1.1 Introduction
MIFARE DESFire EV3 is the latest addition to the MIFARE DESFire product family introducing new feature along with enhanced performance for best user experience. The MIFARE DESFire EV3 is Common Criteria EAL5+ security certified which is the same security certification level as demanded for smart card IC products used e.g. for banking cards or electronic passports.
It fully complies with the requirements for fast and highly secure data transmission and flexible application management. This makes it the ideal product for service providers and service operators who want to offer an easy, convenient and secure access to a wide variety of different services.
Featuring an on-chip backup management system and the mutual three-pass authentication, a MIFARE DESFire EV3 card can hold as many applications as the memory can accommodate. Each application can hold up to 32 files with various data configurations.
The size of each file is defined at the moment of its creation, making MIFARE DESFire EV3 a truly flexible and convenient product. An automatic anti-tear mechanism is available for all file types, guaranteeing transaction-oriented data integrity.
The main characteristics of this device are denoted by its name "DESFire": DES indicates the high level of security using a 3DES or AES hardware cryptographic engine for confidentiality and integrity protection of the transmission data. Fire indicates its outstanding position as a Fast, Innovative, Reliable and sEcure IC in the contactless proximity transaction market.
MIFARE DESFire EV3 delivers the perfect balance of speed, performance and cost efficiency. Its open concept allows seamless future integration of other ticketing media such as smart paper tickets, banking convergence card, and MIFARE 2GO mobile ticketing service based on Near Field Communication (NFC) technology. MIFARE DESFire EV3 is your ticket to secure contactless systems worldwide.
All information provided in this document is subject to legal disclaimers.
1.2 Evolution of MIFARE DESFire products family
MIFARE DESFire has evolved over time, enhancing its security properties to protect against current and future security threats, and adding new features to better suit into new user requirements.
MIFARE DESFire EV3 is the fourth generation of the MIFARE DESFire products family succeeding MIFARE DESFire EV2. It is functionally backward compatible with all previous MIFARE DESFire generations, namely MIFARE DESFire EV2, MIFARE DESFire EV1 and MIFARE DESFire D40 (MF3ICD40).
The latest generation encompasses the features from the older generation(s).
Therefore, allowing existing users of the older products to adopt the latest product with minimum or no changes to their infrastructures.
MIFARE DESFire EV3 can be used as a MIFARE DESFire EV2 or a MIFARE DESFire EV1 in its default delivery configuration. Every new feature would require an activation and/or the use of new commands which is described in their respective sections in this document.
Key differences between MIFARE DESFire generations:
Features | MIFARE DESFire EV1 | MIFARE DESFire EV2 | MIFARE DESFire EV3 |
Cryptography scheme(s) | Single DES, 2KTDEA,3KTDEA, AES128 | Single DES, 2KTDEA,3KTDEA, AES128 | Single DES, 2KTDEA,3KTDEA, AES128 |
Secure messaging(s) | D40 Native, EV1 | D40 Native, EV1, EV2 (see product data sheet ) | D40 Native, EV1, EV2 (see product data sheet ) |
No. of applications | 28 | No limit | No limit |
No. of files per application | 32 | 32 | 32 |
Max. no. of files with backup | 32 | 32 | 32 |
ISO/IEC7816-4 commands | 8 | 8 (refined) | 8 (refined) |
Random ID | Yes | Yes | Yes |
Configurable ATS | Yes, Historical bytes only | Yes, all parameters | Yes, all parameters |
Max. communication buffer | 64 bytes | up to 128 bytes | Up to 256 bytes |
Chaining during data transfer | Native (AFh) | Native (AFh) or ISO/ IEC14443-4 | Native (AFh) or ISO/ IEC14443-4 |
Multiple Key Sets with rolling | No | Yes | Yes |
MIsmartApp (Delegated Application Management) | No | Yes | Yes |
NXP AppXplorer supports | No | Yes, self configuration | Yes, preloaded DAM keys |
Shared Application Management | No | Yes | Yes |
Multiple keys per access right | No | Yes | Yes |
UpdateRecord command | No | Yes | Yes |
Transaction MAC | No | Yes | Yes |
Transaction Timer | No | No | Yes |
Secure Dynamic Messaging | No | No | Yes |
Virtual Card Architecture | No | Yes | Yes |
Proximity Check | No | Yes | Yes |
Originality Check | No | Yes | Yes |
Application:
• Secure public transport ticketing
• Multi-application smart city and mobility card
• Secure access management
• Micro-payment and Loyalty
• Student ID
• Road tolling and parking
• Hospitality
• Event ticketing