Introduction
MIFARE DESFire EV2 contactless IC (MF3D(H)x2) is the latest addition to the MIFARE
DESFire product family introducing new features along with enhanced performance for
best user experience. The MIFARE DESFire EV2 is Common Criteria EAL5+ security
certified which is the same security certification level as demanded for smart card IC
products used e.g. for banking cards or electronic passports. It fully complies with
the requirements for fast and highly secure data transmission and flexible application
management. This makes it the ideal product for service providers and service operators
who want to offer an easy, convenient and secure access to a wide variety of different
services.
MIFARE DESFire EV2 offers best flexibility when creating multi-application schemes and
features such as MIsmartApp with multiple key sets and Transaction MAC are supporting
new business models. Smart Cities services, for example, could be utilized with only
one MIFARE DESFire EV2 Key Fob by combining services such as public transport, car
or bike sharing, access to city attractions with citizen services, closed-loop e-payment
applications and local loyalty programs.
MIFARE DESFire EV2 is based on global open standards for both air interface and
cryptographic methods. It is compliant to all levels of ISO/IEC 14443A and supports
optional ISO/IEC 7816-4 commands (APDU and file structure supported) and is fully
interoperable with existing NFC readers for MIFARE products.
Featuring an on-chip backup management system and the mutual three-pass
authentication, a MIFARE DESFire EV2 Key Fob 1 can hold as many applications as the memory can accommodate. Each application can hold up to 32 files with various data configurations. The size of each file is defined at the moment of its creation, making MIFARE DESFire EV2 a truly flexible and convenient product. An automatic anti-tear
mechanism is available for all file types, guaranteeing transaction-oriented data integrity.
The main characteristics of this device are denoted by its name “DESFire”: DES
indicates the high level of security using a 3DES or AES hardware cryptographic engine
for confidentiality and integrity protection of the transmission data. Fire indicates its
outstanding position as a Fast, Innovative, Reliable and Secure IC in the contactless
proximity transaction market.
MIFARE DESFire EV2 delivers the perfect balance of speed, performance and cost
efficiency. Its open concept allows seamless future integration of other ticketing media
such as smart paper tickets, banking convergence card, NFC KeyFob and mobile ticketing based on
Near Field Communication (NFC) technology. It is also fully compatible with the existing
Features and benefits
2.1 Features overview
2.1.1 RF interface: ISO/IEC 14443 Type A
ā¢ Contactless interface compliant with ISO/IEC 14443-2/3 A
ā¢ Low Hmin enabling operating distance up to 100 mm (depending on power provided by
the PCD and antenna geometry)
ā¢ Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
ā¢ 7 bytes unique identifier (option for Random ID)
ā¢ Uses ISO/IEC 14443-4 transmission protocol
ā¢ Configurable FSCI to support up to 128 bytes (256 bytes for 16 and 32 kB) frame size
2.1.2 Non-volatile memory
ā¢ 2 kB, 4 kB, 8 kB, 16 kB or 32 kB NV
ā¢ Data retention of 25 years
ā¢ Write endurance typical 500 000 cycles
ā¢ Fast programming cycles (erase/write)
2.1.3 NV-memory organization
ā¢ Flexible file system: user can freely define application structures on PICC
ā¢ Virtually no limitation on number of applications per PICC (new)
ā¢ Up to 32 files in each application (6 file types available: Standard Data file, Back-up
Data file, Value file, Linear Record file, Cyclic Record file and Transaction MAC file)
ā¢ File size is determined during creation (not for Transaction MAC file)
2.1.4 Security
ā¢ Common Criteria certification: EAL5+ (Hardware and Software)
ā¢ Unique 7 bytes serial number for each device
ā¢ Optional “RANDOM” ID for enhance security and privacy
ā¢ Mutual three-pass authentication
ā¢ Mutual authentication according to ISO/IEC 7816-4
ā¢ Flexible key management: 1 card master key and up to 14 keys per application
ā¢ Hardware DES using 56/112/168 bit keys featuring key version
ā¢ Hardware AES using 128-bit keys featuring key version
ā¢ Data authenticity by 8 byte CMAC
ā¢ Data encryption on RF-channel
ā¢ Authentication on application level
ā¢ Hardware exception sensors
ā¢ Self-securing file system
ā¢ Backward compatibility to MF3ICD40: 4 byte MAC, CRC 16
