Data Sheet

MF3ICDx21_41_81
MIFARE DESFire EV1 contactless multi-application IC
Rev. 3.2 — 9 December 2015
145632
Product short data sheet
COMPANY PUBLIC
1. General description
MIFARE DESFire EV1 (MF3ICD(H) 21/41/81), a Common Criteria (EAL4+) certified
product, is ideal for service providers wanting to use secure multi-application smart cards
in public transport schemes, access management or closed-loop e-payment applications.
It is fully complies with the requirements for fast and highly secure data transmission,
flexible memory organization and interoperability with existing infrastructure.
MIFARE DESFire EV1 is based on open global standards for both air interface and
cryptographic methods. It is compliant to all 4 levels of ISO/IEC 14443A and uses optional
ISO/IEC 7816-4 commands.
Featuring an on-chip backup management system and the mutual three-pass
authentication, a MIFARE DESFire EV1 card can hold up to 28 different applications and
32 files per application. The size of each file is defined at the moment of its creation,
making MIFARE DESFire EV1 a truly flexible and convenient product.
Additionally, an automatic anti-tear mechanism is available for all file types, which
guarantees transaction-oriented data integrity. With MIFARE DESFire EV1, data transfer
rates up to 848 kbit/s can be achieved, allowing fast data transmission.
The main characteristics of this device are denoted by its name “DESFire”: DES indicates
the high level of security using a 3DES or AES hardware cryptographic engine for
enciphering transmission data and Fire indicates its outstanding position as a fast,
innovative, reliable and secure IC in the contactless proximity transaction market. Hence,
MIFARE DESFire EV1 brings many benefits to end users. Cardholders can experience
convenient contactless ticketing while also having the possibility to use the same device
for related applications such as payment at vending machines, access control or event
ticketing. In other words, the MIFARE DESFire EV1 silicon solution offers enhanced
consumer-friendly system design, in combination with security and reliability.
MIFARE DESFire EV1 delivers the perfect balance of speed, performance and cost
efficiency. Its open concept allows future seamless integration of other ticketing media
such as smart paper tickets, key fobs, and mobile ticketing based on Near Field
Communication (NFC) technology. It is also fully compatible with the existing MIFARE
reader hardware platform. MIFARE DESFire EV1 is your ticket to contactless systems
worldwide.
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
2. Features and benefits
2.1 RF interface: ISO/IEC 14443 Type A
 Contactless transmission of data and powered by the RF-field (no battery needed)
 Operating distance: up to 100 mm (depending on power provided by the PCD and
antenna geometry)
 Operating frequency: 13.56 MHz
 Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
 High data integrity: 16/32 bit CRC, parity, bit coding, bit counting
 True deterministic anticollision
 7 bytes unique identifier (cascade level 2 according to ISO/IEC 14443-3 and option for
random ID)
 Uses ISO/IEC 14443-4 protocol
2.2 ISO/IEC 7816 compatibility









Supports ISO/IEC 7816-3 APDU message structure
Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE
Supports ISO/IEC 7816-4 INS code ‘B0’ for READ BINARY
Supports ISO/IEC 7816-4 INS code ‘D6’ for UPDATE BINARY
Supports ISO/IEC 7816-4 INS code ‘B2’ for READ RECORDS
Supports ISO/IEC 7816-4 INS code ‘E2’ for APPEND RECORD
Supports ISO/IEC 7816-4 INS code ‘84’ for GET CHALLENGE
Supports ISO/IEC 7816-4 INS code ‘88’ for INTERNAL AUTHENTICATE
Supports ISO/IEC 7816-4 INS code ‘82’ for EXTERNAL AUTHENTICATE
2.3 Non-volatile memory
 2 kB or 4 kB or 8 kB NV-Memory
 Data retention of 10 years
 Write endurance typical 500 000 cycles
2.4 NV-memory organization
 Flexible file system
 Up to 28 applications simultaneously on one PICC
 Up to 32 files in each application (standard data file, back-up data file, value file, linear
record file and cyclic record file)
 File size is determined during creation
2.5 Security





MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Common Criteria Certification: EAL4+ (Hardware and Software)
Unique 7 bytes serial number for each device
Optional “RANDOM” ID for enhance security and privacy
Mutual three-pass authentication
Mutual authentication according to ISO/IEC 7816-4
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
2 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
 1 card master key and up to 14 keys per application
 Hardware DES using 56/112/168 bit keys featuring key version, data authenticity by
8 byte CMAC
 Hardware AES using 128-bit keys featuring key version, data authenticity by 8 byte
CMAC
 Data encryption on RF-channel
 Authentication on application level
 Hardware exception sensors
 Self-securing file system
 Backward compatibility to MF3ICD40: 4 byte MAC, CRC 16
2.6 Special features




Transaction-oriented automatic anti-tear mechanism
Configurable ATS information for card personalization
Backward compatibility mode to MF3ICD40
Optional high input capacitance (70 pF) for small form factor design (MF3ICDH
21/41/81)
3. Applications





MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Advanced public transportation schema
Highly secure access management
Closed-loop e-payment scheme
Event ticketing
eGovernment applications
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
3 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
4. Quick reference data
Table 1.
