NXP MIFARE Team, profile picture
Uploaded byNXP MIFARE Team
1,165 views

Security Level 3 (SL3) Capabilities

The document details the capabilities of the MIFARE Plus® EV2 security level 3 (SL3), which includes enhanced security features such as AES-128 based secure messaging and virtual card architecture for managing multiple applications. It highlights the transition to SL3 that disables the use of crypto-1 and introduces additional user memory for enhanced data handling. The MIFARE Plus EV2 is compliant with ISO/IEC 7816-4 standards, supporting mobile operations and ensuring privacy in contactless transactions.

Embed presentation

Downloaded 17 times
EXTERNAL NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V. A U G U S T 4 T H 2 0 2 0 Florian Mikulik Senior Product Support Engineer, NXP Security Level SL3 Capabilities A MIFARE Plus® EV2 KEY FEATURE VIDEO
1EXTERNAL MIFARE Plus EV2 – SECURITY LEVEL 3 CAPABILITIES U P G R AD E Y O U R S Y S T EM S S E C U R I T Y Authenticity, Confidentiality and Integrity based on AES-128 Virtual Card Concept to be used in smartphone- based installations ISO7816 APDU format support • Security Level 3 offers support for AES-128 based secure messaging, to provide authenticity, confidentiality and integrity to every transaction • Once a MIFARE Plus EV2 product-based card is switched to SL3, it also offers support for the Virtual Card Architecture concept, which helps to manage a MIFARE Plus EV2 product-based card in a multi-application environment, designed for e.g. mobile phones performing contactless transactions, holding more than one “virtual card”  MIFARE Plus EV2 product-based card acts as a single “virtual card”, but supports necessary command infrastructure to be indistinguishable from a multi-VC mobile phone, maintaining privacy for card holder • In SL3, the MIFARE Plus EV2 supports ISO7816-4 compliant VC selection (ISOSelect), compliant with Java Card and GlobalPlatform standards
2EXTERNAL MIFARE Plus EV2 – SECURITY LEVEL 3 CAPABILITIES S E C U RE M E S S AG I N G • Security Level switch is done through an AuthenticateFirst command targeting Block 9003h (SL3SwitchKey) • A switch to SL3 disables the use of CRYPTO-1 completely − Data and memory architecture of the card does not change at all – Block/Sector based memory model stays the same • Initial memory space for CRYPTO-1 keys can now be used as additional user memory (+11 byte per sector) − AES keys are stored outside the User Memory • Plain or encrypted data access can be defined per Block • Transaction management with session keys is possible via AuthenticateFirst and AuthenticateNonFirst • Several options for read commands − MAC on command − MAC on response − Data encrypted or plain • Several options for write/value commands − MAC on command − MAC on response − Data is always encrypted • Additional features (TMAC, Transaction Timer, multi-block read/write, VCA) can be used
3EXTERNAL MIFARE Plus EV2 – SECURITY LEVEL 3 CAPABILITIES I S O / I E C 7 8 1 6 -4 V I R T U AL C AR D AR C H I T E C T UR E • MIFARE Plus EV2 supports ISOSelect and is complaint with Java Card and Global Platform mechanisms • Using MIFARE Plus EV2 in Security Level 3 and ISO/IEC 7816-4 wrapped communication frames supports mobile operations VC concept using ISO/IEC 7816-4 compliant selection method Enables smartphone support in infrastructures Transit Pass Transit Pass
4EXTERNAL MORE INFORMATION ABOUT THE TRANSACTION TIMER FEATURE Item Number Availability Datasheet - MIFARE Plus EV2 DS5223 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 Features and Hints AN5762 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 personalization commands AN5763 NXP DocStore (confidential) Application Note - Card coil design notes for MIFARE Plus EV2 AN5759 NXP DocStore (confidential) Application Note - Comparison between MIFARE Plus EV2 and previous types AN5760 NXP DocStore (confidential) Application Note – Originality Signature Validation AN5764 NXP DocStore (confidential) RFID Discover Software SW1866 NXP DocStore (confidential) NXP Reader Library (Windows based) SW1717 NXP DocStore (confidential)
NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V.

