MIFARE® DESFire® EV3: High-Security IC for Contactless Smart City Services

MF3DHx3

The features of the MIFARE DESFire EV3 IC reflect NXP’s continued commitment to secure, connected and convenient contactless Smart City services. As part of the MIFARE DESFire family, the latest family member combines enhanced performance with a greater operating distance and improved transaction speed compared to its predecessors, including:

  • IC hardware and software certification according to Common Criteria EAL 5+
  • Broad choice of open crypto algorithms based on DES, 2K3DES, 3K3DES, or AES
  • SUN message authentication for advanced data protection
  • Transaction Timer to mitigate man-in-the-middle attacks
  • Seamless integration of mobile services in combination with MIFARE 2GO

Product Details

Select a section:

Block Diagram

MIFARE DESFire EV3 block diagram

MIFARE DESFire EV3 block diagram

Features

RF interface: ISO/IEC 14443 Type A

  • Contactless interface compliant with ISO/IEC 14443-2/3 A
  • Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna geometry)
  • Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
  • 7 bytes unique identifier (option for Random ID)
  • Uses ISO/IEC 14443-4 transmission protocol
  • Configurable FSCI to support up to 256 bytes frame size

Non-volatile memory

  • 2 kB, 4 kB, 8 kB
  • Data retention of 25 years
  • Write endurance typical 1 000 000 cycles
  • Fast programming cycles

NV-memory organization and multi-application support

  • Flexible file system: user can freely define application structures on PICC
  • As many applications as memory size supports
  • Up to 32 files in each application (6 file types available: Standard Data file, Back-up Data file, Value file, Linear Record file, Cyclic Record file and Transaction MAC file)
  • File size is determined during creation (not for Transaction MAC file)
  • MlsmartApp (Delegated Application Management)
  • Memory reuse in DAM applications (Format Application)
  • Factory loaded NXP's DAM keys for AppXplorer service support
  • Accessing files from any two applications during a single transaction

Security and Privacy

  • Common Criteria certification: EAL5+ (Hardware and Software)
  • Unique 7 bytes serial number for each device
  • Optional "RANDOM" ID for enhanced security and privacy
  • Mutual three-pass authentication
  • Mutual authentication according to ISO/IEC 7816-4
  • Flexible key management: 1 card leader key and up to 14 keys per application
  • Multiple key assignment for each file access rights (up to 8)
  • Multiple Key Sets per application with fast key rolling mechanism (up to 16 sets)
  • Hardware DES using 56/112/168 bit keys featuring key version
  • Hardware AES using 128-bit keys featuring key version
  • Data authenticity by 8 byte CMAC
  • MF3ICD40 compatible mode: 4 byte MAC, CRC 16
  • Data encryption on RF-channel
  • Authentication on application level
  • Hardware exception sensors
  • Self-securing file system
  • Transaction MAC signed with secret key per application
  • Virtual Card Architecture for enhanced card/application selection on multi-VC devices with privacy protection
  • Proximity Check for protection against Relay Attacks
  • Originality Check for proof of genuine NXP's product

ISO/IEC 7816 compatibility

  • Supports ISO/IEC 7816-4 file structure (selection by File ID or DF name)
  • Supports ISO/IEC 7816-4 APDU message structure
  • Supports ISO/IEC 7816-4 APDU wrapper for MIFARE DESFire native commands
  • Supports ISO/IEC 7816-4 INS code 'A4' for SELECT FILE
  • Supports ISO/IEC 7816-4 INS code 'BO' for READ BINARY
  • Supports ISO/IEC 7816-4 INS code 'D6' for UPDATE BINARY
  • Supports ISO/IEC 7816-4 INS code '62' for READ RECORDS
  • Supports ISO/IEC 7816-4 INS code 'E2' for APPEND RECORD
  • Supports ISO/IEC 7816-4 INS code '88' for INTERNAL AUTHENTICATE
  • Supports ISO/IEC 7816-4 INS code '82' for EXTERNAL AUTHENTICATE

Special features

  • Transaction-oriented automatic anti-tear mechanism with new transaction timer support
  • Configurable ATS information for card personalization
  • Backward compatibility mode to MIFARE DESFire EV2, EV1 and D40 (MF3ICD40)
  • Secure Unique NFC (SUN) enabled by Secure Dynamic Messaging (SDM) which is mirrored as text into the NDEF message (compatible with NTAG DNA)
  • Optional high input capacitance (70 pF) for small form factor designs (MF3DHx3)

Comparison Table

MIFARE DESFire EV3 MIFARE DESFire EV2 MIFARE DESFire EV1
ISO/IEC 14443 A 1-4 Yes Yes Yes
ISO/IEC 7816-4 support Extended Extended Extended
EEPROM data memory 2/4/8KB 2/4/8/16/32KB 2/4/8KB
Flexible file structure Yes Yes Yes
NFC Forum Tag Type 4 Yes Yes Yes
Unique ID 7B UID or 4B RID 7B UID or 4B RID 7B UID or 4B RID
Number of applications As many as memory size supports As many as memory size supports 28
Number of files per app 32 32 32
Data rates supported Up to 848 Kbit/s Up to 848 Kbit/s Up to 848 Kbit/s
Crypto algorithms supported DES/2K3DES/
3K3DES/
AES128		 DES/2K3DES/
3K3DES/
AES128		 DES/2K3DES/
3K3DES/
AES128
CC certification (HW+SW) EAL 5+ EAL 5+ EAL 4+
Delegated Application Management (Multi-Application) Yes, preloaded keys Yes -
SUN (Secure Unique NFC Message) Yes, compatible with NTAG DNA - -
Transaction MAC per app Yes Yes -
Multiple keysets per app Up to 16 keysets Up to 16 keysets -
Multiple file access rights Up to 8 keys Up to 8 keys -
Inter-app file sharing Yes Yes
Transaction Timer Yes - -
Virtual Card Architecture Yes Yes -
Proximity Check Yes Yes -
Delivery types Wafer, MOA4 & MOA8 Wafer, MOA4 & MOB6 Wafer, MOA4 & MOA8

Design Resources

Select a section:

Documentation

Quick reference to our documentation types.

Filters

1-5 of 8 documents

Show All

Hardware

Filters

1 hardware offering

Software

Filters

3 software files

Note: For better experience, software downloads are recommended on desktop.

Training

Filters

2 trainings

Support

What do you need help with?

  • Narrow your search
Search