Quick reference data [1][2]
Symbol
Parameter
Conditions
fi
input frequency
input capacitance for
MF3ICD21/41/81
Ci
Tamb = 22 C; fi = 13.56 MHz;
2.8 V RMS
[3]
input capacitance for
MF3ICDH21/41/81
Min
Typ
Max
Unit
-
13.56
-
MHz
14.96
17.0
19.04
pF
64
69
74
pF
EEPROM characteristics
tret
retention time
Tamb = 22 C
10
-
-
year
Nendu(W)
write endurance
Tamb = 22 C
200000
500000
-
cycle
tcy(W)
write cycle time
Tamb = 22 C
-
2.9
-
ms
[1]
Stresses above one or more of the values may cause permanent damage to the device.
[2]
Exposure to limiting values for extended periods may affect device reliability.
[3]
Measured with LCR meter.
5. Ordering information
Table 2.
Ordering information
Type number
Package
Name
Description
Version
MF3ICD8101DUD/05
FFC
8 inch wafer (sawn; 120 m thickness, on film frame carrier; electronic
fail die marking according to SECSII format); see Ref. 4,
8K EEPROM, 17pF input capacitance
-
MF3ICD4101DUD/05
FFC
8 inch wafer (sawn; 120 m thickness, on film frame carrier; electronic
fail die marking according to SECSII format); see Ref. 4,
4K EEPROM, 17pF input capacitance
-
MF3ICD2101DUD/05
FFC
8 inch wafer (sawn; 120 m thickness, on film frame carrier; electronic
fail die marking according to SECSII format); see Ref. 4,
2K EEPROM, 17pF input capacitance
-
MF3ICDH8101DUD/05
FFC
8 inch wafer (sawn; 120 m thickness, on film frame carrier; electronic
fail die marking according to SECSII format); see Ref. 5,
8K EEPROM, 70pF input capacitance
-
MF3ICDH4101DUD/05
FFC
8 inch wafer (sawn; 120 m thickness, on film frame carrier; electronic
fail die marking according to SECSII format); see Ref. 5,
4K EEPROM, 70pF input capacitance
-
MF3ICDH2101DUD/05
FFC
8 inch wafer (sawn; 120 m thickness, on film frame carrier; electronic
fail die marking according to SECSII format); see Ref. 5,
2K EEPROM, 70pF input capacitance
-
MF3MOD8101DA4/05
PLLMC[1]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
8K EEPROM, 17pF input capacitance
SOT500-2
MF3MOD4101DA4/05
PLLMC[1]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
4K EEPROM, 17pF input capacitance
SOT500-2
MF3MOD2101DA4/05
PLLMC[1]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
2K EEPROM, 17pF input capacitance
SOT500-2
MF3MODH8101DA4/05
PLLMC[1]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
8K EEPROM, 70pF input capacitance
SOT500-2
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
4 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
Table 2.
Ordering information ?continued
Type number
Package
Name
Description
Version
MF3MODH4101DA4/05
PLLMC[1]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
4K EEPROM, 70pF input capacitance
SOT500-2
MF3MODH2101DA4/05
PLLMC[1]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
2K EEPROM, 70pF input capacitance
SOT500-2
MF3MOD8101DA8/05
PLLMC[2]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
8K EEPROM, 17pF input capacitance
SOT500-4
MF3MOD4101DA8/05
PLLMC[2]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
4K EEPROM, 17pF input capacitance
SOT500-4
MF3MOD2101DA8/05
PLLMC[2]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
2K EEPROM, 17pF input capacitance
SOT500-4
MF3MODH8101DA8/05
PLLMC[2]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
8K EEPROM, 70pF input capacitance
SOT500-4
MF3MODH4101DA8/05
PLLMC[2]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
4K EEPROM, 70pF input capacitance
SOT500-4
MF3MODH2101DA8/05
PLLMC[2]
plastic leadless module carrier package; 35 mm wide tape; see Ref. 6,
2K EEPROM, 70pF input capacitance
SOT500-4
[1]
This package is also known as MOA4.