More Related Content

PDF
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
PDF
Transaction Timer Feature
byNXP MIFARE Team
 
PDF
Secure Dynamic Messaging Feature
byNXP MIFARE Team
 
PDF
Transaction MAC Feature
byNXP MIFARE Team
 
PDF
Blockchain technology application in drones and cybersecurity
byNile University
 
PPTX
Certificate Validation using block chain
byAshokkumarK20CS004
 
PDF
Watchguard Firewall overview and implemetation
byKaveh Khosravi
 
PDF
A Short Review of the NTRU Cryptosystem
byOnBoard Security, Inc. - a Qualcomm Company
 
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
Transaction Timer Feature
byNXP MIFARE Team
 
Secure Dynamic Messaging Feature
byNXP MIFARE Team
 
Transaction MAC Feature
byNXP MIFARE Team
 
Blockchain technology application in drones and cybersecurity
byNile University
 
Certificate Validation using block chain
byAshokkumarK20CS004
 
Watchguard Firewall overview and implemetation
byKaveh Khosravi
 
A Short Review of the NTRU Cryptosystem
byOnBoard Security, Inc. - a Qualcomm Company
 

What's hot

PDF
iot hacking, smartlockpick
byidsecconf
 
PPTX
10 Steps to Improve Your Network Monitoring
byHelpSystems
 
PDF
DES Simplified
byShiraz316
 
PPT
Intrusion Detection System
byMohit Belwal
 
PPTX
Bio cryptography
bykanchannawkar
 
PPTX
Project presentation
byMadhv Kushawah
 
PPT
Chapter 01
bynathanurag
 
PDF
Hardware Attacks and Security
byPriyanka Aash
 
PDF
Catalog công tắc dòng chảy Honeywell WFS-1001-H - Beeteco.com
byBeeteco
 
iot hacking, smartlockpick
byidsecconf
 
10 Steps to Improve Your Network Monitoring
byHelpSystems
 
DES Simplified
byShiraz316
 
Intrusion Detection System
byMohit Belwal
 
Bio cryptography
bykanchannawkar
 
Project presentation
byMadhv Kushawah
 
Chapter 01
bynathanurag
 
Hardware Attacks and Security
byPriyanka Aash
 
Catalog công tắc dòng chảy Honeywell WFS-1001-H - Beeteco.com
byBeeteco
 

Similar to Security Level 3 (SL3) Capabilities

PDF
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
byNXP MIFARE Team
 
PDF
UFF Tech 2013 - NFC e o futuro da convergência - NXP
bySti Uff
 
PPT
End-to-End Encryption for Credit Card Processing
byLennon808
 
PDF
NXP MIFARE Webinar: Secure Closed Loop Payments In An Open Environment
byNXP MIFARE Team
 
PPT
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
PPT
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
PDF
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
byNXP MIFARE Team
 
PDF
NXP MIFARE Webinar: How To Protect Contactless Systems Today And Tomorrow
byNXP MIFARE Team
 
PPS
Cryptomach_En
byde77
 
PDF
NXP MIFARE Webinar: Introduce The Future In Your Today's System- How To Ensur...
byNXP MIFARE Team
 
PDF
NXP MIFARE Webinar: Streamlined User Management For Multi-Vendor Installations
byNXP MIFARE Team
 
PDF
2012 NagraID display cards - alternatywa dla tokenów
bySzymon Dowgwillowicz-Nowicki
 
PDF
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
byNXP MIFARE Team
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
byNXP MIFARE Team
 
UFF Tech 2013 - NFC e o futuro da convergência - NXP
bySti Uff
 
End-to-End Encryption for Credit Card Processing
byLennon808
 
NXP MIFARE Webinar: Secure Closed Loop Payments In An Open Environment
byNXP MIFARE Team
 
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO
byMauro Risonho de Paula Assumpcao
 
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
byNXP MIFARE Team
 
NXP MIFARE Webinar: How To Protect Contactless Systems Today And Tomorrow
byNXP MIFARE Team
 
Cryptomach_En
byde77
 
NXP MIFARE Webinar: Introduce The Future In Your Today's System- How To Ensur...
byNXP MIFARE Team
 
NXP MIFARE Webinar: Streamlined User Management For Multi-Vendor Installations
byNXP MIFARE Team
 
2012 NagraID display cards - alternatywa dla tokenów
bySzymon Dowgwillowicz-Nowicki
 
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
byNXP MIFARE Team
 

Recently uploaded

PDF
Introduction to IBM Power - 2024-Nov-09.PDF
byAlimouDiallo7
 
PDF
E catalogue solar panel cleaner Leopard Dust-Your better solar panel cleaning...
byansonke1001
 
PDF
The 8 Best Marketplaces for Selling and Buying Social Media Accounts.pdf
bymarketing
 
