NXP MIFARE Team, profile picture
Uploaded byNXP MIFARE Team
PDF, PPTX504 views

Transaction MAC Feature

The Transaction MAC (TMAC) feature allows smart cards like MIFARE DESFire EV3 and MIFARE Plus EV2 to generate a message authentication code (MAC) for offline transactions between a reader terminal and the smart card. The TMAC helps establish trust by proving the authenticity and validity of transactions when reported to the backend system. It can detect fraudulent activities like replayed, forged, manipulated, or missing transactions by verifying the MAC covers all transaction details and is generated with a secure TMAC key. Technical details are provided on how to enable and use the TMAC feature for different applications and data blocks on each card.

Embed presentation

Download as PDF, PPTX
EXTERNAL NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V. 3 1 S T J U LY 2 0 2 0 Sandra Fuchs Principal Customer Application Engineer TRANSACTION MAC A MIFARE® DESFire® EV3 & MIFARE Plus® EV2 KEY FEATURE VIDEO
1EXTERNAL TRANSACTION MAC TO HELP PREVENT FRAUDULENT MERCHANT ATTACKS O F F L I NE T R AN S AC T I O N S W I T H S E C U R E VAL I D AT I O N • The Transaction MAC (TMAC) feature allows the infrastructure operator / POS operator / merchant to prove the genuineness and authenticity of executed transactions between the reader terminal and the IC inside a smart card • Helps to establish trust in a multi-service provider system − Proving that every transaction is genuine towards the backend system via secure verification of transaction validity • Card generated TMAC covers all transaction details, allowing to detect: − Forged or fraudulent transactions − Replay of transactions − Unreported and missing transactions Preventing fraudulent merchant attacks Generating a MAC for the transaction, proves genuineness of executed transactions Allows to detect replayed, manipulated or missing transactions using the TMAC counter
2EXTERNAL TRANSACTION MAC TO HELP PREVENT FRAUDULENT MERCHANT ATTACKS O F F L I NE T R AN S AC T I O N S W I T H S E C U R E VAL I D AT I O N Backend Clearing House Offline Transaction TMAC Key AES128 TMAC TMAC Key AES128 Reader Terminal Service Provider Y Reader Terminal Service Provider Z
3EXTERNAL TECHNICAL DETAILS: HOW TO ENABLE TRANSACTION MAC FEATURE ON THE CARD On MIFARE DESFire EV3 • Can be enabled independently for each application • Established by creating a Transaction MAC file inside the application • Correct access rights for Transaction MAC file need to be set • Desired Transaction MAC key needs to be written into Transaction MAC file in a secure way • Once enabled, Transaction MAC will be calculated automatically by the IC with every CommitTransaction command targeting the application, and returned to the reader On MIFARE Plus EV2 • In total, four Transaction MAC Keys can be configured on the IC • Each TMAC Key is connected to one TransactionMACBlock which contains current TMAC Value and Counter plus one TransactionMACConfiguratinBlock − TransactionMACConfiguratinBlock specifies which MIFARE Plus data or value blocks shall be protected by Transaction MAC • Once enabled, Transaction MAC will be calculated automatically by IC when updating one or more protected blocks • Write / Transfer / Increment Transfer / Decrement Transfer commands trigger Transaction MAC finalization and updating of TransactionMACBlocks
4EXTERNAL MORE INFORMATION ABOUT TRANSACTION MAC FEATURE Item Number Availability Datasheet - MIFARE DESFire EV3 DS4489 NXP Docstore (confidential) Datasheet - MIFARE Plus EV2 DS5223 NXP Docstore (confidential) Application Note - MIFARE DESFire EV3 Quick-Start Guide AN5755 NXP website (public) Application Note - MIFARE DESFire EV3 Features and Hints AN5881 NXP Docstore (confidential) Application Note - Feature and Functionality Comparison between MIFARE DESFire EV2 and MIFARE DESFire EV3 AN5756 NXP website (public) Application Note - MIFARE Plus EV2 Features and Hints AN5760 NXP Docstore (confidential) Application Note - Comparison between MIFARE Plus EV2 and previous types AN5762 NXP Docstore (confidential) RFID Discover Software SW1866 NXP Docstore (confidential) NXP Reader Library (Windows based) SW1717 NXP Docstore (confidential) https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-desfire https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-plus https://www.docstore.nxp.com/
NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V.