[2]
This package is also known as MOA8
6. Block diagram
RF
INTERFACE
UART
ISO/IEC
14443A
TRUE RANDOM
NUMBER
GENERATOR
CRYPTO
CO-PROCESSOR
SECURITY
SENSORS
POWER ON
RESET
CPU
CRC
VOLTAGE
REGULATOR
CLOCK
INPUT FILTER
RESET
GENERATOR
ROM
RAM
EEPROM
001aah878
Fig 1.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Block diagram of MF3ICD(H)81, MF3ICD(H)41, MF3ICD(H)21
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
5 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
7. Limiting values
Table 3.
Limiting values [1][2]
In accordance with the Absolute Maximum Rating System (IEC 60134).
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Symbol
Parameter
II
Min
Max
Unit
input current
-
30
mA
Ptot/pack
total power dissipation per
package
-
200
mW
Tstg
storage temperature
55
125
C
Tamb
ambient temperature
25
70
C
2
-
kV
100
-
mA
VESD
electrostatic discharge voltage
Ilu
latch-up current
Conditions
[3]
[1]
Stresses above one or more of the limiting values may cause permanent damage to the device.
[2]
Exposure to limiting values for extended periods may affect device reliability.
[3]
MIL Standard 883-C method 3015; human body model: C = 100 pF, R = 1.5 k.
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
6 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
8. Functional description
8.1 Contactless energy and data transfer
In the MIFARE system, the MIFARE DESFire EV1 is connected to a coil consisting of a
few turns embedded in a standard ISO/IEC smart card (see Ref. 8). A battery is not
needed. When the card is positioned in the proximity of the PCD antenna, the high-speed
RF communication interface allows data to be transmitted up to 848 kbit/s.
8.2 Anti-collision
An intelligent anti-collision mechanism allows more than one MIFARE DESFire EV1 in the
field to be handled simultaneously. The anti-collision algorithm selects each MIFARE
DESFire EV1 individually and ensures that the execution of a transaction with a selected
MIFARE DESFire EV1 is performed correctly without data corruption resulting from other
MIFARE DESFire EV1s in the field.
8.3 UID/serial number
The unique 7 byte (UID) is programmed into a locked part of the NV memory which is
reserved for the manufacturer. Due to security and system requirements these bytes are
write-protected after being programmed by the IC manufacturer at production time.
According to ISO/IEC 14443-3 (see Ref. 12) during the first anti-collision loop the cascade
tag returns a value of 88h and also the first 3 bytes of the UID, UID0 to UID2 and BCC.
The second anti-collision loop returns bytes UID3 to UID6 and BCC.
UID0 holds the manufacturer ID for NXP (04h) according to ISO/IEC 14443-3 and
ISO/IEC 7816-6 AMD 1.
MIFARE DESFire EV1 also allows Random ID to be used. In this case MIFARE DESFire
EV1 only uses a single anti-collision loop. The 3 byte random number is generated after
RF reset of the MIFARE DESFire EV1.
8.4 Memory organization
The 2/4/8 KB NV memory is organized using a flexible file system. This file system allows
a maximum of 28 different applications on one MIFARE DESFire EV1. Each application
provides up to 32 files. Every application is represented by its 3 bytes Application
IDentifier (AID).
Five different file types are supported; see Section 8.5.
A guideline to assign MIFARE DESFire AIDs can be found in the application note MIFARE
Application Directory (MAD); see Ref. 9.
Each file can be created either at MIFARE DESFire EV1 initialization (card
production/card printing), at MIFARE DESFire EV1 personalization (vending machine) or
in the field.
If a file or application becomes obsolete in operation, it can be permanently invalidated.
Commands which have impact on the file structure itself (e.g. creation or deletion of
applications, change of keys) activate an automatic rollback mechanism, which protects
the file structure from being corrupted.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
7 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
If this rollback is necessary, it is done without user interaction before carrying out further
commands. To ensure data integrity on application level, a transaction-oriented backup is
implemented for all file types with backup. It is possible to mix file types with and without
backup within one application.
As the commands are the same for MF3ICD(H)81, MF3ICD(H)41 and MF3ICD(H)21, the
command details are available in Ref. 1. Only the memory size and input capacitance are
different between the devices.
8.5 Available file types
The files within an application can be any of the following types:
•
•
•
•
•
Standard data files
Backup data files
Value files with backup
Linear record files with backup
Cyclic record files with backup
8.6 Security
The 7 byte UID is fixed, programmed into each device during production. It cannot be
altered and ensures the uniqueness of each device.
The UID may be used to derive diversified keys for each ticket. Diversified MIFARE
DESFire EV1 keys contribute to gain an effective anti-cloning mechanism and increase
the security of the original key; see Ref. 7.
