HF RFID at 13.56 MHz is governed by a set of overlapping standards from the International Organization for Standardization (ISO) and the NFC Forum industry consortium. Understanding how these standards layer on top of each other — and how commercial chip families map to them — is essential for making sense of library documentation, reader command sets, and error messages.
Three ISO standards define the physical and protocol layers at 13.56 MHz:
| Standard | Scope | Range | Common name |
|---|---|---|---|
| ISO 14443 | Proximity cards | < 10 cm | NFC / contactless smart card |
| ISO 15693 | Vicinity cards | up to ~1 m | RFID for libraries, ISO 18000-3 |
| ISO 18092 (ECMA-340) | NFC peer-to-peer | < 10 cm | NFC-IP-1 |
The NFC Forum — a consortium of companies including Sony, Philips (now NXP), and Nokia — built on top of these ISO standards to define interoperability specifications for NFC-enabled consumer devices.
ISO 14443 is a four-part standard for proximity integrated circuit cards (PICCs). “Proximity” means the operating distance is less than 10 cm.
Defines the card physical dimensions (credit card size, ID-1 format), operating temperature, and mechanical durability requirements.
Defines the carrier frequency (13.56 MHz ± 7 kHz), the power transfer method (inductive coupling), and the modulation schemes used for each type:
| Type | Reader → Card modulation | Card → Reader modulation |
|---|---|---|
| Type A | 100% ASK, modified Miller encoding | OOK subcarrier load modulation, Manchester encoding |
| Type B | 10% ASK, NRZ encoding | BPSK subcarrier load modulation, NRZ-L encoding |
Type A is more common for access control and transit applications. Type B is used by some banking cards and passports (ISO/IEC 7816-based applications).
The base bit rate is 106 kbps for both types. Higher bit rates (212, 424, 848 kbps) can be negotiated in ISO 14443-4.
This is where the protocol diverges most significantly between Type A and Type B.
The reader starts by sending a REQA (REQuest type A) command — a single byte 0x26. Any Type A card in the field responds with its ATQA (Answer To reQuest type A), a 2-byte value that encodes the anticollision loop type and the expected UID size.
ATQA (2 bytes):
Bit: 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
[proprietary ] [UID size ] [ RFU ] [bit frame anticoll]
00 = 4 bytes, 01 = 7 bytes, 10 = 10 bytesAfter receiving ATQA, the reader runs the bit frame anticollision loop (for single-size UIDs) or the cascade loop (for 7/10-byte UIDs) to isolate one card and retrieve its full UID.
Once a card is selected, the reader sends SELECT. The card responds with its SAK (Select AcKnowledge), a 1-byte value.
SAK interpretation (key bits):
| SAK bit 6 | SAK bit 5 | SAK bit 2 | Meaning |
|---|---|---|---|
| 0 | 0 | 0 | ISO 14443-3 compliant only (e.g. MIFARE Classic selected) |
| 0 | 0 | 1 | UID not complete (cascade level, send SELECT again) |
| 1 | 0 | 0 | ISO 14443-4 compliant (supports T=CL, e.g. DESFire, some banking cards) |
Common SAK values:
| SAK (hex) | Card type |
|---|---|
0x08 |
MIFARE Classic 1K |
0x18 |
MIFARE Classic 4K |
0x00 |
MIFARE Ultralight / NTAG |
0x20 |
ISO 14443-4 compliant (DESFire, Java Card) |
0x28 |
MIFARE Classic 1K + ISO 14443-4 |
Type B uses a probabilistic slot-based anticollision process. The reader sends REQB with a time slot count; each card picks a random slot number and responds in that slot. The reader then sends an ATTRIB command to select a specific card.
ISO 14443 supports three UID sizes:
The cascade anticollision protocol handles 7 and 10-byte UIDs by splitting the UID across multiple SELECT commands (Cascade Level 1, 2, 3), using the cascade tag byte 0x88 as a placeholder.
ISO 14443-4 defines the half-duplex block transmission protocol (T=CL) used by “high-level” cards that support APDUs. It adds:
Cards with SAK bit 5 set (0x20) support T=CL. MIFARE Classic does not — it uses its own proprietary protocol after SELECT instead of T=CL.
ISO 15693 operates at the same 13.56 MHz carrier but targets a much longer read range — up to ~1 m with an optimised reader antenna. This makes it suitable for scenarios where you want to read tags without close approach.
