What makes an RFID give "Access Granted" to a card?

Question

I am interested in integrating the RFID1356MIFARE with the ESP32-EVB and using it as a card reader over UART. Basically reading UIDs, writing commands to UART serial and granting access or not based on what the reader output is. Initially I've tried using this library: https://github.com/elechouse/PN532 but I found out that the RFID1356MIFARE firmware is not compatible with it.

I would like to understand how does a RFID reader grant access to a card, to open a door for example. Thanks to this thread: Mifare 1K authentication keys I am starting to understand how the two Authentication keys work.

What I still don't get is:

• who sets the authentication keys ?
• are these keys unique to every card ?
• are these keys stored in a reader ?
• can I read the keys from a card ? If yes, how ?
• are these keys the one that grant access to, say, a door that's linked to the reader ? If not, what makes a card to have access or not ?
• are these keys the only form of authentication ?
• is the UID used only for identification ?
• why are there 16 sectors if all the information is available in the first sector ? What is the purpose of being able to set different keys to each sector ?

The most important question I have is: what makes a card reader give "Access Granted" to a card ?

I've found these docs on Mifare Authentication and they mention Load Authentication Keys and Authentication commands for that specific reader. The reader that I am using has no such commands. Looking at this thread Mifare card security also made me realise that my card reader lacks some commands or that they are just very poorly documented.

I have also read the MIFARE docs from NXP, but there is nothing in there that I actually need.

Answer 1

Ok here is answer for your corresponding queries:

1. KEY A and KEY B are set by card manufacturer at default value(0xFF...). This can be changed later by user.
2. By default they are same for every card.
3. Both keys are stored in Card. Reader also needs to know these keys to be able to read your cards.
4. No you can't read keys from card unless you at least one of keys. reading of keys can be disabled all together even if you have access to any key.
5. No these key don't grant access to doors. They are used to grant read/write access to reader on their corresponding sector.
6. These keys are one of the form of authentication, usually for reader.
7. UID is almost useless for most authentication cases as any one can read and alter them.
8. Each sector has 3 data block and a pair of keys on last sector. These keys are needed to read data on first three block of sector.

So on overall, First you create a authentication/ Identification string and store it in data block of any sector(let's say sector 4). Then you need to change KEY A/B of that sector so that no one can read data from that sector except your own access control device. Now only reader that know your specific key can read data on sector 4 thus preventing cloning of card. your reader will read data from sector 4 and use the string you stored to check if that card has access or not. Hope I've cleared your query. The Mifare classic 1k datasheet has great deal of info about this, Check section 8.7 Memory Access.