Prior to data transmission a mutual three-pass authentication can be done between
MIFARE DESFire EV1 and PCD depending on the configuration employing either 56-bit
DES (single DES, DES), 112-bit 3DES (triple DES, 2K3DES), 168-bit 3DES (3 key triple
DES, 3K3DES) or AES. During the authentication the level of security of all further
commands during the session is set. In addition, the communication settings of the
file/application result in the following options of secure communication between MIFARE
DESFire EV1 and PCD:
• Plain data transfer (only possible within the backwards-compatible mode to
MF3ICD40)
• Plain data transfer with cryptographic checksum (MAC): Authentication with
backwards-compatible mode to MF3ICD40: 4 byte MAC, all other authentications
based on DES/3DES/AES: 8 byte CMAC
• Encrypted data transfer (secured by CRC before encryption): Authentication with
backwards-compatible mode to MF3ICD40: A 16-bit CRC is calculated over the
stream and attached. The resulting stream is encrypted using the chosen
cryptographic method. All other authentications-based DES/3DES/AES: A 32-bit CRC
is calculated over the stream and attached. The resulting stream is encrypted using
the chosen cryptographic method.
Find more information on the security concept of the product in Ref. 1. Be aware not all
levels of security are recommended. The recommended secure handling of the product
can be seen in Ref. 2 and in Ref. 11.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
8 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
9. DESFire command set
A detailed description of all commands is provided in Ref. 1.
9.1 ISO/IEC 14443-3
Table 4.
ISO/IEC 14443-3
Command
Description
REQA
REQA and ATQA are implemented fully
according to ISO/IEC 14443-3
WUPA
WUPA is implemented fully according to
ISO/IEC 14443-3
ANTICOLLISION/SELECT Cascade Level 1
ANTICOLLISION and SELECT commands are
implemented fully according to ISO/IEC 14443-3;
the response is part 1 of the UID
ANTICOLLISION/SELECT Cascade Level 2
ANTICOLLISION and SELECT commands are
implemented fully according to ISO/IEC 14443-3;
the response is part 2 of the UID
HALT
brings MIFARE DESFire EV1 to the HALT state
9.2 ISO/IEC 14443-4
Table 5.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
ISO/IEC 14443-4
Command
Description
RATS
identifies the MIFARE DESFire EV1 type to the PCD
PPS
allows individual selection of the communication baud rate between PCD and
MIFARE DESFire EV1; for DESFire it is possible to set different
communication baud rates for each direction i.e. DESFire allows a
non-symmetrical information interchange speed.
WTX
if the MIFARE DESFire EV1 needs more time than the defined FWT to
respond to a PCD command it requests a Waiting Time eXtension (WTX)
DESELECT
allows MIFARE DESFire EV1 to be brought to the HALT state
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
9 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
9.3 MIFARE DESFire EV1 command set overview – security related
commands
Table 6.
Security related commands
Command
Description
Authenticate
MIFARE DESFire EV1 and the reader device show in an encrypted way
that they possess the same secret which especially means the same key;
this not only confirms that both entities are permitted to perform
operations on each other but also creates a session key which can be
used to keep the further communication path secure; as the name
“session key” implicitly indicates, each time a new authentication
procedure is successfully completed a new key for further cryptographic
operations is generated
Change KeySettings
changes the master key settings on MIFARE DESFire EV1 and
application level
Set Configuration
configures the card and pre-personalizes the card with a key, defines if
the UID or the random ID is sent back during communication setup and
configures the ATS string
Change Key
changes any key stored on the MIFARE DESFire EV1
Get Key Version
reads out the current key version of any key stored on the MIFARE
DESFire EV1
Remark: All command and data frames are exchanged between MIFARE DESFire EV1
and PCD by using block format as defined in ISO/IEC 14443-4.
9.4 MIFARE DESFire EV1 command set overview – MIFARE DESFire EV1
level commands
Table 7.
Level commands
Command
Description
Create Application
creates new applications on the MIFARE DESFire EV1
Delete Application
permanently deactivates applications on the MIFARE DESFire EV1
Get Applications IDs
returns the Application IDentifiers of all applications on a MIFARE
DESFire EV1
Free Memory
returns the free memory available on the card
GetDFNames
returns the DF names
Get KeySettings
gets information on the MIFARE DESFire EV1 and application master
key settings; in addition it returns the maximum number of keys which
are configured for the selected application
Select Application
selects one specific application for further access
FormatMF3ICD81
releases the MF3ICD81 user memory
Get Version
returns manufacturing related data of the MIFARE DESFire EV1
GetCardUID
returns the UID
Remark: All command and data frames are exchanged between MIFARE DESFire EV1
and PCD by using block format as defined in ISO/IEC 14443-4.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
10 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
9.5 MIFARE DESFire EV1 command set overview – application level
commands
Table 8.
