Mifare Desfire authentication process / cloning protection
I am trying to write a small explanation for a customer, who wants to understand why his Mifare Desfire transponders are safe from being cloned.
I was trying to search for an easy scheme or text that explains how the authetication process using a Desfire transponder on a reader would work but I did not find one.
What I know is, that you write an application on a transponder. So, does this mean that the key for a such application is encrypted and written on the transponder?
And if so, what keeps me from copying that encrypted key on another transponder and holding it infront of the reader?
What I was thinking is that the reader only reads the encrypted key from the transponder, tries to encrypt it with its private key and uses the clear text key to check against a saved key in his system.
But I dont think its that simple, since then I would be able to copy it, just like I wrote?
I would be grateful if someone could explain it a bit better to me, thanks!