Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

SL1SL3 MixMode Feature Slide 1 SL1SL3 MixMode Feature Slide 2 SL1SL3 MixMode Feature Slide 3 SL1SL3 MixMode Feature Slide 4 SL1SL3 MixMode Feature Slide 5 SL1SL3 MixMode Feature Slide 6
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

SL1SL3 MixMode Feature

Download to read offline

The SL1SL3MixMode feature of NXP’s MIFARE Plus EV2 IC allows to configure the IC to accept Crypto-1 as well as AES authentication on card or on sector-per-sector basis. With this, only security relevant applications can be upgraded to SL3, to enable new use cases such as for example Over-the-Air top-ups with an NFC-enabled mobile phone.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

SL1SL3 MixMode Feature

  1. 1. EXTERNAL NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V. J U LY 2 0 2 0 Presenter Daniel Rinner, Product Manager, NXP Semiconductors Security Level SL1SL3MixMode A MIFARE Plus® EV2 KEY FEATURE VIDEO
  2. 2. 1EXTERNAL ADDING VALUE TO EXISTING INFRASTRUCTURES UNTIL UPGRADING TO SECURITY LEVEL 3 V I A S L1 S L 3M I XM OD E TO S U P P O R T S E AM L ES S C RY P TO -1 & AE S AU T H E N T I C AT I O N • The SL1SL3MixMode feature allows the card issuer to configure the IC to accept Crypto-1 & AES authentication on card or on sector-per- sector basis • Once the SL1SL3MixMode feature is enabled, the card can be managed in a secure end-to-end (E2E) channel while the reader infrastructure stays as is − No need to invest into reader infrastructure while still enhancing customer experience • Allows to manage the MIFARE Plus EV2 product-based card with an NFC enabled mobile phone securely Over-The-Air (OTA), e.g. top-ups • Eases the migration of contactless cards to higher security (in existing infrastructures) by supporting the restriction of access rights in SL1 and helps to limit fraud by using Transaction Timer and originality checks • Helps to minimize the total cost of ownership by upgrading only security relevant applications to AES Enhancing customer experience of legacy Crypto-1 infrastructures Allows to upgrade security relevant applications only Secure E2E backend connection to manage card
  3. 3. 2EXTERNAL ADDING VALUE TO EXISTING INFRASTRUCTURES UNTIL UPGRADING TO SECURITY LEVEL 3 V I A S L1 S L 3M I XM OD E TO S U P P O R T S E AM L ES S C RY P TO -1 & AE S AU T H E N T I C AT I O N Crypto-1 Crypto-1 Successful Crypto-1 Transaction Existing Infrastructure Successful AES Transaction Secure Backend connection AES 128-bit Backend AES Key AES Key SL1SL3MixMode SL1SL3MixMode Service App AES 128-bit Crypto-1 Key Crypto-1 Key
  4. 4. 3EXTERNAL Security Level 0 Initial delivery Security Level 1 Crypto-1 SL1SL3 MixMode Crypto-1 & AES Security Level 3 AES Card basis Card or Sector basis Card or Sector basis Card or Sector basis On MIFARE Plus EV2 • SL1SL3MixMode can be enabled by switching the security level of either the full card of each specific sector into SL1SL3MixMode • To enable sector wise security switching the SectorSwitch byte stored in the MFPConfigurationBlock (B000h) must be changed to Aah − Change can be applied with a WritePerso during personalization in SL0 • It is recommended to write all AES keys during personalization in SL0 – key 9007h is the SL1SL3SectorSwitchKey • MIFARE Plus EV2 offers the restricted use of data and value blocks in Crypto-1 by overruling access conditions in the sector trailer − Exception can be done using value pairs to allow only a decrement operation in SL1, and not an incremental one − Only by using an AES authentication the content of a value block can be written or incremented TECHNICAL DETAILS: HOW TO ENABLE THE SL1SL3MIXMODE ON THE CARD Card basis Card basisCard basis
  5. 5. 4EXTERNAL MORE INFORMATION ABOUT THE TRANSACTION TIMER FEATURE Item Number Availability Datasheet - MIFARE Plus EV2 DS5223 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 Features and Hints AN5762 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 personalization commands AN5763 NXP DocStore (confidential) Application Note - Card coil design notes for MIFARE Plus EV2 AN5759 NXP DocStore (confidential) Application Note - Comparison between MIFARE Plus EV2 and previous types AN5760 NXP DocStore (confidential) Application Note - Originality Signature Validation AN5764 NXP DocStore (confidential) RFID Discover Software SW1866 NXP DocStore (confidential) NXP Reader Library (Windows based) SW1717 NXP DocStore (confidential)
  6. 6. NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V.

The SL1SL3MixMode feature of NXP’s MIFARE Plus EV2 IC allows to configure the IC to accept Crypto-1 as well as AES authentication on card or on sector-per-sector basis. With this, only security relevant applications can be upgraded to SL3, to enable new use cases such as for example Over-the-Air top-ups with an NFC-enabled mobile phone.

Views

Total views

219

On Slideshare

0

From embeds

0

Number of embeds

4

Actions

Downloads

4

Shares

0

Comments

0

Likes

0

×