Application level commands
Command
Description
Get FileIDs
returns the File IDentifiers of all active files within the currently selected
application
Get FileSettings
gets information on the properties of a specific file
Change FileSettings
changes the access parameters of an existing file
Create StdDataFile
creates files for the storage of plain unformatted user data within an
existing application on the MIFARE DESFire EV1
Create
BackupDataFile
creates files for the storage of plain unformatted user data within an
existing application on the MIFARE DESFire EV1, additionally supporting
the feature of an integrated backup mechanism
Create ValueFile
creates files for the storage and manipulation of 32-bit signed integer
values within an existing application on the MIFARE DESFire EV1
Create
LinearRecordFile
creates files for multiple storage of similar structural data, for example,
loyalty programs within an existing application on the MIFARE DESFire
EV1; once the file is filled completely with data records, further writing to
the file is not possible unless it is cleared
Create
CyclicRecordFile
creates files for multiple storage of similar structural data, for example,
logging transactions within an existing application on the MIFARE DESFire
EV1; once the file is filled completely with data records, the MIFARE
DESFire EV1 automatically overwrites the oldest record with the latest
written one (this wrap is fully transparent for the PCD)
DeleteFile
permanently deactivates a file within the file directory of the currently
selected application
Remark: All command and data frames are exchanged between MIFARE DESFire EV1
and PCD by using block format as defined in ISO/IEC 14443-4.
9.6 MIFARE DESFire EV1 command set overview – data manipulation
commands
Table 9.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Data manipulation commands
Command
Description
Read Data
reads data from Standard Data files or Backup Data files
Write Data
writes data to Standard Data files or Backup Data files
Get Value
reads the currently stored value from Value files
Credit
increases a value stored in a Value file
Debit
decreases a value stored in a Value file
Limited Credit
allows a limited increase of a value stored in a Value file without
having full Credit permissions to the file
Write Record
writes data to a record in a Cyclic or Linear Record file
Read Records
reads out a set of complete records from a Cyclic or Linear Record
file
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
11 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
Table 9.
Data manipulation commands ?continued
Command
Description
Clear RecordFile
resets a Cyclic or Linear Record file to empty state
Commit Transaction
validates all previous write accesses on Backup Data files, Value
files and Record files within one application
Abort Transaction
invalidates all previous write accesses on Backup Data files, Value
files and Record files within one application
Remark: All command and data frames are exchanged between MIFARE DESFire EV1
and PCD by using block format as defined in ISO/IEC 14443-4.
9.7 MIFARE DESFire EV1 command set - ISO/IEC 7816 APDU commands
The MIFARE DESFire EV1 provides the following commands according to ISO/IEC
7816-4:
– INS code ‘A4’ SELECT
– INS code ‘B0’ READ BINARY
– INS code ‘D6’ UPDATE BINARY
– INS code ‘B2’ READ RECORDS
– INS code ‘E2’ APPEND RECORD
– INS code ‘84’ GET CHALLENGE
– INS code ‘88’ INTERNAL AUTHENTICATE
– INS code ‘82’ EXTERNAL AUTHENTICATE
9.7.1 ISO/IEC 7816-4 APDU message structure
MIFARE DESFire EV1 supports the APDU message structure according to ISO/IEC
7816-4 for:
– an optional wrapping of the native MIFARE DESFire EV1 APDU format
– additionally implemented ISO/IEC 7816-4 commands
Find more information on the ISO/IEC 7816-4 commands in Ref. 1.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
12 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
10. Abbreviations
Table 10.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Abbreviations
Acronym
Description
AES
Advanced Encryption Standard
AID
Application IDentifier
APDU
Application Protocol Data Unit
ATS
Answer to Select
CC
Common Criteria
CMAC
Cryptic Message Authentication Code
CRC
Cyclic Redundancy Check
DES
Digital Encryption Standard
DF
Dedicated File
EAL
Evaluation Assurance Level
EEPROM
Electrically Erasable Programmable Read-Only Memory
FWT
Frame Waiting Time
ID
IDentifier
INS
Instructions
LCR
inductance, Capacitance, Resistance
MAC
Message Authentication Code
MAD
MIFARE Application Directory
NV
Non-Volatile Memory
PCD
Proximity Coupling Device
PPS
Protocol Parameter Selection
RATS
Request Answer To Select
REQA
Request Answer
RF
Radio Frequency
UID
Unique Identifier
WTX
Waiting Time eXtension
WUPA
Wake Up Protocol A
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
13 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
11. References
[1]
Data sheet — MF3ICD81 MIFARE DESFire EV1, document number: 13403**1.