More Related Content

PDF
Transaction Timer Feature
byNXP MIFARE Team
 
PDF
Security Level 3 (SL3) Capabilities
byNXP MIFARE Team
 
PPTX
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...
bySimon Vostry
 
PPTX
computer network designing- final year project
byAboubacar Mchangama
 
PDF
Policy Based Routing (PBR) on Mikrotik
byGLC Networks
 
PDF
Cracking WPA/WPA2 with Non-Dictionary Attacks
byn|u - The Open Security Community
 
PPT
Ipsec
byRupesh Mishra
 
PPTX
IP Sec - Basic Concepts
byAvadhesh Agrawal
 
Transaction Timer Feature
byNXP MIFARE Team
 
Security Level 3 (SL3) Capabilities
byNXP MIFARE Team
 
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...
bySimon Vostry
 
computer network designing- final year project
byAboubacar Mchangama
 
Policy Based Routing (PBR) on Mikrotik
byGLC Networks
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
byn|u - The Open Security Community
 
Ipsec
byRupesh Mishra
 
IP Sec - Basic Concepts
byAvadhesh Agrawal
 

What's hot

PPTX
Dhcp
byOUBROU Abderrahmane
 
PDF
Telephonie ip
byagouassou1
 
PDF
Administration Reseau
bydenischef1
 
PDF
Mobile signaling threats and vulnerabilities - real cases and statistics from...
byDefCamp
 
PDF
MPLS on Router OS V7 - Part 2
byGLC Networks
 
PDF
Nse4 fgt 6.0
bySalem Trabelsi
 
PPTX
UTM (unified threat management)
bymilitary
 
PPTX
Italtel Introduction presentation
byPhilippe Besseyre des Horts
 
PDF
Tuto ToIP (Trunk SIP, IAX, Trunk CME - Asterisk)
byDimitri LEMBOKOLO
 
PDF
Installation et configuration asterisk
byGilles Samba
 
PDF
Iperf Tutorial
byFebrian ‎
 
PPTX
WPA 3
bydiggu22
 
PDF
MikroTik Firewall : Securing your Router with Port Knocking
byAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
PDF
Etude et Mise en oeuvre d'une architecture de téléphonie sur IP sécurisée au ...
bystepmike
 
PDF
Mise en oeuvre de la VoIP sous Trixbox - Installation et configurations
byStephen Salama
 
PDF
TACACS Protocol
byNetwax Lab
 
PDF
Notes de cours et tp - Administation Systèmes
byIkram Benabdelouahab
 
PDF
LTE :Mobile Network Security
bySatish Chavan
 
PPTX
Comprendre les technologies LPWA (SIGFOX et LoRa)
byRobert V
 
PDF
Mise en place d'un système de messagerie sous debian avec: postfix, dovecot, ...
byManassé Achim kpaya
 
Dhcp
byOUBROU Abderrahmane
 
Telephonie ip
byagouassou1
 
Administration Reseau
bydenischef1
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
byDefCamp
 
MPLS on Router OS V7 - Part 2
byGLC Networks
 
Nse4 fgt 6.0
bySalem Trabelsi
 
UTM (unified threat management)
bymilitary
 
Italtel Introduction presentation
byPhilippe Besseyre des Horts
 
Tuto ToIP (Trunk SIP, IAX, Trunk CME - Asterisk)
byDimitri LEMBOKOLO
 
Installation et configuration asterisk
byGilles Samba
 
Iperf Tutorial
byFebrian ‎
 
WPA 3
bydiggu22
 
MikroTik Firewall : Securing your Router with Port Knocking
byAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Etude et Mise en oeuvre d'une architecture de téléphonie sur IP sécurisée au ...
bystepmike
 
Mise en oeuvre de la VoIP sous Trixbox - Installation et configurations
byStephen Salama
 
