NXP DESFire EV3
NXP DESFire EV3 is a contactless IC for secure access control and payment applications. It features a secure messaging mode, a customizable security environment and five AES 128-bit keys for monitoring access rights. It operates in ISO 14443-4 mode and supports NFC Forum Type 4 tags.
It is ideally suited for solution developers and system operators building reliable, interoperable and scalable contactless solutions. It offers new possibilities for multi-application schemes including micropayment, closed-loop e-payment and loyalty.
EV2 is backwards compatible
EV2 is backwards compatible with systems that used MIFARE DESFire EV1. The main advantage of EV2 is that it supports the same read and write cycles as EV1, but RFID Card Supplier has additional features. These include an on-chip backup management system and a mutual three-pass authentication process. This protects the data from unauthorized access. It also offers Staggered Key Management, whereby the administrator can assign specific keys to different applications.
Another feature is the ability to perform proximity detection on a chip. This means that a reader can verify whether a card, ticket or mobile device is in close proximity to the NFC reader. This can prevent cloning attacks and other cyberattacks.
The EV2 platform is ideal for applications that require higher security, such as closed-loop payments and membership cards. It provides a cost-effective solution, and it is form factor independent. It can be integrated into a wide range of products, including contactless smart cards and NFC enabled mobile devices. It is a secure and reliable platform that is able to support multiple applications and provide high performance for best user experience. It is also Common Criteria EAL5+ certified, which is the same level required for smart card ICs used in banking cards or passports. Its flexibility allows for multiple applications to be stored on a single EV2 IC.
EV3 is form factor independent
EV3 is the latest addition to NXP’s proven contactless MIFARE product family and enables the implementation of a range of applications on a single card. The IC is pre-configured with keys to enable delegated application management, making it possible to provide new services on existing smart cards via over-the-air updates. Using NFC-enabled smartphones, these upgrades can be implemented without the need to swap the card or reissue it.
The IC also provides a number of security features to help protect sensitive data. It is Common Criteria EAL5+ certified and supports a choice of open crypto algorithms. It also has a number of other features, such as a chip generated MAC and a transaction timer to help mitigate man-in-the-middle attacks. Combined with NXP’s AppXplorer cloud service, these can be used to provide new closed-loop e-payment applications for Smart City use.
HID’s credential based on DESFire EV3 enables users to move from vulnerable low-frequency 125 kHz technology with minimal impact on their existing physical access control program. It supports a variety of applications including public transportation, theme parks and city-based citizen services, cashless vending and local loyalty programs. It is also compatible with a wide range of existing readers, allowing for a cost-effective migration from the open standard solution to a custom key credential. This helps to eliminate the need for expensive readers to be replaced.
EV3 is integrated with the MIFARE 2GO cloud service
The EV3 is the third evolution of NXP’s proven contactless MiFare DESFire portfolio. It offers increased security for Smart City installations and enhanced features for end users. It also offers a greater operating distance and transaction speed than its predecessors.
The new IC is fully integrated with the MIFARE 2GO cloud service, which manages digitised credentials for NFC-enabled devices. This cloud-based platform makes it possible for smart cards, smartphones, and other products to upgrade their functionality over the air. This new feature is expected to reduce time-to-market and help address the needs of today’s consumers.
In addition to the reworked IC, NXP has also introduced the MIFARE 2GO mobile application that is designed to streamline integration for developers and enable a wider range of applications for EV3-based systems. The software, nxp mifare desfire which supports a wide variety of operating systems and device platforms, is available now on the NXP website.
In November 2010, researchers from Ruhr University published a paper detailing a side-channel attack against MIFARE product-based cards. The paper stated that the cards could be cloned using off-the-shelf hardware for less than $25. The researchers also made the software, firmware, and improved hardware schematics for their original cloning device publicly available on GitHub. This hack allowed them to re-program a MIFARE DESFire card in about 100 ms. The side-channel attack was a major blow to the security of MIFARE products, but NXP quickly responded with updated software and improved hardware.
EV3 is pre-configured with keys
The EV3 is pre-configured with keys, which makes it easier to use right out of the box. The chip is also backward compatible with MIFARE Classic, which means it can be used as an upgrade to existing systems. It uses the same fixed memory structure as MIFARE Classic, with sectors containing 3 blocks of 16 bytes of data and a block for 2 access control keys.
The MIFARE DESFire family is a series of contactless ICs that are perfect for solution developers and system operators who need to build reliable, interoperable, and scalable contactless smart card solutions for identity, access, loyalty, micropayment, and transport schemes. The ICs are named “DESFire” because they use a DES, 2K3DES, 3K3DES, or AES hardware cryptographic engine to encrypt transmission data. In addition, the ICs offer fast and highly secure data transmission, as well as flexible memory organization.
The latest evolution of DESFire is even more secure than previous generations, with increased performance and expanded security features. It includes a new transaction timer feature that helps protect against man-in-the-middle attacks, and it’s Common Criteria EAL 5+ certified. It’s also the preferred choice for ticketing and transit applications, because its speed and reliability are essential to high-volume turnstile environments. The MIFARE DESFire EV3 chips are pre-configured with keys to enable delegated application management, which supports over-the-air updates of previously issued smart cards using NFC enabled smartphones.