[2]
Data sheet — MF3ICD81 Guidance, Delivery and Operation Manual, document
number: 1469**.
[3]
Data sheet — Specification addendum MF3ICD81, document number: 1673**.
[4]
Data sheet — MF3ICD8101 Sawn bumped 120 m wafer addendum, document
number: 1318**.
[5]
Data sheet — MF3ICDH8101 Sawn bumped 120 m wafer addendum, document
number: 1970**.
[6]
Data sheet — MF3MODx21_41_81 Contactless chip card module, document
number: 1439**.
[7]
Application note — MIFARE DESFire - Implementation hints and examples,
document number: 0945**.
[8]
Application note — Card Coil Design Notes for MIFARE DESFire EV1, document
number: 1713**.
[9]
Application note — MIFARE Application Directory, document number: 0018**.
[10] Application note — MIFARE ISO/IEC 14443 PICC Selection, document number:
1308**.
[11] Application note — End to end system security risk considerations for
implementing contactless cards, document number: 1550**.
[12] ISO/IEC Standard — ISO/IEC 14443 Identification cards - Contactless integrated
circuit cards - Proximity cards.
1.
** ... BU-ID document version number
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
14 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
12. Revision history
Table 11.
Revision history
Document ID
Release date
MF3ICDX21_41_81_SDS v3.2 20151209
Modifications:
•
MF3ICD21_41_81_SDS_2
Modifications:
•
•
•
Change
notice
Supersedes
Product short data sheet
-
MF3ICDX21_41_81_SDS v3.1
-
MF3ICD21_41_81_SDS_2
Section 5: MOA8 types added
MF3ICDX21_41_81_SDS v3.1 20101221
Modifications:
Data sheet status
Product short data sheet
Data sheet title updated
Section 1, Section 2, Section 3, Section 11, Section 13: updated
Section 5: type number MF3ICD801DUD/04 changed to MF3ICD8101DUD/05
20090306
Product short data sheet
-
MF3ICD8101_SDS_N_1
•
Section 5 “Ordering information”: type number MF3ICD8101DUD/01 changed to
MF3ICD8101DUD/04
•
•
Section 5 “Ordering information”: added root type numbers MF3ICD41 and MF3ICD21
Section 1 “General description”, Section 2 “Features and benefits” and Section 3
“Applications”: updated
• Section 11 “References”: added
MF3ICD8101_SDS_N_1
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
20071213
Objective short data sheet -
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
-
© NXP Semiconductors N.V. 2015. All rights reserved.
15 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
13. Legal information
13.1 Data sheet status
Document status[1][2]
Product status[3]
Definition
Objective [short] data sheet
Development
This document contains data from the objective specification for product development.
Preliminary [short] data sheet
Qualification
This document contains data from the preliminary specification.
Product [short] data sheet
Production
This document contains the product specification.
[1]
Please consult the most recently issued document before initiating or completing a design.
[2]
The term ‘short data sheet’ is explained in section “Definitions”.
[3]
The product status of device(s) described in this document may have changed since this document was published and may differ in case of multiple devices. The latest product status
information is available on the Internet at URL http://www.nxp.com.
13.2 Definitions
Draft — The document is a draft version only. The content is still under
internal review and subject to formal approval, which may result in
modifications or additions. NXP Semiconductors does not give any
representations or warranties as to the accuracy or completeness of
information included herein and shall have no liability for the consequences of
use of such information.
Short data sheet — A short data sheet is an extract from a full data sheet
with the same product type number(s) and title. A short data sheet is intended
for quick reference only and should not be relied upon to contain detailed and
full information. For detailed and full information see the relevant full data
sheet, which is available on request via the local NXP Semiconductors sales
office. In case of any inconsistency or conflict with the short data sheet, the
full data sheet shall prevail.
Product specification — The information and data provided in a Product
data sheet shall define the specification of the product as agreed between
NXP Semiconductors and its customer, unless NXP Semiconductors and
customer have explicitly agreed otherwise in writing. In no event however,
shall an agreement be valid in which the NXP Semiconductors product is
deemed to offer functions and qualities beyond those described in the
Product data sheet.
13.3 Disclaimers
Limited warranty and liability — Information in this document is believed to
be accurate and reliable. However, NXP Semiconductors does not give any
representations or warranties, expressed or implied, as to the accuracy or
completeness of such information and shall have no liability for the
consequences of use of such information. NXP Semiconductors takes no
responsibility for the content in this document if provided by an information
source outside of NXP Semiconductors.
In no event shall NXP Semiconductors be liable for any indirect, incidental,
punitive, special or consequential damages (including - without limitation - lost
profits, lost savings, business interruption, costs related to the removal or
replacement of any products or rework charges) whether or not such
damages are based on tort (including negligence), warranty, breach of
contract or any other legal theory.
