
AT88SC0404CRF CRYPTO13.56 MHz512 BytesISO14443B
89
AT88SC0808CRF CRYPTO13.56 MHz1024 BytesISO14443B
90
AT88SC1616CRF CRYPTO13.56 MHz2048 BytesISO14443B
91
AT88SC3216CRF CRYPTO13.56 MHz4096 BytesISO14443B
92
AT88SC6416CRF CRYPTO13.56 MHz8192 BytesISO14443B
93
NXP (Philips)MIFARE Ultralight (MF0ICU1)13.56 MHzR/W, 64 BytesISO14443ALock bytes (block2) - They enable the user to lock parts of the complete memory area for writing. A Read from user memory area cannot be restricted via lock bytes functionality. OTP bytes - Block3 is the OTP page and it is preset so that all bits are set to logic 0 after production. These bytes can be bitwise modified using the WRITE command. The WRITE command bytes and the current contents of the OTP bytes are bitwise OR’ed. The result is the new OTP byte contents. This process is irreversible and if a bit is set to logic 1, it cannot be changed back to logic 0.
94
MIFARE Ultralight EV1 (MF0ULx1)13.56 MHzR/W, 128 BytesISO14443A3 independent 24-bit true one-way counters - Field programmable read-only locking function per page (per 2 pages for the extended memory section) - ECC based originality signature - 32-bit password protection to prevent unintended memory operations.
95
MIFARE Ultralight C (MF0ICU2)13.56 MHzR/W, 192 BytesISO14443ALock bytes - They enable the user to lock parts of the complete memory area for writing. A Read from user memory area cannot be restricted via lock bytes functionality. OTP bytes - Page 03h is the OTP page and it is preset so that all bits are set to logic 0 after production. These bytes can be bitwise modified using the WRITE command. The WRITE command bytes and the current contents of the OTP bytes are bitwise OR’ed. The result is the new OTP byte contents. This process is irreversible and if a bit is set to logic 1, it cannot be changed back to logic 0. 3DES Authentication proves that two entities have the same secret and each entity can be seen as a reliable partner for the coming communication. The applied encryption algorithm ek() is 2 key 3DES encryption.
96
MIFARE Mini (MF1ICS20)13.56 MHzR/W, 320 BytesISO14443AMutual three pass authentication (ISO/IEC DIS 9798-2);„ individual set of two 6 Bytes keys per sector (per application) to support multi-application with key hierarchy. The access conditions for every data block and sector trailer are defined by 3 bits, which are stored non-inverted and inverted in the sector trailer of the specified sector. The access bits control the rights of memory access using the secret keys A and B. The access conditions may be altered, provided one knows the relevant key and the current access condition allows this operation. Weakness: - Proprietary cipher - Short key (max. 48 bit) <-- Analytical attacks possible.
97
MIFARE Plus S 2K (MF1SPLUS6001/6011/6031)13.56 MHzR/W, 2K Byte; UID: 7BytesISO14443A / AES encryption- Access conditions freely configurable - Optional support of random IDs - -„ Multi-sector authentication, Multi-block read and write „- AES-128 used for authenticity and integrity - Anti-tearing mechanism for writing AES keys „- Keys can be stored as MIFARE CRYPTO1 keys (2 × 48-bit per sector) and as AES keys (2 × 128-bit per sector) -„ Basic support of virtual card concept - MIFARE Plus is available in two versions: MIFARE Plus S and MIFARE Plus X.
• The MIFARE Plus S (MF1SPLUSx0y1, is the standard version for straight forward migration of MIFARE Classic systems. It is configured to offer high data integrity
98
MIFARE Plus S 4K (MF1SPLUS8001/8011/8031)13.56 MHzR/W, 4K Byte; UID: 7BytesISO14443A / AES encryption
99
MIFARE Plus X 2K (MF1PLUS6001/6011/6031)13.56 MHzR/W, 2K Byte; UID: 7BytesISO14443A / AES encryption- Access conditions freely configurable - Optional support of random IDs - -„ Multi-sector authentication, Multi-block read and write „- AES-128 used for authenticity and integrity - Anti-tearing mechanism for writing AES keys „- Keys can be stored as MIFARE CRYPTO1 keys (2 × 48-bit per sector) and as AES keys (2 × 128-bit per sector) -„ Basic support of virtual card concept - MIFARE Plus is available in two versions: MIFARE Plus S and MIFARE Plus X.
• The MIFARE Plus X (MF1PLUSx0y1) offers more flexibility to optimize the command flow for speed and confidentiality. It offers a rich feature set including proximity checks against relay attacks.
100
MIFARE Plus X 4K (MF1PLUS8001/8011/8031)13.56 MHzR/W, 4K Byte; UID: 7BytesISO14443A / AES encryption
Loading...
Main menu