MF3ICD21 Datasheet, PDF(6/15 Page) NXP Semiconductors – MIFARE DESFire EV1 contactless multi-application IC

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

MF3ICD21 Datasheet, PDF (6/15 Pages) NXP Semiconductors – MIFARE DESFire EV1 contactless multi-application IC

◁

NXP Semiconductors

MF3ICD21, MF3ICD41, MF3ICD81

MIFARE DESFire EV1 contactless multi-application IC

If this rollback is necessary, it is done without user interaction before carrying out further

commands. To ensure data integrity on application level, a transaction-oriented backup is

implemented for all ï¬le types with backup. It is possible to mix ï¬le types with and without

backup within one application.

As the commands are the same for MF3ICD81, MF3ICD41 and MF3ICD21, the command

details are available in Ref. 1. Only the memory size is different between the three

devices.

8.5 Available ï¬le types

The ï¬les within an application can be any of the following types:

â¢ Standard data ï¬les

â¢ Backup data ï¬les

â¢ Value ï¬les with backup

â¢ Linear record ï¬les with backup

â¢ Cyclic record ï¬les with backup

8.6 Security

The 7 byte UID is ï¬xed, programmed into each device during production. It cannot be

altered and ensures the uniqueness of each device.

The UID may be used to derive diversiï¬ed keys for each ticket. Diversiï¬ed MIFARE

DESFire EV1 keys contribute to gain an effective anti-cloning mechanism and increase

the security of the original key; see Ref. 6.

Prior to data transmission a mutual three pass authentication can be done between

MIFARE DESFire EV1 and PCD depending on the conï¬guration employing either 56-bit

DES (single DES, DES), 112-bit DES (triple DES, 3DES), 168-bit DES (3 key triple DES,

3K3DES) or AES. During the authentication the level of security of all further commands

during the session is set. In addition the communication settings of the ï¬le/application

result in the following options of secure communication between MIFARE DESFire EV1

and PCD:

â¢ Plain data transfer (only possible within the backwards-compatible mode to

MF3ICD40)

â¢ Plain data transfer with cryptographic checksum (MAC): Authentication with

backwards-compatible mode to MF3ICD40: 4 byte MAC, all other authentications

based on DES/3DES/AES: 8 byte CMAC

â¢ Encrypted data transfer (secured by CRC before encryption): Authentication with

backwards-compatible mode to MF3ICD40: A 16-bit CRC is calculated over the

stream and attached. The resulting stream is encrypted using the chosen

cryptographic method. All other authentications based DES/3DES/AES: A 32-bit CRC

is calculated over the stream and attached. The resulting stream is encrypted using

the chosen cryptographic method.

Find more information on the security concept of the product in Ref. 1. Be aware not all

levels of security are recommended. The recommended secure handling of the product

can be seen in Ref. 2 and in Ref. 10.

MF3ICD21_41_81_SDS_2

Product short data sheet

Rev. 02 â 6 March 2009

6 of 15

▷