Notwithstanding any damages that customer might incur for any reason
whatsoever, NXP Semiconductors’ aggregate and cumulative liability towards
customer for the products described herein shall be limited in accordance
with the Terms and conditions of commercial sale of NXP Semiconductors.
Right to make changes — NXP Semiconductors reserves the right to make
changes to information published in this document, including without
limitation specifications and product descriptions, at any time and without
notice. This document supersedes and replaces all information supplied prior
to the publication hereof.
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
Suitability for use — NXP Semiconductors products are not designed,
authorized or warranted to be suitable for use in life support, life-critical or
safety-critical systems or equipment, nor in applications where failure or
malfunction of an NXP Semiconductors product can reasonably be expected
to result in personal injury, death or severe property or environmental
damage. NXP Semiconductors and its suppliers accept no liability for
inclusion and/or use of NXP Semiconductors products in such equipment or
applications and therefore such inclusion and/or use is at the customer’s own
risk.
Applications — Applications that are described herein for any of these
products are for illustrative purposes only. NXP Semiconductors makes no
representation or warranty that such applications will be suitable for the
specified use without further testing or modification.
Customers are responsible for the design and operation of their applications
and products using NXP Semiconductors products, and NXP Semiconductors
accepts no liability for any assistance with applications or customer product
design. It is customer’s sole responsibility to determine whether the NXP
Semiconductors product is suitable and fit for the customer’s applications and
products planned, as well as for the planned application and use of
customer’s third party customer(s). Customers should provide appropriate
design and operating safeguards to minimize the risks associated with their
applications and products.
NXP Semiconductors does not accept any liability related to any default,
damage, costs or problem which is based on any weakness or default in the
customer’s applications or products, or the application or use by customer’s
third party customer(s). Customer is responsible for doing all necessary
testing for the customer’s applications and products using NXP
Semiconductors products in order to avoid a default of the applications and
the products or of the application or use by customer’s third party
customer(s). NXP does not accept any liability in this respect.
Limiting values — Stress above one or more limiting values (as defined in
the Absolute Maximum Ratings System of IEC 60134) will cause permanent
damage to the device. Limiting values are stress ratings only and (proper)
operation of the device at these or any other conditions above those given in
the Recommended operating conditions section (if present) or the
Characteristics sections of this document is not warranted. Constant or
repeated exposure to limiting values will permanently and irreversibly affect
the quality and reliability of the device.
Terms and conditions of commercial sale — NXP Semiconductors
products are sold subject to the general terms and conditions of commercial
sale, as published at http://www.nxp.com/profile/terms, unless otherwise
agreed in a valid written individual agreement. In case an individual
agreement is concluded only the terms and conditions of the respective
agreement shall apply. NXP Semiconductors hereby expressly objects to
applying the customer’s general terms and conditions with regard to the
purchase of NXP Semiconductors products by customer.
No offer to sell or license — Nothing in this document may be interpreted or
construed as an offer to sell products that is open for acceptance or the grant,
conveyance or implication of any license under any copyrights, patents or
other industrial or intellectual property rights.
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
16 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
Export control — This document as well as the item(s) described herein
may be subject to export control regulations. Export might require a prior
authorization from competent authorities.
Translations — A non-English (translated) version of a document is for
reference only. The English version shall prevail in case of any discrepancy
between the translated and English versions.
Quick reference data — The Quick reference data is an extract of the
product data given in the Limiting values and Characteristics sections of this
document, and as such is not complete, exhaustive or legally binding.
13.4 Licenses
Non-automotive qualified products — Unless this data sheet expressly
states that this specific NXP Semiconductors product is automotive qualified,
the product is not suitable for automotive use. It is neither qualified nor tested
in accordance with automotive testing or application requirements. NXP
Semiconductors accepts no liability for inclusion and/or use of
non-automotive qualified products in automotive equipment or applications.
In the event that customer uses the product for design-in and use in
automotive applications to automotive specifications and standards, customer
(a) shall use the product without NXP Semiconductors’ warranty of the
product for such automotive applications, use and specifications, and (b)
whenever customer uses the product for automotive applications beyond
NXP Semiconductors’ specifications such use shall be solely at customer’s
own risk, and (c) customer fully indemnifies NXP Semiconductors for any
liability, damages or failed product claims resulting from customer design and
use of the product for automotive applications beyond NXP Semiconductors’
standard warranty and NXP Semiconductors’ product specifications.
ICs with DPA Countermeasures functionality
NXP ICs containing functionality
implementing countermeasures to
Differential Power Analysis and Simple
Power Analysis are produced and sold
under applicable license from
Cryptography Research, Inc.
