Transcription of MIFARE DESFire EV2 contactless multi-application IC
1 MF3D(H)x2 MIFARE DESFire EV2 contactless multi-application ICRev. 12 June 2019 Product short data sheet364232 COMPANY PUBLIC1 General DESFire EV2 contactless IC (MF3D(H)x2) is the latest addition to the MIFAREDESFire product family introducing new features along with enhanced performance forbest user experience. The MIFARE DESFire EV2 is Common Criteria EAL5+ securitycertified which is the same security certification level as demanded for smart card ICproducts used for banking cards or electronic passports. It fully complies withthe requirements for fast and highly secure data transmission and flexible applicationmanagement. This makes it the ideal product for service providers and service operatorswho want to offer an easy, convenient and secure access to a wide variety of DESFire EV2 offers best flexibility when creating multi-application schemes andfeatures such as MIsmartApp with multiple key sets and Transaction MAC are supportingnew business models.
2 Smart Cities services, for example, could be utilized with onlyone MIFARE DESFire EV2 card by combining services such as public transport, caror bike sharing, access to city attractions with citizen services, closed-loop e-paymentapplications and local loyalty DESFire EV2 is based on global open standards for both air interface andcryptographic methods. It is compliant to all levels of ISO/IEC 14443A and supportsoptional ISO/IEC 7816-4 commands (APDU and file structure supported) and is fullyinteroperable with existing NFC readers for MIFARE an on-chip backup management system and the mutual three-passauthentication, a MIFARE DESFire EV2 card1 can hold as many applications as thememory can accommodate. Each application can hold up to 32 files with various dataconfigurations. The size of each file is defined at the moment of its creation, makingMIFARE DESFire EV2 a truly flexible and convenient product.
3 An automatic anti-tearmechanism is available for all file types, guaranteeing transaction-oriented data main characteristics of this device are denoted by its name " DESFire ": DESindicates the high level of security using a 3 DES or AES hardware cryptographic enginefor confidentiality and integrity protection of the transmission data. Fire indicates itsoutstanding position as a Fast, Innovative, Reliable and Secure IC in the contactlessproximity transaction DESFire EV2 delivers the perfect balance of speed, performance and costefficiency. Its open concept allows seamless future integration of other ticketing mediasuch as smart paper tickets, banking convergence card, and mobile ticketing based onNear Field Communication (NFC) technology. It is also fully compatible with the existing1In this document the term MIFARE DESFire card refers to a MIFARE DESFire IC-based SemiconductorsMF3D(H)x2 MIFARE DESFire EV2 contactless multi-application ICMF3Dx2_MF3 DHx2_SDSAll information provided in this document is subject to legal disclaimers.
4 NXP 2019. All rights short data sheetRev. 12 June 2019 COMPANY PUBLIC3642322 / 27reader hardware platform of MIFARE products. MIFARE DESFire EV2 is your ticket tosecure contactless systems of MIFARE DESFire products familyMIFARE DESFire has evolved over time, enhancing its security properties to protectagainst current and future security threats, and adding new features to better suit intonew user DESFire EV2 is the third generation of the MIFARE DESFire products familysucceeding MIFARE DESFire EV1 contactless IC. It is functionally backward compatiblewith both MIFARE DESFire EV1 and MIFARE DESFire D40 (MF3 ICD40).Figure 1 shows the relationship between the three generations of MIFARE DESF ireproducts. The latest generation encompasses the features from the older generation(s).Therefore, allowing existing users of the older products to adopt the latest product withminimum or no changes to their DESFire EV2 can be used as a MIFARE DESFire EV1 in its default deliveryconfiguration.
5 Every new feature would require an activation and/or the use of +onHWandSW2KB,4KB,8KB,16 KBor32 KBEEPROMU nlimitedApplications,32files6filetypes-n ewTransactionMACfile17pFor70pFCCEAL4+onH WandSW2KB,4 KBor8 KBEEPROM28 Applications,32files5filetypes17pFor70pF Securemessaging(EV2):AES128 ImprovedISO7816-4 APDU andcmdsConfigurableATSwithFSCI settingupto128bytestransferbufferMIsmart AppTransactionMACM ultipleKeySetsMultiplekeysperaccessright sShared applicationmanagementUpdateRecordcommand VirtualCardArchitectureProximityCheckOri ginalityCheck4 KBEEPROM28 Applications,16files5filetypes17pFSecure messaging(D40):2 KTDEAandSingleDESISO7816-4 APDU andcmds(3)Automaticbackupmechanism1 PICCkey,14keysperAppHigherbaudrate(upto8 48kbps)Securemessaging(EV1):2 KTDEAand3 KTDEAandAES128 RandomIDISO7816-4 APDU andcmds(8)ISO7816-4filestructuresupportC onfigurableATSF igure 1. Evolution of MIFARE DESFireNXP SemiconductorsMF3D(H)x2 MIFARE DESFire EV2 contactless multi-application ICMF3Dx2_MF3 DHx2_SDSAll information provided in this document is subject to legal disclaimers.
6 NXP 2019. All rights short data sheetRev. 12 June 2019 COMPANY PUBLIC3642323 / 272 Features and interface: ISO/IEC 14443 Type A contactless interface compliant with ISO/IEC 14443-2/3 A Low Hmin enabling operating distance up to 100 mm (depending on power provided bythe PCD and antenna geometry) Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s 7 bytes unique identifier (option for Random ID) Uses ISO/IEC 14443-4 transmission protocol Configurable FSCI to support up to 128 bytes (256 bytes for 16 and 32 kB) frame memory 2 kB, 4 kB, 8 kB, 16 kB or 32 kB NV Data retention of 25 years Write endurance typical 500 000 cycles Fast programming cycles (erase/write) organization Flexible file system: user can freely define application structures on PICC Virtually no limitation on number of applications per PICC (new) Up to 32 files in each application (6 file types available.)
