Security Level 3 (SL3) Capabilities
0 likes1,130 views
The document details the capabilities of the MIFARE Plus® EV2 security level 3 (SL3), which includes enhanced security features such as AES-128 based secure messaging and virtual card architecture for managing multiple applications. It highlights the transition to SL3 that disables the use of crypto-1 and introduces additional user memory for enhanced data handling. The MIFARE Plus EV2 is compliant with ISO/IEC 7816-4 standards, supporting mobile operations and ensuring privacy in contactless transactions.
Security Level 3 (SL3) Capabilities
- 1. EXTERNAL NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V. A U G U S T 4 T H 2 0 2 0 Florian Mikulik Senior Product Support Engineer, NXP Security Level SL3 Capabilities A MIFARE Plus® EV2 KEY FEATURE VIDEO
- 2. 1EXTERNAL MIFARE Plus EV2 – SECURITY LEVEL 3 CAPABILITIES U P G R AD E Y O U R S Y S T EM S S E C U R I T Y Authenticity, Confidentiality and Integrity based on AES-128 Virtual Card Concept to be used in smartphone- based installations ISO7816 APDU format support • Security Level 3 offers support for AES-128 based secure messaging, to provide authenticity, confidentiality and integrity to every transaction • Once a MIFARE Plus EV2 product-based card is switched to SL3, it also offers support for the Virtual Card Architecture concept, which helps to manage a MIFARE Plus EV2 product-based card in a multi-application environment, designed for e.g. mobile phones performing contactless transactions, holding more than one “virtual card” MIFARE Plus EV2 product-based card acts as a single “virtual card”, but supports necessary command infrastructure to be indistinguishable from a multi-VC mobile phone, maintaining privacy for card holder • In SL3, the MIFARE Plus EV2 supports ISO7816-4 compliant VC selection (ISOSelect), compliant with Java Card and GlobalPlatform standards
- 3. 2EXTERNAL MIFARE Plus EV2 – SECURITY LEVEL 3 CAPABILITIES S E C U RE M E S S AG I N G • Security Level switch is done through an AuthenticateFirst command targeting Block 9003h (SL3SwitchKey) • A switch to SL3 disables the use of CRYPTO-1 completely − Data and memory architecture of the card does not change at all – Block/Sector based memory model stays the same • Initial memory space for CRYPTO-1 keys can now be used as additional user memory (+11 byte per sector) − AES keys are stored outside the User Memory • Plain or encrypted data access can be defined per Block • Transaction management with session keys is possible via AuthenticateFirst and AuthenticateNonFirst • Several options for read commands − MAC on command − MAC on response − Data encrypted or plain • Several options for write/value commands − MAC on command − MAC on response − Data is always encrypted • Additional features (TMAC, Transaction Timer, multi-block read/write, VCA) can be used
- 4. 3EXTERNAL MIFARE Plus EV2 – SECURITY LEVEL 3 CAPABILITIES I S O / I E C 7 8 1 6 -4 V I R T U AL C AR D AR C H I T E C T UR E • MIFARE Plus EV2 supports ISOSelect and is complaint with Java Card and Global Platform mechanisms • Using MIFARE Plus EV2 in Security Level 3 and ISO/IEC 7816-4 wrapped communication frames supports mobile operations VC concept using ISO/IEC 7816-4 compliant selection method Enables smartphone support in infrastructures Transit Pass Transit Pass
- 5. 4EXTERNAL MORE INFORMATION ABOUT THE TRANSACTION TIMER FEATURE Item Number Availability Datasheet - MIFARE Plus EV2 DS5223 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 Features and Hints AN5762 NXP DocStore (confidential) Application Note - MIFARE Plus EV2 personalization commands AN5763 NXP DocStore (confidential) Application Note - Card coil design notes for MIFARE Plus EV2 AN5759 NXP DocStore (confidential) Application Note - Comparison between MIFARE Plus EV2 and previous types AN5760 NXP DocStore (confidential) Application Note – Originality Signature Validation AN5764 NXP DocStore (confidential) RFID Discover Software SW1866 NXP DocStore (confidential) NXP Reader Library (Windows based) SW1717 NXP DocStore (confidential)
- 6. NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2020 NXP B.V.