More and more of daily life has become contactless. As we navigate through our lives, people around the world use devices like smartphones, wearables and smart cards to do things like pay for purchases, enter buildings, earn loyalty points and ride public transport. All these contactless transactions involve personal information that, if misused or stolen, can lead to serious consequences.
To reduce the risk of fraud and theft, contactless transactions need to be protected. The goal is to safeguard private data and thereby minimize the various threats. That’s why we have introduced a special IC family 16 years ago and several product evolutions since then, called the MIFARE Secure Access Module (SAM), to increase security for contactless transactions.
Dedicated Protection for Contactless Transactions
The MIFARE SAM is a secure microcontroller, based on an IC with a dedicated operating system and feature set, that stores and employs various cryptographic keys and their handling. Working in combination with MIFARE contactless ICs (which can be found inside a transport ticket or RFID key card), the MIFARE SAM is integrated in a contactless reader (for example a POS terminal, toll gate or door lock) to help enhance transaction security by providing added protection for storage and communication functions of secure keys. The MIFARE SAM helps establish a secure connection, so contactless devices can safely perform sensitive transactions while helping to ensure that those transactions remain secure.
The MIFARE SAM is specifically designed for use with NXP’s extensive portfolio of contactless MIFARE ICs (including MIFARE DESFire, MIFARE Plus, MIFARE Ultralight and even SmartMX solutions) and is now in its third generation.
Enhancing System Security with MIFARE SAM AV3
In situations where secure data handling, authentication and cryptography are musts, the MIFARE SAM AV3 helps enhance overall system security. The connection between the MIFARE SAM AV3 and the reader is protected using security protocols based on either symmetric cryptography (TDEA and AES) or PKI RSA asymmetric cryptography. The protocols comply with the state-of-art standards and as a result help ensure data confidentiality and integrity.
The MIFARE SAM AV3 offers also a special X-Mode that lets the device manage tasks relating to RF communication, for a simpler design that uses less code and reduces system complexity. Placing crypto functions needed for secure transactions into the MIFARE SAM AV3 reduces communication times and simplifies the design, for faster deployments. Operating in X-Mode also boosts performance in the reader, for faster communication between the tag, the reader and the SAM.
Supporting Smart City Applications
Since the MIFARE SAM is designed to work as a companion to secure MIFARE contactless ICs, it supports applications that use these ICs for contactless operations, such as transport ticketing, access control, loyalty and micropayments.
But our recently introduced MIFARE SAM AV3 extends well beyond the world of MIFARE, since the IC also supports NXP’s DNA variants in the NTAG (NFC), ICODE (HF) and UCODE (UHF) IC families. For example, because the UCODE DNA IC supports a read range of up to 15 meters, it can be used in systems which are based on RAIN RFID connectivity to support vehicle-related applications, such as automatic vehicle identification (AVI) and payments for road tolling. As another example, the MIFARE SAM AV3 can be used with NXP’s ICODE DNA ICs, which use vicinity RFID to read tags at up to 1.2 meters and automate supply-chain tasks such as identifying consumables. Finally, when used with NXP’s NTAG DNA ICs, the MIFARE SAM AV3 can work at close range to do other supply-chain related tasks, such as the identification and authentication of raw materials and replacement parts.
Part of NXP’s Broader Security Portfolio
As shown in the image, the MIFARE SAM AV3 is one part of NXP’s broader portfolio for system security. There is, for example, the TrustZone® feature for microcontrollers, which offers a baseline for secure operation. For sensitive, connected applications in the Internet of Things (IoT), NXP recommends the EdgeLock SE050 Plug & Trust Secure Element, which uses security based on enhanced Common Criteria EAL 6+ to deliver great protection against attack scenarios.
This is the first in a series of blogs that will introduce the MIFARE SAM AV3 and explain the ways it can enhance security in various applications. Our next blog will focus on contactless transactions used with vehicles, with a description of how the MIFARE SAM AV3 works with NXP’s UCODE DNA RAIN RFID ICs to help protect road-toll payments and vehicle identification.