UNIVERSAL SMART CARDS & DESFire
Universal Smart Cards is a global producer and distributor of NXP MIFARE DESFire cards. Our manufacturing and production, includes our own ‘chip-to-antenna' bonding, which allows for the highest quality card production with the strongest read range. Universal Smart Cards produce millions of DESFire inlays, blank white DESFire cards as well as fully printed DESFire cards each year.
Universal Smart Cards also provide DESFire customized specifications as well as open standard solutions. As an NXP partner, we offer:
- DESFire consulting services
- Custom DESFire solution development
- Encrypted key management services at our own secure facility.
Together with our DESFire card production, we offer our clients a complete turn-key DESFire card solution.
NXP DESFire – USC CUSTOM SOLUTIONS
A custom DESFire solution allows full control over security, integration to any existing systems and proprietary ownership of the entire solution including key management.
Based on open global standards for both RF interface and cryptographic methods, the MIFARE DESFire product family provides highly secure microcontroller-based ICs. Its name, DESFire, references the use of DES, 2K3DES, 3K3DES, and AES hardware cryptographic engines for securing transmission data.
This family includes MIFARE DESFire EV1, MIFARE DESFire EV2, MIFARE DESFire EV3 and MIFARE DESFire Light products. This is ideally suited for solution developers and system operators building reliable, interoperable, and scalable contactless smart card solutions. MIFARE DESFire products enable multi-application smart card solutions for identity, access control, loyalty, and micropayment applications, as well as in transport schemes.
As an NXP partner, Universal Smart Cards have built many proprietary custom specifications for bespoke solutions on behalf of clients looking for unique credential security for their environment. For clients looking for full ownership and control of their own cryptography, credentials and custom key management, we offer consultancy & development services allowing integration into existing systems.
NXP DESFire – USC OPEN STANDARD SOLUTIONS
Open standard solutions require conformity to the predetermined specifications, but they are quick to develop and allow secure interoperability and key management.
This allows logical and physical access control and can work as a ‘one-card’ solution for cashless campus environments. This facilitates multiple custom applications as well as mobile, credential and key management, biometrics and allows the client to own their own keys. There is interoperability between other applications and systems. Development is quicker on an open standard and specifications, samples are provided. Existing readers may only need simple firmware updates to be compatible.
Markets include corporate offices, facilities management, universities, banks and any high security, multiple system application environment
Universal Smart Cards provide support and the tools for this, depending on which open standard solution is best suited for the client's requirements.
Below is a comparison chart which explains the differences between the DESFire solutions and typical standard OEM solutions as offered by HID, Identiv, Lenel, AssaAbloy etc.
High Level Comparison chart
|OEM (HID, Identiv etc)||DESFire Custom||DESFire Open Standard|
|Cost per card||High||Low||Medium|
|Reader options||OEM only||Various||Various|
|Limitations||OEM products only||None||Predetermined spec|
The NXP MIFARE® DESFire® family consists of various contactless ICs.
These are perfectly suited for solution developers, system operators and integrators. The platform allows an extremely reliable, interoperable and scalable contactless solution for development.
It allows multi-application card solutions for identity, access control, loyalty, logical access control and multi payment solutions. MIFARE DESFire allows fast and highly secure data transmission with various memory sizes and organization structures.
- Scalable and flexible
- Cost effective
- Physical and Logical Access Control
- Transportation & Ticketing
- Corporate Facilities Management
- Closed-loop payment (one-card cashless campus solutions)
- University Campus and Student ID cards
- Loyalty programs
- Government service and staff cards
Transportation & Ticketing
NXP MIFARE DESFire is fast becoming the global standard for transportation cards and ticketing solutions. The ability to develop custom tokens for specific transit schemes, together with the security of the DESFire platform makes DESFire the preferred solution. The reliability and speed of the DESFire card being read in high volume turnstile environments, makes this crucial to maintaining a streamlined ticketing environment. Many transport solutions also allow the same DESFire card to be used in other environments such as schools and university campuses as the student ID badge.
Corporate Facilities Management
Many banks, medical facilities, research labs and corporate offices are requiring higher security solutions for physical and logical access. NXP MIFARE DESFire offers a practical and cost effective solution, especially when implemented using an open standard solution. In many cases older existing readers do not need to be replaced and can simply be updated to read the DESFire custom key credential allowing for further savings.
Closed-loop payment (one-card cashless campus solutions)
Closed-loop payment solutions require a card that is secure and reliable. This applies to theme parks, festivals, universities, cashless campus solutions and any environment where the same card is required to work on various systems. NXP MIFARE DESFire provides a cost-effective platform for custom development and integration to any number of applications, without compromising security.
Government service and staff cards
The secure key encryption of NXP MIFARE DESFire offers a secure solution for many government facilities, and allows for both physical access control and logical access control. Both the open standard solution or a complete custom solution can be done, depending on the requirements. The cost of DESFire vs other OEM solutions together with the interoperability to other applications makes this an attractive option.
University Campus and Student ID cards
Many universities and schools around the world are looking at DESFire solutions to replace costly OEM solutions. The cost of re-badging an entire campus on an ongoing basis is very high. With increased data breaches at universities and older magnetic stripe and proximity cards no longer being secure, universities are looking for more secure solutions without a dramatic increase in the cost per card. In addition, many universities already have multiple legacy applications in place. DESFire allows for custom integration to any existing applications, where other EOM solutions may not. This allows universities to issue DESFire cards as student ID badges that also work with any of the existing campus applications including: access control, Point-Of-Sale, meal systems, library, parking, gyms, printing, transportation etc.
