The security of data stored on the smartcard

The Mifare smartcard is one of the so-called “intelligent memory cards”.

The card and card reader communicate via a wireless link (13.56 MHz), which means that there are no visible contacts on the surface of the card. The antenna, which is necessary for wireless communication, is embedded around the edge of the card. Data and operating power are transmitted to the contactless Mifare chip through the antenna. The card’s construction allows for a maximum distance of 10 cm between card and reader antenna. This means that you can leave your smartcard in your wallet and simply place wallet and smartcard on the card reader at the checkout in order to deduct money from your card’s electronic wallet.

To avoid damaging the sensitive antenna coil in particular, the card should not be subjected to undue mechanical stress (bent or deformed).

The card has an installed capacity of one KB and a usable storage capacity of 768 bytes. The Mifare chip has a highly prestructured architecture consisting of 16 separate and independently usable sectors of equal fixed size. Access authorizations are separately assignable on a per-sector basis. Each sector is assigned a read key and a read/write key. This makes it possible to use the smartcard for multiple applications: each service can only access its ‘own’ sector: e.g. the canteen cannot access the library’s data.

The electronic wallet function uses anonymous payment, i.e. the checkout terminals only have access to the wallet and the card’s serial number, but not to the identity data (e.g. name, student ID or employee number) of the cardholder. This means however that if the card is lost, the wallet cannot be locked: the wallet function of a lost card can be used by third parties without restriction, i.e. the money that has been loaded onto a lost card can be “spent”.


For any questions please contact:

Thomas Franßen

Müller-Thurgau-Haus Raum 01.12
Tel. +49 6722 502 702
Fax +49 6722 502 710

Office hours:
Mo – Do  09.00 - 12.00 Uhr