A MIFARE card is a contactless smart card built on NXP Semiconductors' MIFARE technology. Operating at 13.56 MHz (ISO/IEC 14443A), MIFARE cards are the world's most widely deployed contactless card platform — with over 10 billion cards and 150 million readers sold globally. They are used in hotel access, public transit, campus ID, event ticketing, and payment systems.
The MIFARE family includes seven distinct product lines, each designed for different security levels, memory requirements, and budgets. For hotel key cards specifically, the most common choices are MIFARE Classic EV1 (budget properties), MIFARE Ultralight C (mid-range), and MIFARE DESFire EV3 (luxury and high-security hotels).
MIFARE Card Types Comparison
The table below compares all seven MIFARE card types by memory, encryption, typical use, and hotel suitability:
| MIFARE Type | Memory | Encryption | UID Length | Best For | Hotel Use |
|---|---|---|---|---|---|
| Classic EV1 1K | 1 KB (716 bytes usable) | Crypto-1 | 4 or 7 byte | Transit, basic access control | Budget hotels (Onity, ASSA ABLOY legacy) |
| Classic EV1 4K | 4 KB (3,440 bytes usable) | Crypto-1 | 4 or 7 byte | Multi-application cards | Properties needing loyalty + access on one card |
| Ultralight | 64 bytes (48 bytes usable) | None | 7 byte | Single-use tickets, events | Not recommended (no encryption) |
| Ultralight C | 192 bytes (144 bytes usable) | 3DES (112-bit) | 7 byte | Limited-use transit, hotel cards | Mid-range hotels (Saflok, Dormakaba) |
| DESFire EV3 | 2 KB / 4 KB / 8 KB | AES-128, 3DES, 3K3DES | 7 byte | High-security access, multi-app | Luxury hotels (ASSA ABLOY VingCard, SALTO) |
| DESFire EV Light | 640 bytes | AES-128, LRP | 7 byte | Transit, limited-use access | Economy hotels needing AES security |
| Plus EV2 | 2 KB / 4 KB | AES-128 (upgrades Crypto-1) | 4 or 7 byte | Upgrading Classic infrastructure | Hotels migrating from Classic to AES |
MIFARE Classic EV1
The MIFARE Classic EV1 is the most widely deployed contactless card in the world. The 1K variant stores up to 716 bytes of user data organized in 16 sectors. It communicates at 13.56 MHz and uses NXP's proprietary Crypto-1 encryption.
While Crypto-1 has known vulnerabilities (it was partially reverse-engineered in 2008), MIFARE Classic EV1 remains popular for hotel access because most legacy hotel lock systems — including older Onity and ASSA ABLOY models — were designed around it. The card is inexpensive (typically $0.15–$0.40 per unit at volume) and compatible with the largest installed base of readers worldwide.
For hotels considering new installations, MIFARE Classic is no longer recommended as a primary choice due to its weaker encryption. However, for properties with existing Classic-compatible infrastructure, the MIFARE Plus EV2 offers a direct upgrade path to AES-128 security without replacing readers.
MIFARE Ultralight and Ultralight C
The MIFARE Ultralight is a low-cost card with 64 bytes of memory and no encryption. It is designed for single-use or limited-use applications like transit tickets, event passes, and disposable access cards. At $0.08–$0.15 per unit, it is the cheapest MIFARE option — but the lack of encryption makes it unsuitable for hotel key cards where security matters.
The MIFARE Ultralight C adds 3DES (Triple DES) 112-bit encryption and increases usable memory to 144 bytes. This makes it a practical choice for hotel key cards in the mid-range segment. Dormakaba's Saflok system is one of the most widely deployed hotel lock platforms using Ultralight C cards. The encryption prevents card cloning while keeping per-card costs low ($0.20–$0.50).
MIFARE DESFire EV3
MIFARE DESFire EV3 is the most secure card in the MIFARE family. It supports AES-128, Triple-DES, and 3K3DES encryption with mutual authentication — meaning both the card and reader verify each other before data exchange. Built on the ISO/IEC 14443-4 standard, DESFire EV3 offers hardware-based security with a certified Common Criteria EAL5+ rating.
Key features for hotels:
- Memory options: 2 KB, 4 KB, or 8 KB — enough for multiple applications on a single card
- Up to 28 independent applications with separate keys
- Transaction MAC for audit trails
- Secure Dynamic Messaging (SDM) for NFC interactions
- Backward compatible with DESFire EV1 and EV2 infrastructure
MIFARE DESFire EV3 is the standard for luxury hotel brands. ASSA ABLOY's VingCard Essence and SALTO's XS4 platform both use DESFire EV3 as their primary card technology. At $0.50–$1.50 per unit, it costs more than Classic or Ultralight C, but provides the strongest security available in the MIFARE ecosystem.
MIFARE DESFire EV Light and Plus EV2
The DESFire EV Light is a cost-optimized version of DESFire that provides AES-128 encryption with 640 bytes of memory. It includes Leakage Resilient Primitive (LRP) cryptography for side-channel attack resistance. It's positioned for transit and limited-use hotel scenarios where full DESFire EV3 is overkill.
The MIFARE Plus EV2 is specifically designed for hotels and organizations upgrading from MIFARE Classic. It operates in three security levels: Security Level 1 (Classic-compatible), Security Level 2 (Classic with AES authentication), and Security Level 3 (full AES encryption). This allows hotels to upgrade card security without replacing their existing lock hardware — a major cost advantage for properties with hundreds of doors.
NTAG Chips
NTAG chips (NTAG213, NTAG215, NTAG216) are NXP's NFC tag product line, also operating at 13.56 MHz. While technically part of the NXP ecosystem alongside MIFARE, NTAG chips are designed for different applications — primarily NFC interactions with smartphones. They store 144 to 888 bytes of data in a compact 3.2 x 3.2 x 0.2 mm package.
