Home > Technology
MIFARE® DESFire® EV3: High-Security IC for Contactless Smart City Services
2023-10-26 View:
The features of the MIFARE DESFire EV3 IC reflect NXP’s continued commitment to secure, connected and convenient contactless Smart City services. As part of the MIFARE DESFire family, the latest family member combines enhanced performance with a greater operating distance and improved transaction speed compared to its predecessors, including:
- IC hardware and software certification according to Common Criteria EAL 5+
- Broad choice of open crypto algorithms based on DES, 2K3DES, 3K3DES, or AES
- SUN message authentication for advanced data protection
- Transaction Timer to mitigate man-in-the-middle attacks
- Seamless integration of mobile services in combination with MIFARE 2GO
Block Diagram
Features
RF interface: ISO/IEC 14443 Type A
- Contactless interface compliant with ISO/IEC 14443-2/3 A
- Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna geometry)
- Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
- 7 bytes unique identifier (option for Random ID)
- Uses ISO/IEC 14443-4 transmission protocol
- Configurable FSCI to support up to 256 bytes frame size
Non-volatile memory
- 2 kB, 4 kB, 8 kB
- Data retention of 25 years
- Write endurance typical 1 000 000 cycles
- Fast programming cycles
NV-memory organization and multi-application support
- Flexible file system: user can freely define application structures on PICC
- As many applications as memory size supports
- Up to 32 files in each application (6 file types available: Standard Data file, Back-up Data file, Value file, Linear Record file, Cyclic Record file and Transaction MAC file)
- File size is determined during creation (not for Transaction MAC file)
- MlsmartApp (Delegated Application Management)
- Memory reuse in DAM applications (Format Application)
- Factory loaded NXP's DAM keys for AppXplorer service support
- Accessing files from any two applications during a single transaction
Security and Privacy
- Common Criteria certification: EAL5+ (Hardware and Software)
- Unique 7 bytes serial number for each device
- Optional "RANDOM" ID for enhanced security and privacy
- Mutual three-pass authentication
- Mutual authentication according to ISO/IEC 7816-4
- Flexible key management: 1 card leader key and up to 14 keys per application
- Multiple key assignment for each file access rights (up to 8)
- Multiple Key Sets per application with fast key rolling mechanism (up to 16 sets)
- Hardware DES using 56/112/168 bit keys featuring key version
- Hardware AES using 128-bit keys featuring key version
- Data authenticity by 8 byte CMAC
- MF3ICD40 compatible mode: 4 byte MAC, CRC 16
- Data encryption on RF-channel
- Authentication on application level
- Hardware exception sensors
- Self-securing file system
- Transaction MAC signed with secret key per application
- Virtual Card Architecture for enhanced card/application selection on multi-VC devices with privacy protection
- Proximity Check for protection against Relay Attacks
- Originality Check for proof of genuine NXP's product
ISO/IEC 7816 compatibility
- Supports ISO/IEC 7816-4 file structure (selection by File ID or DF name)
- Supports ISO/IEC 7816-4 APDU message structure
- Supports ISO/IEC 7816-4 APDU wrapper for MIFARE DESFire native commands
- Supports ISO/IEC 7816-4 INS code 'A4' for SELECT FILE
- Supports ISO/IEC 7816-4 INS code 'BO' for READ BINARY
- Supports ISO/IEC 7816-4 INS code 'D6' for UPDATE BINARY
- Supports ISO/IEC 7816-4 INS code '62' for READ RECORDS
- Supports ISO/IEC 7816-4 INS code 'E2' for APPEND RECORD
- Supports ISO/IEC 7816-4 INS code '88' for INTERNAL AUTHENTICATE
- Supports ISO/IEC 7816-4 INS code '82' for EXTERNAL AUTHENTICATE
Special features
- Transaction-oriented automatic anti-tear mechanism with new transaction timer support
- Configurable ATS information for card personalization
- Backward compatibility mode to MIFARE DESFire EV2, EV1 and D40 (MF3ICD40)
- Secure Unique NFC (SUN) enabled by Secure Dynamic Messaging (SDM) which is mirrored as text into the NDEF message (compatible with NTAG DNA)
- Optional high input capacitance (70 pF) for small form factor designs (MF3DHx3)
Comparison Table
|
MIFARE DESFire EV3
|
MIFARE DESFire EV2
|
MIFARE DESFire EV1
|
ISO/IEC 14443 A 1-4
|
Yes
|
Yes
|
Yes
|
ISO/IEC 7816-4 support
|
Extended
|
Extended
|
Extended
|
EEPROM data memory
|
2/4/8KB
|
2/4/8/16/32KB
|
2/4/8KB
|
Flexible file structure
|
Yes
|
Yes
|
Yes
|
NFC Forum Tag Type 4
|
Yes
|
Yes
|
Yes
|
Unique ID
|
7B UID or 4B RID
|
7B UID or 4B RID
|
7B UID or 4B RID
|
Number of applications
|
As many as memory size supports
|
As many as memory size supports
|
28
|
Number of files per app
|
32
|
32
|
32
|
Data rates supported
|
Up to 848 Kbit/s
|
Up to 848 Kbit/s
|
Up to 848 Kbit/s
|
Crypto algorithms supported
|
DES/2K3DES/
3K3DES/
AES128
|
DES/2K3DES/
3K3DES/
AES128
|
DES/2K3DES/
3K3DES/
AES128
|
CC certification (HW+SW)
|
EAL 5+
|
EAL 5+
|
EAL 4+
|
Delegated Application Management (Multi-Application)
|
Yes, preloaded keys
|
Yes
|
-
|
SUN (Secure Unique NFC Message)
|
Yes, compatible with NTAG DNA
|
-
|
-
|
Transaction MAC per app
|
Yes
|
Yes
|
-
|
Multiple keysets per app
|
Up to 16 keysets
|
Up to 16 keysets
|
-
|
Multiple file access rights
|
Up to 8 keys
|
Up to 8 keys
|
-
|
Inter-app file sharing
|
Yes
|
Yes
|
|
Transaction Timer
|
Yes
|
-
|
-
|
Virtual Card Architecture
|
Yes
|
Yes
|
-
|
Proximity Check
|
Yes
|
Yes
|
-
|
Delivery types
|
Wafer, MOA4 and MOA8
|
Wafer, MOA4 and MOB6
|
Wafer, MOA4 and MOA8
|
Applications
- Smart City
- Access Management
- Closed loop payments
- Loyalty
- Smart Lock
- Transport Ticketing