The Mifare DESFire Chip
The RWTH BlueCard uses the worldwide preferred contactless Mifare smart card technology. At the heart of the Mifare smart card is a RFID processor chip (Radio Frequency Identification). This communicates with a base station through radio transmission. Thus, the card works without electricity. The data carrier contains a coil. When the card is placed through a certain magnetic field, the Mifare chip receives electricity through the coil. This means that direct contact with a reading device is unnecessary. Depending on the reading device of individual manufacturers, Mifare chips have a range of up to 100mm. Since the card uses radio transmission, there are no visual contacts, such as a crypto chip, on the card surface. This provides the advantage that the contacts cannot get dirty and a mechanical locking is impossible
The Mifare DESFire EV1 with 8kB of memory serves as the blank for the RWTH BlueCard. The processor chip has enough space for 28 applications, which can each store 32 files. The card fulfills the standards ISO 7816 and 14443.
The Card Serial Number "UID"
Every card possesses a distinct and unalterable serial number. This is abbreviated as "UID," which is short for "Unique Identifier." The serial number is 7 bytes. Since the UID is unencrypted on the card and in the worst case scenario can be replicated, RWTH Aachen has forgone the included functions and their uses.
Furthermore the UID distinctly matches the identity of the holder. Theoretically, an owner's movement profile can be created if the UID is read by a card reader. In order to avoid this, the RWTH BlueCard uses a random ID function. This process ensures that if a reading of the UID is unauthorized, that a random ID will be generated. This prevents a movement profile of the card holder from being created by foreign card readers.
AES (Advanced Encryption Standard) technology with a 128 bit keylength is used for data encryption and communication between the card and the card reader. The USA, for example, uses AES technology for the most highly classifed federal documents. Even the unused applications are encrypted, so that unauthorized data cannot be saved.
The RWTH BlueCard currently has ten applications upon delivery, from which only two are used at the beginning. This includes the Student Services payment function and the application for vote processing.
Different institutions also have access to various applications and codes. This guarantees that Student Services only has access to the payment function, but cannot read the information from other applications.
All other applications will be created for future application areas, in order to be as flexible as possible for new functions. Planned are, e.g. a self service function in the University Library or an individual function for printing, scanning, and copying. No data is saved in these areas of the chip.