Home/RFID & Campus Card Glossary

RFID & Campus Card Glossary

Plain-English reference for the terms that come up when scoping a campus card programme — chip standards, frequency bands, encryption, mobile wallets, and the platforms in the market today.

Standards & protocols

ISO 7810— ID-1, ID-2, ID-3: International standard defining the physical dimensions of identification cards. ID-1 (credit-card size, 85.6 × 54 mm) is the form factor used for student ID and access cards.
ISO 7816: Standard for cards with a visible gold contact chip. Defines pinout, electrical signals, and command set for contact smart cards.; Dual credential cards use ISO 7816 for the contact side and ISO 14443A for the contactless side. Banking EMV chip cards are ISO 7816 compliant.
ISO 14443A: International standard for proximity contactless smart cards operating at 13.56 MHz. The dominant standard for modern campus, banking, and access-control cards.; Type A defines the modulation, anti-collision, and transmission protocol. MIFARE, DESFire, NTAG, and most current contactless campus cards are ISO 14443A-compliant. Read range is typically 0–10 cm.
ISO 15693— Vicinity cards: Contactless smart card standard for vicinity reading at 13.56 MHz, with read range up to 1–1.5 m.; Used for library book tagging, asset tracking, and some access systems where longer read range is needed. Less secure than ISO 14443A for credential use.
ISO 9001: International quality management standard. ISO 9001 certification means a manufacturer follows a documented, audited quality process. CampusRFID is ISO 9001 certified.
FIPS 140-2: US federal standard for cryptographic modules. Required for federally funded research labs and many government-adjacent campus facilities.; When a campus environment requires FIPS 140-2 validated cryptography, the chip family (DESFire EV2/EV3, Seos) and the key-management process at the issuer both need to be in scope.
NFC— Near Field Communication: Short-range (≤4 cm) wireless protocol that extends ISO 14443 to peer-to-peer phone-to-reader and phone-to-tag interactions.; NFC is what makes Apple Wallet and Google Wallet campus credentials work. The phone emulates a contactless smart card in card-emulation mode.

Chip families

Smart Card: Any card with an embedded microprocessor or memory chip. Includes contact (ISO 7816), contactless (ISO 14443), and dual-interface cards. Distinct from magstripe-only cards.
MIFARE Classic: Legacy NXP contactless chip family using Crypto-1 (now considered broken). Still widely deployed in older campus systems but not recommended for new high-security applications.; Cryptographic vulnerabilities have been demonstrated since 2008. Cards can be cloned with consumer-grade hardware. Migration to DESFire EV2/EV3 is the standard upgrade path.
MIFARE DESFire EV1 / EV2 / EV3: NXP's high-security contactless chip family using AES-128 encryption and mutual authentication. EV3 (current generation) adds Secure Unique NFC and Transaction MAC.; DESFire EV2 and EV3 are the de-facto standard for modern high-security campus access. Each card holds multiple applications (access, payment, library) with separate keys. Cloning resistance is cryptographic, not just obscurity.
HID iCLASS SE / Seos: HID Global's high-security 13.56 MHz credential family. iCLASS SE is the legacy generation; Seos is the current generation with stronger key management and mobile credential support.; Common in North American and UK universities. Often deployed alongside Apple Wallet / Google Wallet via HID Mobile Access. Seos cards use a software-defined credential model that decouples the credential from the card medium.
LEGIC: Kaba/dormakaba's contactless chip family (LEGIC Prime, LEGIC Advant). Strong presence in Swiss and German-speaking university markets.; LEGIC Advant supports AES-128 and multi-application credentials similar to DESFire. LEGIC Prime is the older generation and should be migrated for new high-security deployments.
NTAG: NXP's NFC Forum-compliant tag family (NTAG213/215/216/424 DNA). Lower-cost than DESFire but suitable for marketing, event check-in, and lower-security applications.; NTAG 424 DNA adds AES-128 message authentication, making it appropriate for some access scenarios. Widely used in campus event credentials and library RFID tagging.
EM4100 / EM4200: Low-frequency (125 kHz) read-only chip families. Send a fixed serial number when energized. No encryption, easily cloned.; Common in legacy access systems and surface-parking cards. New deployments should use 13.56 MHz with AES-128 instead. Often paired with HF chips in dual-frequency cards for migration.

