NXP MIFARE® DESFire® EV3 2K
- Services running on MIFARE DESFire EV3 can be deployed to NFC mobile phones using MIFARE 2GO
- Preloaded keys for delegated application management allow to add new services to already deployed cards
- Functional backward compatibility to MIFARE DESFire EV2, MIFARE DESFire EV1 and D40 (MF3ICD40) offers a seamless upgrade path
- Improved operating range and higher transaction speeds compared to its predecessors enhance both user experience and security
- Optional high input capacitance (70 pF) for small form factor designs (MF3DHx3)
- Common Criteria EAL5+ certified for IC hardware and software
- NFC Forum Tag Type 4 certified
- SUN (Secure Unique NFC) message authentication for advanced data protection within standard NDEF read operation
- Flexible file structure for true multi-application operation
- Non-volatile memory
- 2 kB
- Data retention of 25 years
- Write endurance typical 1 000 000 cycles
- Fast programming cycles
- Inter-application file sharing enables multiple applications with a common purse
- Wide choice of open DES/2K3DES/3K3DES/AES crypto algorithms
- Optional “RANDOM” ID for enhanced security and privacy
- Mutual three-pass authentication
- Flexible key management: 1 card leader key and up to 14 keys per application
- Multiple key assignment for each file access rights (up to 8)
- Multiple key sets per application for post-issuance rolling application keys
- MF3ICD40 compatible mode: 4 byte MAC, CRC 16
- NV-memory organization and multi-application support
- Flexible file system: user can freely define application structures on PICC
- As many applications as memory size supports
- Up to 32 files in each application (6 file types available: Standard Data file, Back-up
- Data file, Value file, Linear Record file, Cyclic Record file and Transaction MAC file)
- File size is determined during creation (not for Transaction MAC file)
- MlsmartApp (Delegated Application Management)
- Memory reuse in DAM applications (Format Application)
- Factory loaded NXP’s DAM keys for AppXplorer service support
- Accessing files from any two applications during a single transaction
- Proof of transaction with card generated MAC
- Transaction Timer defends against man-in-the-middle attacks
- Virtual Card Architecture for enhanced card/application selection on multi-VC devices with privacy protection
- Proximity check to detect relay attacks
- Originality Check for proof of genuine NXP’s product
- Configurable ATS information for card personalization
- RF interface: ISO/IEC 14443 Type A
- Contactless interface compliant with ISO/IEC 14443-2/3 A
- Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna geometry)
- Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
- 7 bytes unique identifier (option for Random ID)
- Uses ISO/IEC 14443-4 transmission protocol
- Configurable FSCI to support up to 256 bytes frame size
- ISO/IEC 7816-4 compliant
- Supports ISO/IEC 7816-4 file structure (selection by File ID or DF name)
- Supports ISO/IEC 7816-4 APDU message structure
- Supports ISO/IEC 7816-4 APDU wrapper for MIFARE DESFire native commands
- Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE
- Supports ISO/IEC 7816-4 INS code ‘BO’ for READ BINARY
- Supports ISO/IEC 7816-4 INS code ‘D6’ for UPDATE BINARY
- Supports ISO/IEC 7816-4 INS code ’62’ for READ RECORDS
- Supports ISO/IEC 7816-4 INS code ‘E2’ for APPEND RECORD
- Supports ISO/IEC 7816-4 INS code ’88’ for INTERNAL AUTHENTICATE
- Supports ISO/IEC 7816-4 INS code ’82’ for EXTERNAL AUTHENTICATE
- Smart City
- Closed Loop Payments
- Smart Lock
- Access Management
- Transport Ticketing
- Public transportation
- Campus and student ID cards
- Loyalty Programs
- Event Tickets
- Gaming and Hospitality
