MIFARE DESFire EV3 Chip Sets the Standard for High-Frequency Credential Technologies
NXP’s DESFire EV3 chip sets the standard for high-frequency credential technologies. It includes a security architecture that delivers layered, tamper-resistant protection, incorporating a Secure Identity Object data model for key diversification and authentication signatures.
It also offers a new function called Transaction Timer that mitigates Man-in-the-Middle attacks. These are just a few of the many features that make it an excellent choice for secure multi-application cards.
The DESFire® EV3 is the mifare desfire ev3 latest addition to NXP’s proven contactless MIFARE product family. It is fully backwards compatible with MIFARE DESFire EV1 and EV2 products, providing enhanced performance with greater operating distance, higher transaction speed and advanced security features.
This is accomplished through the use of a 3DES or AES hardware cryptographic engine for confidentiality and integrity protection of transmission data and an on-chip backup management system for secure data storage. Its high level of security allows for an extended range of applications such as smart ticketing and banking convergence cards, as well as for physical access control.
A key feature of DESFire EV3 that is also available in NXP’s DNA-type chips (NTAG424) is the ability to generate a unique authentication code each time the tag is read, so that even if the chip is copied, it cannot be used. This functionality is useful for protecting against Man-in-the-Middle attacks.
HID Global’s credential option based on MIFARE DESFire EV3 joins the company’s existing Seos credential technology and offers users a smooth migration path from vulnerable legacy, low-frequency 125 kHz-based systems to modern, secure credentials that support a broad range of applications and services such as smart parking, transport, security, access control and a host of other “Smart City” services. It supports a variety of application scenarios and uses, including combining with NXP’s MIFARE 2GO cloud service for digital credentials that can be deployed to NFC-enabled smartphones or wearables & accessories.
The MIFARE DESFire EV3 IC ushers in optimised performance, enhanced security and seamless integration of mobile services for a wide range of smart city applications. The chip is form factor independent, meaning it can be deployed on traditional cards as well as mobile devices.
A range of new security features ensures the IC is compliant with Common Criteria EAL 5+ certification, while a choice of open crypto algorithms based on DES, 2k3DES, 3k3DES and AES protect data against man-in-the-middle attacks. The IC also supports a transaction timer feature which limits the number of transactions to reduce the risk of card theft.
HID’s DESFire-based products implement the EV3 chip’s full security capabilities, including AES128 encryption, secure channel based file transfer and proximity checks. Additionally, a random unique identifier (UID) protects the user’s privacy by never revealing any information that could be used to identify the person in question.
The DESFire EV3 IC is ideally suited to closed-loop payment solutions and a wide range of other applications such as theme parks, universities, cashless campus systems and more. Its versatility means that one card can be used to access a variety of services and offers a cost-effective solution for those requiring a high level of security. It can even be used on a traditional card that has been paired with a smartphone for contactless mobile payments.
The DESFire EV3 is NXP’s latest evolution of secure memory RFID smart chips that enable a multitude of applications for the Smart City. The new IC offers enhanced performance with a greater operating distance and improved transaction speeds compared to its predecessors. Moreover, it is designed with additional features to ensure high security levels including a transaction timer function that can be used to help mitigate man-in-the-middle attacks and a wide choice of crypto algorithms certified according to Common Criteria EAL 5+.
HID credentials based on DESFire EV3 leverage security features such as AES128 encryption, secure channel-based file transfer and proximity checks to protect card data from attack. Additionally, the DESFire EV3C chip supports a random unique identifier to protect user privacy and also provides layered security via a Secure Identity Object (SIO) data model encoding. This makes it possible to implement a custom security profile on the credential that is compatible with older NFC readers.
Closed-loop payment solutions like those found in theme parks, events or cashless campus systems require mifare desfire ev3 a trusted and robust contactless solution for authentication and authorization. The DESFire EV3 is the perfect contactless chip for this purpose because it provides the highest level of security and supports multiple protocols in one single product. In addition, the EV3 is pre-configured with keys to enable delegated application management enabling the provision of over-the-air updates to already issued cards via NFC enabled smartphones.
NXP’s MIFARE DESFire EV3 is a secure platform for a wide range of Smart City services, such as public transport or access management. The IC offers an expanded security footprint with an extensive choice of open crypto algorithms – including DES, 3K3DES and AES – and is Common Criteria EAL5+ certified. The DESFire EV3 chip also features an optional 70pF read range optimization option to support small form factor applications and a transaction timer to help mitigate man-in-the-middle attacks.
HID’s credentials based on MIFARE DESFire EV3 enable a smooth migration path for customers from vulnerable legacy, low-frequency 125 kHz systems to a high-performance, secure solution. The EV3 credential works with the same readers as MIFARE DESFire EV1 and EV2 products, and is interoperable with HID’s iCLASS SE and multiCLASS SE readers.
The DESFire EV3 chips include a new generation of Secure Unique NFC messaging that acts as a measure of data integrity and security. When a card, ticket or mobile phone is tapped with this feature enabled, the tap creates a unique authentication message and secure URL that is verified with a server to prevent man-in-the-middle attack.
Combined with NXP’s MIFARE 2GO cloud service, which manages digitized MIFARE product-based credentials on smartphones and NFC wearable devices, DESFire EV3 can be used to enable contactless payments and logical access applications on NFC-enabled mobile phones or wearables. This can be an ideal solution for university campuses that want to enhance campus-wide security with a robust, cost effective solution without requiring re-badging of existing cards and the costly investment required by OEM solutions.