About MIFARE® DESFire® EV2
2023-10-24 View:
MIFARE DESFire EV2 (MF3D(H)x2) is the latest addition to the MIFARE DESFire product family introducing new features along with enhanced performance for best user experience. The MIFARE DESFire EV2 is Common Criteria EAL5+ security certified which is the same security certification level as demand for smart card IC products used, e.g., for banking cards or electronic passports. It fully complies with the requirements for fast and highly secure data transmission and flexible application management.
MIFARE DESFire EV2 offers flexibility when creating multiapplication schemes and features such as MIsmartApp with multiple key sets and Transaction MAC are supporting new business models. Smart Cities services, for example, could be used with only one MIFARE DESFire EV2 card by combining services such as public transport, car or bike-sharing, access to city attractions with citizen services, closed-loop e-payment applications, and local loyalty programs.
MIFARE DESFire EV2 is based on global open standards for both air interface and cryptographic methods. It is compliant to all levels of ISO/IEC 14443A and supports optional ISO/IEC 7816-4 commands (APDU and file structure supported) and is fully interoperable with existing NFC reader infrastructure.
Featuring an on-chip backup management system and the mutual three-pass authentication, a MIFARE DESFire EV2 card can hold as many applications as the memory can accommodate. Each application can hold up to 32 files with various data configurations.
MIFARE DESFire EV2 delivers the perfect balance of speed, performance, and cost-efficiency. Its open concept allows seamless future integration of other ticketing media such as smart paper tickets, banking convergence card, and mobile ticketing based on Near Field Communication (NFC) technology. It is also fully compatible with the existing NFC reader hardware platform.
Block Diagram
Features
RF interface: ISO/IEC 14443 Type A
- Contactless interface compliant with ISO/IEC 14443-2/3 A
- Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna geometry)
- Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
- 7 bytes unique identifier (option for Random ID)
- Uses ISO/IEC 14443-4 transmission protocol
- Configurable FSCI to support up to 128 bytes frame size (new)
Nonvolatile memory
- 2 kB, 4 kB, 8 kB, 16 kB, or 32 kB NV
- Data retention of 25 years
- Write endurance typical 500 000 cycles
- Fast programming cycles (erase/write)
NV-memory organization
- Flexible file system: user can freely define application structures on PICC
- Virtually no limitation on the number of applications per PICC (new)
- Up to 32 files in each application (6 file types available: Standard Data file, Back up Data file, Value file, Linear Record file, Cyclic Record file, and Transaction MAC file)
- File size is determined during creation (not for Transaction MAC file)
Security
- Common Criteria Certification: EAL5+ (Hardware and Software)
- Unique 7 bytes serial number for each device
- Optional “RANDOM” ID to enhance security and privacy
- Mutual three-pass authentication
- Mutual authentication according to ISO/IEC 7816-4
- Flexible key management: 1 card leader key and up to 14 keys per application
- Hardware DES using 56/112/168 bit keys featuring key version
- Hardware AES using 128-bit keys featuring key version
- Data authenticity by 8 bytes CMAC
- Data encryption on RF-channel
- Authentication on application level
- Hardware exception sensors
- Self-securing file system
- Backward compatibility to MF3ICD40: 4 byte MAC, CRC 16
New features on MIFARE DESFire EV2
- MIsmartApp (Delegated Application Management)
- Memory reuse in DAM applications (Format Application)
- Transaction MAC on application level
- Multiple Keys Sets per application with fast key rolling mechanism (up to 16 sets)
- Accessing files from any two applications during a single transaction
- Multiple keys assignments for each file access right (up to 8)
- Virtual Card Architecture for enhanced card/application selection on multi-VC devices with privacy protection
- Proximity Check for protection against Relay Attacks
- Originality Check for proof of genuine NXP’s product
- New EV2 Secure Messaging based on AES (similar to MIFARE Plus’s secure messaging)
ISO/IEC 7816 compatibility
- Supports ISO/IEC 7816-4 file structure (selection by File ID or DF name)
- Supports ISO/IEC 7816-4 APDU message structure
- Supports ISO/IEC 7816-4 APDU wrapper for MIFARE DESFire native commands
- Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE
- Supports ISO/IEC 7816-4 INS code ‘B0’ for READ BINARY
- Supports ISO/IEC 7816-4 INS code ‘D6’ for UPDATE BINARY
- Supports ISO/IEC 7816-4 INS code ‘B2’ for READ RECORDS
- Supports ISO/IEC 7816-4 INS code ‘E2’ for APPEND RECORD
- Supports ISO/IEC 7816-4 INS code ‘84’ for GET CHALLENGE
- Supports ISO/IEC 7816-4 INS code ‘88’ for INTERNAL AUTHENTICATE
- Supports ISO/IEC 7816-4 INS code ‘82’ for EXTERNAL AUTHENTICATE
Special features
- Transaction-oriented automatic anti-tear mechanism
- Configurable ATS information for card personalization
- Backward compatibility mode to MIFARE DESFire EV1 and D40 (MF3ICD40)
- Optional high input capacitance (70pF) for small form factor designs (MF3DHx2)
Applications
- Smart City
- Event Ticketing
- Hospitality
- Loyalty
- Micro-payment
- Multiapplication Smart City and Mobility Card
- Road Tolling and Parking
- Secure Access Management
- Secure Public Transport Ticketing
- Student ID