|MIFARE DESFire EV3||MIFARE DESFire EV2||MIFARE DESFire EV1|
|ISO/IEC 14443 A 1-4||Yes||Yes||Yes|
|ISO/IEC 7816-4 support||Extended||Extended||Extended|
|EEPROM data memory||2/4/8KB||2/4/8/16/32KB||2/4/8KB|
|Flexible file structure||Yes||Yes||Yes|
|NFC Forum Tag Type 4||Yes||Yes||Yes|
|Unique ID||7B UID or 4B RID||7B UID or 4B RID||7B UID or 4B RID|
|Number of applications||As many as memory size supports||As many as memory size supports||28|
|Number of files per app||32||32||32|
|Data rates supported||Up to 848 Kbit/s||Up to 848 Kbit/s||Up to 848 Kbit/s|
|Crypto algorithms supported||DES/2K3DES/
|CC certification (HW+SW)||EAL 5+||EAL 5+||EAL 4+|
|Delegated Application Management (Multi-Application)||Yes, preloaded keys||Yes||–|
|SUN (Secure Unique NFC Message)||Yes, compatible with NTAG DNA||–||–|
|Transaction MAC per app||Yes||Yes||–|
|Multiple keysets per app||Up to 16 keysets||Up to 16 keysets||–|
|Multiple file access rights||Up to 8 keys||Up to 8 keys||–|
|Inter-app file sharing||Yes||Yes|
|Virtual Card Architecture||Yes||Yes||–|
|Delivery types||Wafer, MOA4, MOA8, 1FF (ID-1) & 2FF (SIM)||Wafer, MOA4, MOA8, 1FF (ID-1) & 2FF (SIM)||Wafer, MOA4, MOA8, 1FF (ID-1) & 2FF (SIM)|
MIFARE DESFire has evolved over time, enhancing its security properties to protect against current and future security threats, and adding new features to better suit into new user requirements.
MIFARE DESFire EV3 is the fourth generation of the MIFARE DESFire products family succeeding MIFARE DESFire EV2. It is functionally backward compatible with all previous MIFARE DESFire generations, namely MIFARE DESFire EV2, MIFARE DESFire EV1 and MIFARE DESFire D40 (MF3ICD40).
The relationship between the latest three generations of MIFARE DESFire products. The latest generation encompasses the features from the older generation(s). Therefore, allowing existing users of the older products to adopt the latest product with minimum or no changes to their infrastructures.
MIFARE DESFire EV3 can be used as a MIFARE DESFire EV2 or a MIFARE DESFire EV1 in its default delivery configuration. Every new feature would require an activation and/or the use of new commands which is described in their respective sections in this document.
|Write endurance [cycles]||1,000,000|
|Data retention [yrs]||25|
|Programming cycles (erase/write)||1 ms|
|Organization||Flexible file system|
|Unique serial number [byte]||7, cascaded|
|Random number generator||Yes|
|Access keys||14 keys per application|
|Multiple key sets||Up to 16 per application|
|Access conditions||Per File|
|AES, 3DES & DES Security||MACing/Encipherment|
|Anti-tear supported by chip||Yes|
|Common Criteria certification (HW+SW)||EAL5 +|
|Multi-application||Unlimited applications, MIsmartApp|
|Number of files per app||32|
|Purse functionality||Value file|
|Inter-app file sharing||Yes|
|Transaction MAC||Per application|
|Virtual smart card architecture||PICC and application level|
|Acc. to ISO 14443A||Yes-up to layer 4|
|Baud rate [kbit/s]||106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s|
|Operating distance [mm]||Up to 100|
MIFARE Explained | MIFARE DESFire EV3 IC
The MIFARE DESFire EV3 IC reflects NXP’s continued commitment to secure, connected and convenient Smart City services and combines enhanced performance with new security features. Its on board support for mobile devices and multiple applications on one card make it a great choice for both, consumers and service providers, in different applications such as transport ticketing, access control, loyalty programs and micropayments. In this 50 minutes training you’ll get an overview on technical and connectivity features of the chip, supported use cases, as well as mobile and multi-applications support.