Key differences from ISO 14443:
| Property | ISO 14443 | ISO 15693 |
|---|---|---|
| Range | < 10 cm | up to ~1 m |
| Data rate | 106–848 kbps | 6.6–26.5 kbps |
| Anticollision | Bit-frame / probabilistic | Slot-based INVENTORY command |
| UID | 4/7/10 bytes | 8 bytes, always globally unique |
| Typical use | Smart card, NFC | Library books, industrial labels |
Common ISO 15693 chips: NXP ICODE SLI/SLI-S, Texas Instruments Tag-IT, Infineon SRF55.
NFC Forum Type 5 tags are ISO 15693 based. Some smartphone NFC controllers can read ISO 15693 tags (Android: NfcV technology class).
The NFC Forum publishes specifications that sit on top of the ISO physical layer standards. The Forum’s goal is interoperability: an NFC tag written by any compliant device should be readable by any other.
The NFC Forum defines five tag types. Each maps to a specific chip family or ISO standard:
| NFC Tag Type | Physical Technology | Chip Examples | Memory | Notes |
|---|---|---|---|---|
| Type 1 | ISO 14443-3A (Jewel/Topaz) | Broadcom BCM20203 | 96 bytes – 2 KB | Largely obsolete |
| Type 2 | ISO 14443-3A | MIFARE Ultralight, NTAG21x | 48 bytes – 888 bytes | Very common |
| Type 3 | JIS X 6319-4 (FeliCa) | Sony FeliCa Lite-S | 1 KB | Common in Japan |
| Type 4 | ISO 14443-4 (T=CL) | DESFire, JCOP | 4 KB – 32 KB | High capability |
| Type 5 | ISO 15693 | ICODE SLI | 256 bytes | Long range |
MIFARE Classic is notably absent from this table. MIFARE Classic predates the NFC Forum and is not compliant with any NFC Forum tag type. It uses a proprietary protocol (CRYPTO1) that the NFC Forum did not adopt. Many smartphones can read it (via low-level ISO 14443-3 access) but it is not an NFC Forum tag.
An NFC-enabled device (e.g. a smartphone) can operate in three modes defined by the NFC Forum:
Reader/Writer Mode: The device acts as an ISO 14443 or ISO 15693 reader, polling for tags and reading/writing NDEF data. This is what happens when you tap your phone to a smart poster or a payment terminal.
Peer-to-Peer Mode (NFC-IP-1/2): Two NFC devices exchange data using the LLCP (Logical Link Control Protocol) and SNEP (Simple NDEF Exchange Protocol). This was used for Android Beam (now deprecated). Both parties actively generate a field in an alternating fashion.
Card Emulation Mode: The device presents itself as an NFC tag to an external reader. The secure element (SIM card, embedded SE, or Host Card Emulation / HCE in software) handles the reader’s commands. This is how contactless payment apps work on phones.
When you bring a tag close to a reader, the following sequence occurs (for ISO 14443 Type A):
Reader Tag
|--- REQA (0x26) ---------------> |
|<-- ATQA (2 bytes) ------------| |
|--- SELECT CL1 (0x93 0x20) ---> |
|<-- UID bytes + BCC ------------| |
(if 7-byte UID, cascade continues)
|--- SELECT CL2 (0x95 0x20) ---> |
|<-- UID bytes + BCC ------------| |
|--- SELECT (with full NVB) ----> |
|<-- SAK (1 byte) + CRC --------> |
(if SAK bit 5 set, proceed to RATS for T=CL)
|--- RATS ----------------------> |
|<-- ATS (Answer to Select) ----> |
After this sequence the tag is “selected” — in an exclusive dialogue with the reader. Other tags in the field that lost the anticollision step are in a HALT state and will not respond until a WUPA/WUPB command is issued.
Understanding these three identifiers is fundamental:
UID (Unique IDentifier)
ATQA (Answer To reQuest type A)
0x0004 → MIFARE Classic 1K; 0x0044 → MIFARE UltralightSAK (Select AcKnowledge)
0x08 → MIFARE Classic 1K; 0x00 → MIFARE Ultralight; 0x20 → DESFire / Java CardWhen you pick up an unknown card with a reader, the standard identification sequence is:
Python libraries (nfcpy, pyscard) do steps 1–5 automatically and expose the results as tag object attributes. You typically just read tag.type, tag.identifier (UID), and tag.atq / tag.sak.
| ← Chapter 1: RFID Fundamentals | Table of Contents | Chapter 3: MIFARE Classic → |