13.5 Trademarks
Notice: All referenced brands, product names, service names and trademarks
are the property of their respective owners.
MIFARE — is a trademark of NXP Semiconductors N.V.
DESFire — is a trademark of NXP Semiconductors N.V.
14. Contact information
For more information, please visit: http://www.nxp.com
For sales office addresses, please send an email to: [email protected]
MF3ICDX21_41_81_SDS
Product short data sheet
COMPANY PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 9 December 2015
145632
© NXP Semiconductors N.V. 2015. All rights reserved.
17 of 18
MF3ICDx21_41_81
NXP Semiconductors
MIFARE DESFire EV1 contactless multi-application IC
15. Tables
Table 1.
Table 2.
Table 3.
Table 4.
Table 5.
Table 6.
Quick reference data [1][2] . . . . . . . . . . . . . . . . . .4
Ordering information . . . . . . . . . . . . . . . . . . . . .4
Limiting values [1][2] . . . . . . . . . . . . . . . . . . . . . . .6
ISO/IEC 14443-3 . . . . . . . . . . . . . . . . . . . . . . . .9
ISO/IEC 14443-4 . . . . . . . . . . . . . . . . . . . . . . . .9
Security related commands . . . . . . . . . . . . . . .10
Table 7.
Table 8.
Table 9.
Table 10.
Table 11.
Level commands . . . . . . . . . . . . . . . . . . . . . . . 10
Application level commands . . . . . . . . . . . . . . 11
Data manipulation commands . . . . . . . . . . . . 11
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . 13
Revision history . . . . . . . . . . . . . . . . . . . . . . . . 15
16. Figures
Fig 1. Block diagram of MF3ICD(H)81, MF3ICD(H)41,
MF3ICD(H)215
17. Contents
1
2
2.1
2.2
2.3
2.4
2.5
2.6
3
4
5
6
7
8
8.1
8.2
8.3
8.4
8.5
8.6
9
9.1
9.2
9.3
9.4
9.5
General description . . . . . . . . . . . . . . . . . . . . . . 1
Features and benefits . . . . . . . . . . . . . . . . . . . . 2
RF interface: ISO/IEC 14443 Type A . . . . . . . . 2
ISO/IEC 7816 compatibility . . . . . . . . . . . . . . . 2
Non-volatile memory. . . . . . . . . . . . . . . . . . . . . 2
NV-memory organization . . . . . . . . . . . . . . . . . 2
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Special features . . . . . . . . . . . . . . . . . . . . . . . . 3
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Quick reference data . . . . . . . . . . . . . . . . . . . . . 4
Ordering information . . . . . . . . . . . . . . . . . . . . . 4
Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Limiting values. . . . . . . . . . . . . . . . . . . . . . . . . . 6
Functional description . . . . . . . . . . . . . . . . . . . 7
Contactless energy and data transfer. . . . . . . . 7
Anti-collision . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
UID/serial number. . . . . . . . . . . . . . . . . . . . . . . 7
Memory organization . . . . . . . . . . . . . . . . . . . . 7
Available file types . . . . . . . . . . . . . . . . . . . . . . 8
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
DESFire command set. . . . . . . . . . . . . . . . . . . . 9
ISO/IEC 14443-3 . . . . . . . . . . . . . . . . . . . . . . . 9
ISO/IEC 14443-4 . . . . . . . . . . . . . . . . . . . . . . . 9
MIFARE DESFire EV1 command set overview –
security related commands. . . . . . . . . . . . . . . 10
MIFARE DESFire EV1 command set overview –
MIFARE DESFire EV1 level commands . . . . . 10
MIFARE DESFire EV1 command set overview –
application level commands . . . . . . . . . . . . . . 11
9.6
9.7
9.7.1
10
11
12
13
13.1
13.2
13.3
13.4
13.5
14
15
16
17
MIFARE DESFire EV1 command set overview –
data manipulation commands . . . . . . . . . . . . . 11
MIFARE DESFire EV1 command set ISO/IEC 7816 APDU commands . . . . . . . . . . 12
ISO/IEC 7816-4 APDU message structure . . 12
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . 13
References. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Revision history . . . . . . . . . . . . . . . . . . . . . . . 15
Legal information . . . . . . . . . . . . . . . . . . . . . . 16
Data sheet status . . . . . . . . . . . . . . . . . . . . . . 16
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Contact information . . . . . . . . . . . . . . . . . . . . 17
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Please be aware that important notices concerning this document and the product(s)
described herein, have been included in section ‘Legal information’.
© NXP Semiconductors N.V. 2015.
All rights reserved.
For more information, please visit: http://www.nxp.com
For sales office addresses, please send an email to: [email protected]
Date of release: 9 December 2015
145632