MIFARE Explained | Security Level 3 (SL3) Capabilities
The Security Level (SL) concept of NXP’s MIFARE Plus EV2 IC allows for a step-by-step upgrade of the system’s security by switching only certain applications to a higher security level. The highest security level, SL3, offers support for AES-128 based secure messaging and thus helps to prove authenticity, confidentiality and integrity of transactions.
MIFARE Explained | Secure Dynamic Messaging (SDM)
The Secure Dynamic Messaging (SDM) feature allows to program NXP’s MIFARE DESFire EV3 IC in a way to store NDEF messages as defined in the NFC Forum Tag Type 4 specification. A unique IC individual NDEF message is generated on each tap, whereas a backend server evaluates the data that was generated by the IC.
MIFARE Explained | Transaction MAC
The Transaction MAC feature of NXP’s MIFARE DESFire EV3 and MIFARE Plus EV2 ICs can help to prevent fraudulent merchant attacks. It allows to prove the authenticity of executed transactions between the reader terminal and an IC inside a smart card.
MIFARE Explained | Transaction Timer
The Transaction Timer feature of NXP’s MIFARE DESFire EV3 and MIFARE Plus EV2 ICs defends against Man-in-the-Middle attacks. The new feature makes it possible to set a minimum time per transaction, so it’s harder for an attacker to interfere with the transaction. Learn more about the technical details of the Transaction Timer feature and how it can be used to make access control, transport ticketing, and micropayment installations more secure.
MIFARE DESFire EV2 smart card IC includes the MIsmartApp
Are you planning to offer contactless smart life services? Smart cards can be a powerful tool to host various contactless services, such as micropayments, access solutions, transport services – and even ticketing on one smart contactless card. The MIFARE DESFire EV2 smart card IC includes the MIsmartApp which can hold as many different applications as the memory size supports and new applications can be loaded after the card has been deployed into the market.
The MIFARE SDK is designed to provide access to all hardware features on Java level and enables Android apps to be created for MIFARE, ICODE and NTAG more easily than ever before. Leveraging the worldwide success of NXP´s product installations, the launch of MIFARE SDK opens up a world of new possibilities for creative Android application developers.
Have you ever counted how many cards per day you are using? In the end of the day why to use different card for every little thing you have to do? The MIFARE® DESFire® card is one single smart card where you can store all the other cards.
Support & Downloads
Software and Utilities
MIFARE Card Configuration Kit by CardLogix features the MIFARE Card Configuration Utility software program to configure a MIFARE or DESFire card’s file structure with Application IDs (AIDs), to set permissions and keys, and to load data to the card.
Our well known, widely deployed powerful MIFARE®Discover tool is commonly used by the MIFARE development community as it allows to access and handle any MIFARE family chip and data processing feature. This expert tool has been further enhanced to support the latest MIFARE family members of the MIFARE Plus® and the MIFARE DESFire® EV2 platform including the corresponding MIFARE SAM (Secure Access Module) solutions.
Furthermore, ICODE® and NTAG® platform support has been added to the feature set, covering NXP’s entire 13.56 MHz product portfolio now. To reflect these additions the MIFAREDiscover tool has been rebranded to RFIDDiscover.
The tool RFIDDiscover Lite can also be downloaded from MIFARE.net. The full version of the RFIDDiscover tool can be requested in the NXP DocStore – please search for “sw1866”.
TagXplorer PC-Based NFC Tag Reader-Writer Tool
NDEF reader/writer tool for Windows, Mac and Linux Desktop PCs for NXP NFC ICs
Similar to NXP’s TagWriter App for Android the new TagXplorer tool for PCs allows to read, analyze and write NDEF messages to NXP’s NFC tag and smart sensor ICs. The tool is designed using NXP’s TapLinx open Java API and it allows the user to perform NDEF Operations defined by NFC Forum on NFC Forum type 2 and 4 tags for NXP NFC Tag ICs.