7 Standard Data file, Back-upData file, Value file, Linear Record file, Cyclic Record file and Transaction MAC file) File size is determined during creation (not for Transaction MAC file) Common Criteria certification: EAL5+ (Hardware and Software) Unique 7 bytes serial number for each device Optional "RANDOM" ID for enhance security and privacy Mutual three-pass authentication Mutual authentication according to ISO/IEC 7816-4 Flexible key management: 1 card master key and up to 14 keys per application Hardware DES using 56/112/168 bit keys featuring key version Hardware AES using 128-bit keys featuring key version Data authenticity by 8 byte CMAC Data encryption on RF-channel Authentication on application level Hardware exception sensors Self-securing file system Backward compatibility to MF3 ICD40: 4 byte MAC, CRC 16 NXP SemiconductorsMF3D(H)x2 MIFARE DESFire EV2 contactless multi-application ICMF3Dx2_MF3 DHx2_SDSAll information provided in this document is subject to legal disclaimers.
8 NXP 2019. All rights short data sheetRev. 12 June 2019 COMPANY PUBLIC3642324 / features on MIFARE DESFire EV2 MIsmartApp (Delegated Application Management) Memory reuse in DAM applications (Format Application) Transaction MAC on application level Multiple Key Sets per application with fast key rolling mechanism (up to 16 sets) Accessing files from any two applications during a single transaction Multiple keys assignments for each file access right (up to 8) Virtual Card Architecture for enhanced card/application selection on multi-VC deviceswith privacy protection Proximity Check for protection against Relay Attacks Originality Check for proof of genuine NXP s product New EV2 Secure Messaging based on AES (similar with MIFARE Plus s securemessaging) 7816 compatibility Supports ISO/IEC 7816-4 file structure (selection by File ID or DF name) Supports ISO/IEC 7816-4 APDU message structure Supports ISO/IEC 7816-4 APDU wrapper for MIFARE DESFire native commands Supports ISO/IEC 7816-4 INS code A4 for SELECT FILE Supports ISO/IEC 7816-4 INS code B0 for READ BINARY Supports ISO/IEC 7816-4 INS code D6 for UPDATE BINARY Supports ISO/IEC 7816-4 INS code B2 for READ RECORDS Supports ISO/IEC 7816-4 INS code E2 for APPEND RECORD Supports ISO/IEC 7816-4 INS code 84 for GET CHALLENGE Supports ISO/IEC 7816-4 INS code 88 for INTERNAL AUTHENTICATE Supports ISO/IEC 7816-4 INS code 82 for EXTERNAL features Transaction-oriented automatic anti-tear mechanism Configurable ATS information for card personalization Backward compatibility mode to MIFARE DESFire EV1 and D40 (MF3 ICD40) Optional high input capacitance (70 pF) for small form factor designs (MF3 DHx2)NXP SemiconductorsMF3D(H)
9 X2 MIFARE DESFire EV2 contactless multi-application ICMF3Dx2_MF3 DHx2_SDSAll information provided in this document is subject to legal disclaimers. NXP 2019. All rights short data sheetRev. 12 June 2019 COMPANY PUBLIC3642325 / of key differences between MIFARE DESFire generationsTable 1 shows the key differences between each product generation of the MIFAREDESFire 1. Key differences between MIFARE DESFire generationsFeaturesMIFARE DESFire D40 MIFARE DESFire EV1 MIFARE DESFire EV2 Cryptography scheme(s)Single DES, 2 KTDEAS ingle DES, 2 KTDEA,3 KTDEA, AES128 Single DES, 2 KTDEA,3 KTDEA, AES128 Secure messaging(s)D40 NativeD40 Native, EV1D40 Native, EV1, EV2No. of applications2828No limitNo. of files per application163232 Max. no. of files with backup83232 ISO/IEC7816-4 commands388 (refine)Random IDNoYesYesConfigurable ATSNoYes, Historical bytes onlyYes, all parameters (FSCI supporting up to 256 bytes)Max.
10 Communication buffer64 bytes64 bytes128 bytes (2/4/8kB) or 256bytes (16/32kB)Chaining during data transferNative (AFh)Native (AFh)Native (AFh) or ISO/IEC14443-4 Multiple Key Sets with rollingNoNoYesMIsmartApp (DelegatedApplication Management)NoNoYesShared ApplicationManagementNoNoYesMultiple keys per access rightNoNoYesUpdateRecord commandNoNoYesTransaction MACNoNoYesVirtual Card ArchitectureNoNoYesProximity CheckNoNoYesOriginality CheckNoNoYesNXP SemiconductorsMF3D(H)x2 MIFARE DESFire EV2 contactless multi-application ICMF3Dx2_MF3 DHx2_SDSAll information provided in this document is subject to legal disclaimers. NXP 2019. All rights short data sheetRev. 12 June 2019 COMPANY PUBLIC3642326 / 273 Applications Secure public transport ticketing multi-application smart city and mobility card Secure access management Micro-payment and Loyalty Student ID Road tolling and parking Hospitality Event ticketingNXP SemiconductorsMF3D(H)x2 MIFARE DESFire EV2 contactless multi-application ICMF3Dx2_MF3 DHx2_SDSAll information provided in this document is subject to legal disclaimers.
