Intrusion Prevention.Īdvanced Threat Protection. The clone card problem is really a “bad user experience problem”.Alerts No new notifications at this time. If this happen you have a problem! If someone is able to do this, it is also able to make a copy to a genuine MIFARE card. Second answer, someone find a way to steal the credentials and creates a duplicate. What I want to explain in my previous post is: if you are the issuer of the card, the question whether the card is a clone or not, lays in your hands! And looked at from the other side: what would you do if you detect a clone card in an end-users hand? First answer, it was issued in your office - and the ball is now in your court again. This means to protect your money and has nothing to do if the card is a clone card or not. What does this implies? If you deal with money accounts on smartcards you protect the account itself and the access conditions on the reader station against unauthorized access. I understand your concern about clone cards, but let us think a moment about the initial situation. I do not have any details yet but it might be interesting for you to know.
I have heard that the development team is going to include originality checking into the MIFARE SDK in one of the next releases. Hi CC, First of all I have to correct my statement in the previous post. So I'm thinking, is it possible for an app to know the originality of the DESFire? Hope to here from you soon.
If the card can be cloned and the app fails to detect the clone card, a cheater could abuse the card in online shops by tapping a clone card on his phone. However, on the application side, it also needs to make sure the card is not faked. In this scenario, the company can make sure that they issue the reliable DESFire cards to customers.
An application on Android is going to accept the payment by reading the card to deciding if the customer is really a registered customer and whether there is enough stored value in his card.
They can use the card value both in offline shops by tapping on a card reader and online shops by tapping to their Android phones. For example, a company issues the DESFire EV1 card as value cards, to customers. What confuses me is how can I know the card is the original one during the use. You are saying that the issuer should distribute reliable cards to end-users. With the NXP Originality Checker Reader you can get a reliable tool to check MIFARE products before these are issued to end-users. So, you as card issuer can participate on NXP’s efforts to guarantee the high quality of standards of our products. It is up to the card issuer to ensure no clones are issued to end-users. But it is detached from the role of implementing your application on a MIFARE DESFire EV1 (or EV2). To check if a card is a clone card or not is an important question. Hi, There is no component “NXP Originality Checker Reader” which we provide as a module for implement it in customer software.
But now that researchers have done the heavy lifting, subsequent cracks will be much, much simpler. Hackers, start your microscopes? The MiFare RFID hack, writes Geeta Dayal, used a few tools not in the arsenal of your average code-duffer.