Datasheet
NXP Semiconductors
MF0ICU2
MIFARE Ultralight C - Contactless ticket IC
MF0ICU2 All information provided in this document is subject to legal disclaimers. © NXP B.V. 2019. All rights reserved.
Product data sheet Rev. 3.3 — 30 July 2019
COMPANY PUBLIC 137633 13 / 36
# PCD Data exchanged PICC
2 ←
"AFh" ||
8 bytes
ek(RndB)
The PICC generates a 8 byte random
number RndB. This random number is en
ciphered with the key, denoted by ek(RndB),
and is then transmitted to the PCD.
3 The PCD itself generates a 8 byte random
number RndA. This RndA is concatenated
with RndB’ and enciphered with the key. Rn
dB’ is generated by rotating the original Rnd
B left by 8 bits. This token ek(RndA || RndB’)
is sent to the PICC.
→
"AFh" ||
16 bytes
ek(RndA || RndB’
)
4 ←
"00h" ||
8 bytes
ek(RndA’)
The PICC runs an decipherment on the
received token and thus gains RndA +
RndB’. The PICC can now verify the sent Rn
dB’ by comparing it with the RndB’ obtained
by rotating the original RndB left by 8 bits
internally.
A successful verification proves to the PICC
that the PICC and the PCD posses the same
secret key.
If the verification fails, the PICC stops the
authentication procedure and returns an
error message.
As the PICC also received the random
number RndA, generated by the PCD, it can
perform a rotate left operation by 8 bits on
RndA to gain RndA’, which is enciphered
again, resulting in ek(RndA’). This token is
sent to the PCD.
5 The PCD runs a decipherment on the
received ek(RndA’) and thus gains RndA’ for
comparison with the PCD-internally rotated
RndA’.
If the comparison fails, the PCD exits the
procedure and may halt the PICC.
6 The PICC sets the state to authenticate.
Step 2
The cryptographic method is based on 3DES in CBC mode.
See command details in Section 9.5. The used key is a double length DES Key; where
the parity bits are not checked or used.
7.5.6 3DES Authentication example
A numerical example of a 3DES authentication process is shown below in Table 9. The
key used in the example has a value of 49454D4B41455242214E4143554F5946h.
Table 9. Numerical 3DES authentication example
# PCD Data exchanged PICC
1 start the authentication procedure →
1Ah