MIFARE GENERATIONS: EV1, EV2, EV3
There are 3 Generations of NXP MIFARE DESFire cards. These are backwards compatible, allowing a solution developed for one specific generation of DESFire to work with older generations of DESFire.
|Cryptography scheme||Single DES, 2KTDEA, 3KTDEA, AES128||Single DES, 2KTDEA, 3KTDEA, AES128||Single DES, 2KTDEA, 3KTDEA, AES128|
|Secure messaging||D40 Native, EV1||D40 Native, EV1, EV2 (see product data sheet)||D40 Native, EV1, EV2 (see product data sheet)|
|No of applications||28||No limit||No limit|
|No of files per application||32||32||32|
|Max no of files with backup||32||32||32|
|ISO/IEC7816-4 commands||8||8 (refined)||8 (refined)|
|Configurable ATS||Yes, historical bytes only||Yes, all parameters||Yes, all parameters|
|Max communications buffer||64 bytes||Up to 128 bytes||Up to 256 bytes|
|Chaining during data transfer||Native (AFh)||Native (AFh) or ISO/ IEC14443-4||Native (AFh) or ISO/ IEC14443-4|
|Multiple Key Sets with rolling||No||Yes||Yes|
|MIsmartApp (Delegated Applications Management)||No||Yes||Yes|
|NXP AppXplorer supports||No||Yes, self configuration||Yes, preload DAM keys|
|Multiple keys per access right||No||Yes||Yes|
|Secure Dynamic Messaging||No||No||Yes|
|Virtual Card Architecture||No||Yes||Yes|
One key important feature is that EV2 has Delegated Key Management system, called MiSmartApp, that allows applications to be added later, in the field if required, without having to share the master key and compromising the security of the product or solution.
DESFire EV3 (EV3 & EV3C)
The DESFire EV3 is the latest evolution of secure memory RFID smart chips from NXP. EV3 brings enhanced performance, greater operating distance and improved transaction speeds when compared to its predecessors. The IC is certified to Common Criteria EAL 5+ and supports a broad choice of crypto algorithms based on DES, 2K3DES, 3K3DES, or AES.
Applications such as access management, transportation, cash purse, and many more can all be one product which delivers significant benefits to both operators and end users alike. DESFire EV3 is pre-configured with delegated management keys for over-the-air updates to already issued cards makes it possible to easily deploy and update Smart City services whilst protecting the security and privacy of the users.
New features for EV3 are: Transaction-oriented automatic anti-tear mechanism with new transaction timer support, Configurable ATS information for card personalization, Backward compatibility mode to MIFARE DESFire EV2, EV1 and D40, Secure Unique NFC (SUN) enabled by Secure Dynamic Messaging (SDM) which is mirrored as text into the NDEF message (compatible with NTAG DNA), NFC Forum Type 4 Tag certified, Optional high input capacitance (70 pF) for small form factor designs.
There are two versions of this. There is DESFire EV3 and DESFire EV3C.
The EV3C has all the features above plus MIFARE Classic 1K support. This means that selected data within the DESFire files can be mapped to a Classic 1K memory layout. This will allow the chip to be read as a Classic or as a DESFire providing a migratory path to those who currently use Classic and want to move to DESFire using a staged approach. The Classic functionality can be disabled in the card at a later stage.
EV3 Key Features & Benefits
- Enhanced Security - Certified to Common Criteria EAL 5+
- Transaction Timer to mitigate man-in-the-middle attacks
- Seamless integration of mobile services in combination with MIFARE 2GO
- Broad choice of open crypto algorithms based on DES, 2K3DES, 3K3DES, or AES
As the next generation of NXP’s proven contactless MIFARE DESFire portfolio, the latest evolution of this chip enables a new array of smart city services, with enhanced performance, higher-level security features and seamless integration of mobile services.
It’s these enhanced features and backward compatibility that deliver faster and more secure transactions - making it perfect for accessing offices or campuses, paying for parking and other essential city services, touch-free.
Next Generation Advanced Security
MIFARE DESFire EV3’s vast set of security features enable more ways to protect data and help ensure privacy. Both hardware and software are Common Criteria EAL 5+ certified and the integrated circuit (IC) supports a wide range of open crypto algorithms.
This latest evolution of MIFARE DESFire has the edge on security. It features a card generated MAC, that helps to securely authenticate transactions and a new Transaction Timer feature that helps protect against man-in-the-middle attacks so it’s harder for attackers to interfere with a transaction.
It additionally features a new Secure Unique NFC (SUN) messaging feature that offers a more secure method for maintaining data confidentiality and integrity. Whenever a card, ticket or mobile is tapped with this feature enabled, a tap-unique authentication message and crypto- secure URL are generated that can be sent over to a server for verification, which makes the tap unclonable.
A Mobile Focus
MIFARE DESFire EV3 will be integrated with the MIFARE 2GO cloud service, which manages digitized MIFARE product-based credentials and helps streamline mobile integration via NXP’s ecosystem. This can enable contactless payments or access features using devices such smart phones, wearables and other mobile devices.
MIFARE DESFire EV3 chips are pre-configured with keys to enable delegated application management, which supports over-the-air updates to already issued smart cards using NFC enabled smartphones, making it easier to deploy additional services to existing users.
With the launch of MIFARE DESFire EV3, NXP is laying the foundation for a new level of connected smart city services that are form factor independent and can be available on a traditional smart card or mobile device.
Find out more...
As a MIFARE registered partner, Universal Smart Cards are here to answer any questions you may have on this latest product release. So, if you’d like to find out how MIFARE DESFire could support your application, contact us today and one of our specialists will be happy to help you.