Frequencies & RFID protocol

LF 125 kHz: Low-frequency RFID band. Short range (5–15 cm), no encryption support, very tolerant of metal and water environments.; Dominant in legacy access systems (1990s–2000s). New campus deployments are migrating away from LF in favor of HF 13.56 MHz with AES-128 because LF credentials are trivially cloneable.
HF 13.56 MHz: High-frequency RFID band used by ISO 14443A, ISO 15693, NFC, MIFARE, DESFire, iCLASS, and Seos. The dominant frequency for modern campus credentials.; Read range 0–10 cm depending on antenna design. Supports AES-128 mutual authentication when paired with the right chip (DESFire EV2+, Seos).
UHF 860–960 MHz: Ultra-high-frequency RFID band. Long read range (1–10 m) used for asset tracking, parking, and library inventory — not typically for personal credentials.; ISO 18000-6C / EPC Gen 2 protocol. Impinj Monza is the dominant chip family. Range advantage comes with privacy and security trade-offs that make UHF unsuitable for student ID applications.
Read Range: Distance at which a reader can reliably energize and read a tag. Depends on frequency, antenna design, transmit power, and environment.; Typical LF range: 5–15 cm. HF range: 0–10 cm. UHF range: 1–10 m. Hand-presentation card readers are tuned for short range deliberately, to avoid reading the wrong cardholder's badge.
Anti-collision: RFID protocol layer that lets a reader detect and address multiple tags in the field simultaneously without their signals interfering.; ISO 14443A uses a binary tree-walking algorithm. Important for library RFID inventory (many books read at once) and for unintentional multi-card situations (two cards in the same wallet).

Encryption & security

AES-128: Advanced Encryption Standard with 128-bit key. The encryption used in MIFARE DESFire EV2/EV3 and HID Seos credentials.; Combined with mutual authentication (challenge-response), AES-128 makes each card tap a cryptographically signed transaction. Cloning a single card does not compromise the system if keys are diversified.
3DES— Triple DES: Older symmetric encryption algorithm using DES three times. Supported by some legacy chip families but officially deprecated by NIST in 2023.; DESFire EV1 supported 3DES; EV2 and EV3 added AES-128 and have superseded it. New deployments should use AES-128 throughout.
Crypto-1: Proprietary stream cipher used in MIFARE Classic. Reverse-engineered in 2008 and now considered fundamentally broken.; Crypto-1 weaknesses make MIFARE Classic cards cloneable with off-the-shelf NFC hardware (e.g. Proxmark). Any campus still on Classic should plan a migration to DESFire EV2/EV3 or Seos.
Diversified Keys: Key management technique where each card derives a unique authentication key from a master key plus the card's UID. Cloning one card does not reveal the master key.; The industry standard for production deployments. Master keys live in a Hardware Security Module (HSM) at the issuer, not on individual cards. CampusRFID can encode diversified keys at our facility.
Mutual Authentication: Cryptographic protocol where both card and reader verify each other before exchanging data. Prevents rogue readers from harvesting credentials and rogue cards from spoofing legitimate ones.
Replay Attack: Capturing a legitimate card-reader exchange and re-playing it later to impersonate the card. Defeated by mutual authentication with per-session random challenges.; Static-UID cards (MIFARE Classic, EM4100) are vulnerable to replay. AES-128 mutual authentication (DESFire EV2+, Seos) makes each exchange unique and unreplayable.

