NXP’s MIFARE DESFire EV1 Technology Received Trusted Security Stamp of Approval
On June 24, 2009, NXP, the independent semiconductor company founded by Philips, announced that its MIFARE DESFire EV1 smart card technology has received Common Criteria certification from the German Federal Office of Information Security. After successful evaluation regarding correct implementation of the promised security features and a series of rigorous penetration tests by an independent laboratory, NXP has become the first smart card IC manufacturer to achieve the Evaluation Assurance Level (EAL) 4+ rating for an automatic fare collection (AFC) product. MIFARE DESFire EV1 is the world’s first fully integrated solution on the market, providing trusted third party certified security at both hardware and software levels. The technology thus offers systems integrators and transport operators best in class levels of security for contactless transit systems. Secure MIFARE DESFire microcontroller smart card ICs are already used in many public transportation networks around the world, including New Delhi, Melbourne, Oslo, Seattle and the Sube-T system in Madrid.
“The Madrid Sube-T system started using MIFARE DESFire-powered smart cards in 2006 across its entire network of urban buses, underground metro system and Interurban trains. Compared to previous systems, contactless ticketing offers our passengers a very convenient solution to easily move around the entire network which is also secure and highly flexible”, said Antonio Rubio Fernández, Jefe del Area de Innovacion Tecnologica, Consorcio Regional de Transportes de Madrid. “The MIFARE DESFire has proven to be the best solution on the market and fully addresses our needs. The Madrid public transport network is one of the world's largest and most complex infrastructures transporting over 1.6 billion passengers a year across more than 40 different operators. We welcome NXP's efforts to further enhance the security of transport ticketing systems against attacks.”
The Common Criteria certification validates correct implementation of the promised security features and confirms in this case ‘high resistance’ against attacks. It provides an assurance stamp to allow systems integrators to compare the security quality of similar products on the market. The process also helps define the robustness of the solution over the full product life-cycle from IC production, usage and through to disposal of the card.
“Receiving Common Criteria certification is a huge step forward for the industry as system integrators and operators of public mass transportation systems across the world now have the opportunity to introduce increased security levels for their systems“, said Henri Ardevol, general manager of automatic fare collection, NXP Semiconductors. “The decision to have our products validated by the independent Common Criteria certification program has been long established within NXP’s identification business. For the DESFire EV1, speed, flexibility and security were at the heart of the initial concept and NXP is proud to be the first vendor to offer a certified technology for transport ticketing and other contactless applications.”
NXP’s heritage in security as the leading provider of ICs for contactless eGovernment and banking applications has enabled the company to develop the first AFC solution to be protected against both physical and logical security attacks. As part of the independent review, the key security elements of the DESFire EV1 including cryptography, random number generation algorithm and operating system were fully audited to ensure comprehensive protection. Moreover, as this evaluation has been conducted to ensure compliance to the standard Protection Profile for Smart Card ICs (BSI-PP-0002-2001), the product also fulfils e.g. banking and eGovernment security requirements.
As well as AFC solutions, MIFARE DESFire EV1 technology provides the flexibility and security to support a variety of contactless or dual interface applications beyond transport ticketing, such as electronic payment, access management, loyalty services and eGovernment.
Key features of the MIFARE DESFire EV1 include:
- Fully ISO / IEC 14443 A 1-4 compliant;
- Unique 7-byte serial number (ISO cascade level 2) and Random IDs;
- High data rates according to ISO / IEC 14443-4: up to 848 Kbit/s;
- Secure, high speed command set;
- 2K bytes, 4K bytes and 8K bytes EEPROM with fast programming;
- Flexible file structure for multiple applications;
- Choice of open DES/3DES/3K3DES/AES crypto algorithm with hardware co-processor.