TACACS Protocol
byNetwax Lab
 
Notes de cours et tp - Administation Systèmes
byIkram Benabdelouahab
 
LTE :Mobile Network Security
bySatish Chavan
 
Comprendre les technologies LPWA (SIGFOX et LoRa)
byRobert V
 
Mise en place d'un système de messagerie sous debian avec: postfix, dovecot, ...
byManassé Achim kpaya
 

Similar to Transaction MAC Feature

PDF
NXP MIFARE Webinar: Secure Closed Loop Payments In An Open Environment
byNXP MIFARE Team
 
PDF
NXP MIFARE Webinar: How To Protect Contactless Systems Today And Tomorrow
byNXP MIFARE Team
 
PDF
UFF Tech 2013 - NFC e o futuro da convergência - NXP
bySti Uff
 
PDF
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
PDF
NXP MIFARE Webinar: Streamlined User Management For Multi-Vendor Installations
byNXP MIFARE Team
 
PDF
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
byNXP MIFARE Team
 
PDF
Secure Dynamic Messaging Feature
byNXP MIFARE Team
 
PDF
EMV: Preparing for Changes to the Retail Payment Process
by- Mark - Fullbright
 
PPTX
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
byKen Givens
 
PPS
Nab
byolearka
 
PDF
EMV: What you Need to Know
byTotal Merchant Services
 
PDF
Can security and convenience go hand in hand in e-commerce
byMercury Processing Services International
 
PDF
NXP MIFARE Webinar: Introduce The Future In Your Today's System- How To Ensur...
byNXP MIFARE Team
 
PDF
VX 520 terminal data sheet
byKen Givens
 
PDF
First Data Trans Armor
byJoshua Willis
 
PDF
MCA Brochure
byRuben Vera Jr.
 
PDF
Pay Shield9000 Vs Hsm8000 Compet V7
byEugene Sushchenko
 
NXP MIFARE Webinar: Secure Closed Loop Payments In An Open Environment
byNXP MIFARE Team
 
NXP MIFARE Webinar: How To Protect Contactless Systems Today And Tomorrow
byNXP MIFARE Team
 
UFF Tech 2013 - NFC e o futuro da convergência - NXP
bySti Uff
 
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
NXP MIFARE Webinar: Streamlined User Management For Multi-Vendor Installations
byNXP MIFARE Team
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
byNXP MIFARE Team
 
Secure Dynamic Messaging Feature
byNXP MIFARE Team
 
EMV: Preparing for Changes to the Retail Payment Process
by- Mark - Fullbright
 
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
byKen Givens
 
Nab
byolearka
 
EMV: What you Need to Know
byTotal Merchant Services
 
Can security and convenience go hand in hand in e-commerce
byMercury Processing Services International
 
NXP MIFARE Webinar: Introduce The Future In Your Today's System- How To Ensur...
byNXP MIFARE Team
 
VX 520 terminal data sheet
byKen Givens
 
First Data Trans Armor
byJoshua Willis
 
MCA Brochure
byRuben Vera Jr.
 
Pay Shield9000 Vs Hsm8000 Compet V7
byEugene Sushchenko
 

Recently uploaded

PDF
Black and Grey 3D Shapes How TCP/IP Works Presentation.pdf
byrk42vd8ydw
 
PDF
GPU, HBM, DDR4/DDR5, DRAM Is The New Gold
byVladislav Solodkiy
 
PPTX
computer and Technical support to maintain
byhailuatnafu62
 
PPTX
Internet of Communicating Things (IoCT).pptx
byVishal Garg
 
PPTX
Security information presentation and its importance
bybilalkingqwq
 
PDF
Project Brainfog: Beyond the Facade - Exposing Smart Giants
byZero Science Lab
 