Mobile credential tech

Secure Element— SE: Tamper-resistant hardware chip inside phones and cards that stores cryptographic keys and runs sensitive code. Apple devices and most Android flagships have a Secure Element.; Mobile student ID credentials live inside the Secure Element, not in regular app storage. Express Mode taps work even when the phone is locked because the SE can authenticate without the OS.
HCE— Host Card Emulation: Android feature that lets an app emulate a contactless smart card via software (without a hardware Secure Element).; Some campus card platforms use HCE for non-flagship Android phones that lack a usable SE. Less secure than SE-backed credentials but more broadly compatible.
BLE— Bluetooth Low Energy: Short-range radio protocol used by HID Mobile Access and other mobile credential systems as an alternative or complement to NFC.; BLE has a longer reach (1–3 m) than NFC, useful for hands-free or 'twist-and-go' interactions. Requires the reader to support BLE — many newer HID readers do, most banking POS terminals do not.
SIO— Secure Identity Object: HID's data model for credentials on Seos. Decouples the credential from the card medium — the same SIO can live on a Seos card, a Seos USB token, or a mobile phone.
Express Mode: Apple Wallet feature that lets a credential be tapped without unlocking the phone or authenticating. Works for up to 5 hours after the phone's battery dies (Power Reserve).; Express Mode is essential for student ID — students should not need to unlock their phone to enter a building or pay for lunch. Each credential must be specifically enabled for Express Mode.
Apple Wallet (Student ID): Apple's mobile wallet platform with native support for university student IDs. Provisioned via campus apps and certified card platforms.; Requires the campus to be on a supported platform (Transact, CBORD, Atrium, or HID Mobile Access) and to complete Apple's certification process. Students provision the credential inside the campus app, not the Wallet app.
Google Wallet (Student ID): Google's mobile wallet platform with student ID support on Android phones with NFC. Provisioning flow mirrors Apple Wallet.; Available on Android 9+ with a campus card platform that has integrated with Google Wallet. Express Mode allows taps without unlocking the phone.

Card production & form factors

CR80— ID-1, credit card size: Standard credit-card form factor: 85.6 × 54 mm × 0.76 mm. The default for student ID and access cards.
Dual Credential Card— Dual interface card: Card with both a contact chip (visible gold pad) and a contactless RFID antenna in a single body. Lets one card work across legacy contact readers and modern contactless readers.; See our dedicated dual credential cards product page.
Magstripe— Magnetic stripe (HiCo / LoCo): Strip of magnetic material on the back of a card. HiCo (high-coercivity) holds data longer; LoCo (low-coercivity) is cheaper and used for short-lived cards.; Increasingly replaced by chip-based credentials, but still required by some legacy campus equipment (older laundry, vending, library checkout). Often included alongside RFID on transition cards.
Personalization: Production stage where each card is printed and encoded with cardholder-specific data: name, photo, ID number, magstripe data, and the chip's secret keys.; Done in two ways: at the manufacturer (bulk pre-personalized cards sent to campus) or on-site (campus issues blank cards in-house). CampusRFID supports both modes.
UID— Unique Identifier: Factory-set serial number on every RFID chip. Returned by the chip in the clear before any authentication. Used to derive diversified keys.; UIDs alone should not be used as a credential — they are trivially clonable. They serve as a card-identifying address, not a secret.

Platforms & operations

Campus Card Platforms: Software platforms that issue and manage campus credentials: Transact, CBORD, Atrium, Heartland, Blackboard Transact, HID Mobile Access. Each ties identity to access, payment, and dining rails.; See our campus card systems guide for a platform-by-platform comparison.
CMS— Card Management System: Software used by the card-issuing office to enrol cardholders, encode keys, print, and re-issue cards. Often part of a campus card platform.
SSO— Single Sign-On: Identity protocol that lets students sign into the campus card app, the LMS, Wi-Fi, library systems, and payment apps with one set of credentials. Common protocols: SAML, OIDC.
MOQ— Minimum Order Quantity: Smallest quantity a manufacturer will produce in a single run. CampusRFID's standard MOQ is 500 cards.

Picking the right chip for your campus

For new deployments and refresh cycles in 2026, the practical short list is:

MIFARE DESFire EV2 / EV3 — best fit for European universities, strong AES-128 security, multi-application support.
HID iCLASS Seos — best fit for North American campuses already on HID infrastructure, native Apple Wallet / Google Wallet support.
Dual credential — when you have a mixed legacy + modern reader fleet and need a single card that works across both.

High-security access cards →Dual credential cards →Campus card systems guide →