PDF
Best 5 Way to Buy Google Ads Accounts - Modern - New York.pdf
bymarketing
 
PPTX
Sensors and Actuators in IoT Systems.pptx
byfebinjacobmylom30
 
PPTX
Osteoporosis management medical managment
byDrUditKumar1
 
Introduction to IBM Power - 2024-Nov-09.PDF
byAlimouDiallo7
 
E catalogue solar panel cleaner Leopard Dust-Your better solar panel cleaning...
byansonke1001
 
The 8 Best Marketplaces for Selling and Buying Social Media Accounts.pdf
bymarketing
 
Best 5 Way to Buy Google Ads Accounts - Modern - New York.pdf
bymarketing
 
Sensors and Actuators in IoT Systems.pptx
byfebinjacobmylom30
 
Osteoporosis management medical managment
byDrUditKumar1
 

Security Level 3 (SL3) Capabilities

  • 1.
    EXTERNAL NXP, THE NXPLOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V. A U G U S T 4 T H 2 0 2 0 Florian Mikulik Senior Product Support Engineer, NXP Security Level SL3 Capabilities A MIFARE Plus® EV2 KEY FEATURE VIDEO
  • 2.
    1EXTERNAL MIFARE Plus EV2– SECURITY LEVEL 3 CAPABILITIES U P G R AD E Y O U R S Y S T EM S S E C U R I T Y Authenticity, Confidentiality and Integrity based on AES-128 Virtual Card Concept to be used in smartphone- based installations ISO7816 APDU format support • Security Level 3 offers support for AES-128 based secure messaging, to provide authenticity, confidentiality and integrity to every transaction • Once a MIFARE Plus EV2 product-based card is switched to SL3, it also offers support for the Virtual Card Architecture concept, which helps to manage a MIFARE Plus EV2 product-based card in a multi-application environment, designed for e.g. mobile phones performing contactless transactions, holding more than one “virtual card”  MIFARE Plus EV2 product-based card acts as a single “virtual card”, but supports necessary command infrastructure to be indistinguishable from a multi-VC mobile phone, maintaining privacy for card holder • In SL3, the MIFARE Plus EV2 supports ISO7816-4 compliant VC selection (ISOSelect), compliant with Java Card and GlobalPlatform standards
  • 3.
    2EXTERNAL MIFARE Plus EV2– SECURITY LEVEL 3 CAPABILITIES S E C U RE M E S S AG I N G • Security Level switch is done through an AuthenticateFirst command targeting Block 9003h (SL3SwitchKey) • A switch to SL3 disables the use of CRYPTO-1 completely − Data and memory architecture of the card does not change at all – Block/Sector based memory model stays the same • Initial memory space for CRYPTO-1 keys can now be used as additional user memory (+11 byte per sector) − AES keys are stored outside the User Memory • Plain or encrypted data access can be defined per Block • Transaction management with session keys is possible via AuthenticateFirst and AuthenticateNonFirst • Several options for read commands − MAC on command − MAC on response − Data encrypted or plain • Several options for write/value commands − MAC on command − MAC on response − Data is always encrypted • Additional features (TMAC, Transaction Timer, multi-block read/write, VCA) can be used
  • 4.
    3EXTERNAL MIFARE Plus EV2– SECURITY LEVEL 3 CAPABILITIES I S O / I E C 7 8 1 6 -4 V I R T U AL C AR D AR C H I T E C T UR E • MIFARE Plus EV2 supports ISOSelect and is complaint with Java Card and Global Platform mechanisms • Using MIFARE Plus EV2 in Security Level 3 and ISO/IEC 7816-4 wrapped communication frames supports mobile operations VC concept using ISO/IEC 7816-4 compliant selection method Enables smartphone support in infrastructures Transit Pass Transit Pass
  • 5.
    4EXTERNAL MORE INFORMATION ABOUTTHE TRANSACTION TIMER FEATURE Item Number Availability Datasheet - MIFARE Plus EV2 DS5223 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 Features and Hints AN5762 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 personalization commands AN5763 NXP DocStore (confidential) Application Note - Card coil design notes for MIFARE Plus EV2 AN5759 NXP DocStore (confidential) Application Note - Comparison between MIFARE Plus EV2 and previous types AN5760 NXP DocStore (confidential) Application Note – Originality Signature Validation AN5764 NXP DocStore (confidential) RFID Discover Software SW1866 NXP DocStore (confidential) NXP Reader Library (Windows based) SW1717 NXP DocStore (confidential)
  • 6.
    NXP, THE NXPLOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V.