MIFARE — Contactless Smart Card Certifications

MIFARE is a family of contactless smart card ICs designed by NXP Semiconductors and widely deployed in transit ticketing, physical access control, and loyalty applications. MIFARE products are not a certification scheme in themselves, but specific MIFARE devices (particularly the secure variants in the MIFARE DESFire and MIFARE Plus families) are evaluated under Common Criteria and are frequently tracked alongside scheme certificates.

Key facts

• Authorizing body: Evaluations are performed under CC schemes such as BSI; MIFARE as a brand is owned by NXP
• Country / region: Global product; certifications are issued by national CC schemes (most commonly BSI)
• Year established: The first MIFARE products were released in 1994; secure variants have been CC-evaluated for two decades
• Product types: contactless smart card ICs (MIFARE DESFire, MIFARE Plus, MIFARE Ultralight variants)
• CCRA status: MIFARE products are typically certified under a CCRA authorizing scheme (BSI); MIFARE itself is a product family, not a scheme
• Canonical portal: NXP MIFARE page: https://www.nxp.com/products/mifare

Overview

NenkinTracker treats MIFARE as a dedicated data source because the certificates for MIFARE ICs are a well-defined set of hardware products that customers procure, deploy, and monitor distinctly from other smart card ICs. The relevant certifications are typically BSI CC certificates at EAL4+ with AVA_VAN.5, against smart card-oriented Protection Profiles.

How evaluations work under this scheme

MIFARE IC evaluations follow the standard CC flow at BSI: an accredited ITSEF evaluates the IC against the TOE’s Security Target and the relevant smart card PP. Attack methods follow joint interpretation documents developed by smart card scheme participants, with attack potential rated High for the secure variants. Maintenance reports extend certificates after minor hardware or firmware updates.

Notable product categories

• MIFARE DESFire family (EV1/EV2/EV3 and later) — the secure, CC-evaluated variants
• MIFARE Plus family — CC-evaluated smart card ICs for access and transit
• MIFARE Ultralight secure variants where CC certification is relevant
• MIFARE-compatible ICs from other vendors (tracked separately when present)

Relationship to CC baseline

MIFARE certification activity maps onto the Common Criteria baseline — ISO/IEC 15408, the CEM, and smart card interpretation documents. As a product family it does not alter the CC methodology; the MIFARE tag simply groups a set of high-assurance contactless IC certificates. Under EUCC, MIFARE IC certificates can transition into the EUCC high-level framework where issued by a participating NCCA.

Where to find official records

• NXP MIFARE product security pages: https://www.nxp.com/products/mifare
• BSI certified product list (for MIFARE ICs): https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Zertifizierung-und-Anerkennung/zertifizierung-und-anerkennung_node.html
• NenkinTracker consolidates MIFARE-family certificates with other smart card and IC certifications.

See also: BSI, EMVCo, Glossary.