In hospitality, NTAG chips are used in wristbands and smart posters rather than door access cards. Hotels embed NTAG213 chips in RFID wristbands for pool/spa access and cashless payments, while NTAG215 chips appear in interactive marketing materials and room service menus.
What Does 128-bit AES Authentication Mean in MIFARE Cards?
AES-128 (Advanced Encryption Standard with a 128-bit key) is the encryption used in MIFARE DESFire EV3, DESFire EV Light, and Plus EV2 cards. In practical terms, a 128-bit AES key has 3.4 × 10³⁸ possible combinations — brute-forcing it would take billions of years with current computing technology.
When a MIFARE DESFire card approaches a reader, both devices perform mutual authentication: the reader proves it has the correct key, and the card proves it has the matching key. Only after this two-way verification does the card grant access to its stored data. This prevents both card cloning (creating a duplicate) and eavesdropping (intercepting the communication).
For hotel applications, AES-128 means a guest's key card cannot be duplicated by holding a reader near it — unlike older Crypto-1 cards where cloning tools are commercially available for under $50.
What Is UID in MIFARE Cards?
UID (Unique Identifier) is a factory-programmed serial number assigned to each MIFARE card during manufacturing. It serves as the card's digital fingerprint:
- 4-byte UID (32-bit): Used in MIFARE Classic cards. Provides approximately 4.3 billion unique combinations. Some Classic cards use non-unique UIDs (NUID), which are reusable.
- 7-byte UID (56-bit): Used in MIFARE Ultralight C, DESFire, and Plus cards. Provides over 72 quadrillion unique combinations. All 7-byte UIDs are globally unique.
The first byte of the UID is the Manufacturer ID (NXP = 0x04). Hotel lock systems typically read the UID as the primary card identifier — when you check in, the front desk encodes your room number and access permissions onto the card, and the lock verifies the UID matches its expected guest card.
How to Check MIFARE Card Authenticity with NXP TagInfo
You can verify any MIFARE card using the free NXP TagInfo app on your smartphone:
- Download NXP TagInfo: iOS / Android
- Hold the MIFARE card against your phone's NFC antenna (usually near the top back of the phone)
- The app displays: IC type (e.g., "MIFARE DESFire EV3"), UID, memory size, and manufacturer
- Verify the IC type matches what you ordered — counterfeit cards often show as "MIFARE Classic" when "DESFire EV3" was specified
- Check the manufacturer field shows "NXP Semiconductors" — non-NXP chips are unlicensed clones
This verification is especially important for hotel procurement managers ordering cards in bulk. Counterfeit MIFARE cards are common in the market — a genuine DESFire EV3 costs $0.50–$1.50, while counterfeits may be offered at $0.10–$0.20 but lack the certified security features.
Which MIFARE Card Should Hotels Choose?
| Hotel Segment | Recommended Card | Lock Systems | Price Range |
|---|---|---|---|
| Budget / Economy | MIFARE Classic EV1 1K | Onity (legacy), Vingcard Classic | $0.15–$0.40 |
| Mid-Range | MIFARE Ultralight C | Dormakaba Saflok, Häfele Dialock | $0.20–$0.50 |
| Upscale / Luxury | MIFARE DESFire EV3 | ASSA ABLOY VingCard, SALTO XS4 | $0.50–$1.50 |
| Upgrading from Classic | MIFARE Plus EV2 | Any Classic-compatible reader | $0.30–$0.80 |
At PrintPlast, we manufacture all MIFARE card types in sustainable materials — including FSC-certified wooden key cards, recycled PVC cards, and PPH BioBoard cards. All materials are compatible with MIFARE Classic, Ultralight C, and DESFire EV3 chips. Contact us for a custom quote with your lock system specifications.
Frequently Asked Questions
What is the difference between MIFARE Classic and MIFARE DESFire?
MIFARE Classic uses Crypto-1 encryption (known vulnerabilities) with 1 KB or 4 KB memory. MIFARE DESFire EV3 uses AES-128 encryption (military-grade) with up to 8 KB memory and supports multiple independent applications. DESFire is recommended for new hotel installations; Classic is suitable for legacy systems.
Can MIFARE cards be cloned?
MIFARE Classic cards can be cloned using commercially available tools (Proxmark3, ACR122U) due to Crypto-1 vulnerabilities. MIFARE DESFire EV3 cards cannot be cloned — AES-128 mutual authentication and Common Criteria EAL5+ certification prevent duplication.
Which MIFARE card works with my hotel lock system?
Check your lock manufacturer's specifications. ASSA ABLOY VingCard typically uses DESFire EV1/EV2/EV3. Dormakaba Saflok uses Ultralight C. Onity legacy systems use Classic EV1. SALTO XS4 supports DESFire EV3. Häfele Dialock supports both Ultralight C and DESFire.
How long do MIFARE hotel key cards last?
MIFARE cards are rated for 100,000 read/write cycles. In typical hotel use (10–20 taps per day), a card lasts 2–3 years of continuous use. PrintPlast wooden MIFARE cards have been tested to exceed 200,000 cycles.
What is the read range of a MIFARE card?
Standard MIFARE cards have a read range of 1–10 cm depending on the reader antenna. Hotel door locks are designed for 2–4 cm range to prevent accidental reads from adjacent rooms. Long-range readers (up to 10 cm) are used in elevator and common area access.
Are MIFARE cards compatible with mobile key solutions?
MIFARE DESFire EV3 supports Secure Dynamic Messaging (SDM), enabling NFC smartphone interaction. Many hotel chains now offer mobile key alongside physical MIFARE cards, with both technologies coexisting on the same lock infrastructure.