PPTX
CEIS114 Final Course Project Template_New.pptx
bylauramccall10
 
Black and Grey 3D Shapes How TCP/IP Works Presentation.pdf
byrk42vd8ydw
 
GPU, HBM, DDR4/DDR5, DRAM Is The New Gold
byVladislav Solodkiy
 
computer and Technical support to maintain
byhailuatnafu62
 
Internet of Communicating Things (IoCT).pptx
byVishal Garg
 
Security information presentation and its importance
bybilalkingqwq
 
Project Brainfog: Beyond the Facade - Exposing Smart Giants
byZero Science Lab
 
CEIS114 Final Course Project Template_New.pptx
bylauramccall10
 

Transaction MAC Feature

  • 1.
    EXTERNAL NXP, THE NXPLOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V. 3 1 S T J U LY 2 0 2 0 Sandra Fuchs Principal Customer Application Engineer TRANSACTION MAC A MIFARE® DESFire® EV3 & MIFARE Plus® EV2 KEY FEATURE VIDEO
  • 2.
    1EXTERNAL TRANSACTION MAC TOHELP PREVENT FRAUDULENT MERCHANT ATTACKS O F F L I NE T R AN S AC T I O N S W I T H S E C U R E VAL I D AT I O N • The Transaction MAC (TMAC) feature allows the infrastructure operator / POS operator / merchant to prove the genuineness and authenticity of executed transactions between the reader terminal and the IC inside a smart card • Helps to establish trust in a multi-service provider system − Proving that every transaction is genuine towards the backend system via secure verification of transaction validity • Card generated TMAC covers all transaction details, allowing to detect: − Forged or fraudulent transactions − Replay of transactions − Unreported and missing transactions Preventing fraudulent merchant attacks Generating a MAC for the transaction, proves genuineness of executed transactions Allows to detect replayed, manipulated or missing transactions using the TMAC counter
  • 3.
    2EXTERNAL TRANSACTION MAC TOHELP PREVENT FRAUDULENT MERCHANT ATTACKS O F F L I NE T R AN S AC T I O N S W I T H S E C U R E VAL I D AT I O N Backend Clearing House Offline Transaction TMAC Key AES128 TMAC TMAC Key AES128 Reader Terminal Service Provider Y Reader Terminal Service Provider Z
  • 4.
    3EXTERNAL TECHNICAL DETAILS: HOWTO ENABLE TRANSACTION MAC FEATURE ON THE CARD On MIFARE DESFire EV3 • Can be enabled independently for each application • Established by creating a Transaction MAC file inside the application • Correct access rights for Transaction MAC file need to be set • Desired Transaction MAC key needs to be written into Transaction MAC file in a secure way • Once enabled, Transaction MAC will be calculated automatically by the IC with every CommitTransaction command targeting the application, and returned to the reader On MIFARE Plus EV2 • In total, four Transaction MAC Keys can be configured on the IC • Each TMAC Key is connected to one TransactionMACBlock which contains current TMAC Value and Counter plus one TransactionMACConfiguratinBlock − TransactionMACConfiguratinBlock specifies which MIFARE Plus data or value blocks shall be protected by Transaction MAC • Once enabled, Transaction MAC will be calculated automatically by IC when updating one or more protected blocks • Write / Transfer / Increment Transfer / Decrement Transfer commands trigger Transaction MAC finalization and updating of TransactionMACBlocks
  • 5.
    4EXTERNAL MORE INFORMATION ABOUTTRANSACTION MAC FEATURE Item Number Availability Datasheet - MIFARE DESFire EV3 DS4489 NXP Docstore (confidential) Datasheet - MIFARE Plus EV2 DS5223 NXP Docstore (confidential) Application Note - MIFARE DESFire EV3 Quick-Start Guide AN5755 NXP website (public) Application Note - MIFARE DESFire EV3 Features and Hints AN5881 NXP Docstore (confidential) Application Note - Feature and Functionality Comparison between MIFARE DESFire EV2 and MIFARE DESFire EV3 AN5756 NXP website (public) Application Note - MIFARE Plus EV2 Features and Hints AN5760 NXP Docstore (confidential) Application Note - Comparison between MIFARE Plus EV2 and previous types AN5762 NXP Docstore (confidential) RFID Discover Software SW1866 NXP Docstore (confidential) NXP Reader Library (Windows based) SW1717 NXP Docstore (confidential) https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-desfire https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-plus https://www.docstore.nxp.com/
  • 6.
    NXP, THE NXPLOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V.