MF3D(H)x2 MIFARE DESFire EV2 contactless multi-application IC Rev. 2.0 — 24 February 2016 364220 Preliminary short data sheet COMPANY PUBLIC 1. General description 1.1 Introduction MIFARE DESFire EV2 (MF3D(H)x2) is the latest addition to the MIFARE DESFire product family introducing new features along with enhanced performance for best user experience. The MIFARE DESFire EV2 is Common Criteria EAL5+ security certified which is the same security certification level as demanded for smart card IC products used e.g. for banking cards or electronic passports. It fully complies with the requirements for fast and highly secure data transmission and flexible application management. This makes it the ideal product for service providers and service operators who want to offer an easy, convenient and secure access to a wide variety of different services. MIFARE DESFire EV2 offers best flexibility when creating multi-application schemes and features such as MIsmartApp with multiple key sets and Transaction MAC are supporting new business models. Smart Cities services for example could be utilized with only one MIFARE DESFire EV2 card by combining services such as public transportation, car or bike sharing, access to city attractions with citizen services, closed-loop e-payment applications and local loyalty programs. MIFARE DESFire EV2 is based on global open standards for both air interface and cryptographic methods. It is compliant to all levels of ISO/IEC 14443A and supports optional ISO/IEC 7816-4 commands (APDU and file structure supported) and is fully interoperable with existing MIFARE reader infrastructure. Featuring an on-chip backup management system and the mutual three pass authentication, a MIFARE DESFire EV2 card can hold as many applications as the memory can accommodate. Each application can hold up to 32 files with various data configurations. The size of each file is defined at the moment of its creation, making MIFARE DESFire EV2 a truly flexible and convenient product. An automatic anti-tear mechanism is available for all file types, guaranteeing transaction oriented data integrity. The main characteristics of this device are denoted by its name “DESFire”: DES indicates the high level of security using a 3DES or AES hardware cryptographic engine for confidentiality and integrity protection of the transmission data. Fire indicates its outstanding position as a Fast, Innovative, Reliable and sEcure IC in the contactless proximity transaction market. MIFARE DESFire EV2 delivers the perfect balance of speed, performance and cost efficiency. Its open concept allows seamless future integration of other ticketing media such as smart paper tickets, banking convergence card, and mobile ticketing based on Near Field Communication (NFC) technology. It is also fully compatible with the existing MIFARE reader hardware platform. MIFARE DESFire EV2 is your ticket to secure contactless systems worldwide. MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 1.2 Evolution of MIFARE DESFire products family MIFARE DESFire has evolved over time, enhancing its security properties to protect against current and future security threats, and adding new features to better suit into new user requirements. MIFARE DESFire EV2 is the third generation of the MIFARE DESFire products family succeeding MIFARE DESFire EV1. It is functionally backward compatible with both MIFARE DESFire EV1 and MIFARE DESFire D40 (MF3ICD40). Figure 1 shows the relationship between the three generations of MIFARE DESFire products. The latest generation encompasses the features from the older generation(s). Therefore, allowing existing users of the older products to adopt the latest product with minimum or no changes to their infrastructures. MIFARE DESFire EV2 can be used as a MIFARE DESFire EV1 in its default delivery configuration. Every new features would required an activation and/or the use of new commands. CC EAL5+ on HW and SW 2 KB, 4 KB or 8 KB EEPROM Unlimited Applications, 32 files 6 file types - new Transaction MAC file 17 pF or 70 pF Secure messaging (EV2): AES128 Improved ISO7816-4 APDU and cmds Configurable ATS with FSCI setting up to 128 bytes transfer buffer MIsmartApp Transaction MAC Multiple Key Sets Multiple keys per access rights Shared application management Update Record command Virtual Card Architecture Proximity Check Originality Check CC EAL4+ on HW and SW 2 KB, 4 KB or 8 KB EEPROM 28 Applications, 32 files 5 file types 17 pF or 70 pF 4 KB EEPROM 28 Applications, 16 files 5 file types 17 pF Secure messaging (D40): 2KTDEA and Single DES ISO7816-4 APDU and cmds (3) Automatic backup mechanism 1 PICC key, 14 keys per App Higher baudrate (up to 848 kbps) Secure messaging (EV1): 2KTDEA and 3KTDEA and AES128 Random ID ISO7816-4 APDU and cmds (8) ISO7816-4 file structure support Configurable ATS aaa-022074 Fig 1. Evolution of MIFARE DESFire MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 2 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 2. Features and benefits 2.1 Features overview 2.1.1 RF interface: ISO/IEC 14443 Type A Contactless interface compliant with ISO/IEC 14443-2/3 A Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna geometry) Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s 7 bytes unique identifier (option for Random ID) Uses ISO/IEC 14443-4 transmission protocol Configurable FSCI to support up to 128 bytes frame size (new) 2.1.2 Non-volatile memory 2 kB, 4 kB or 8 kB EEPROM Data retention of 25 years Write endurance typical 500 000 cycles Fast programming cycles (erase/write) 1 ms 2.1.3 NV-memory organization Flexible file system: user can freely define application structures on PICC Virtually no limitation on number of applications per PICC (new) Up to 32 files in each application (6 file types available: Standard Data file, Back-up Data file, Value file, Linear Record file, Cyclic Record file and Transaction MAC file) File size is determined during creation (not for Transaction MAC file) 2.1.4 Security MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC Common Criteria certification: EAL5+ (Hardware and Software) Unique 7 bytes serial number for each device Optional “RANDOM” ID for enhance security and privacy Mutual three pass authentication Mutual authentication according to ISO/IEC 7816-4 Flexible key management: 1 card master key and up to 14 keys per application Hardware DES using 56/112/168 bit keys featuring key version Hardware AES using 128-bit keys featuring key version Data authenticity by 8 byte CMAC Data encryption on RF-channel Authentication on application level Hardware exception sensors Self-securing file system Backward compatibility to MF3ICD40: 4 byte MAC, CRC 16 All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 3 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 2.1.5 New features on MIFARE DESFire EV2 MIsmartApp (Delegated Application Management) Memory reuse in DAM applications (Format Application) Transaction MAC on application level Multiple Key Sets per application with fast key rolling mechanism (up to 16 sets) Accessing files from any two applications during a single transaction Multiple keys assignment for each file access rights (up to 8) Virtual Card Architecture for enhanced card/application selection on multi-VC devices with privacy protection Proximity Check for protection against Relay Attacks Originality Check for proof of genuine NXP’s product New EV2 Secure Messaging based on AES (similar with MIFARE Plus’s secure messaging) 2.1.6 ISO/IEC 7816 compatibility Supports ISO/IEC 7816-4 file structure (selection by File ID or DF name) Supports ISO/IEC 7816-4 APDU message structure Supports ISO/IEC 7816-4 APDU wrapper for MIFARE DESFire native commands Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE Supports ISO/IEC 7816-4 INS code ‘B0’ for READ BINARY Supports ISO/IEC 7816-4 INS code ‘D6’ for UPDATE BINARY Supports ISO/IEC 7816-4 INS code ‘B2’ for READ RECORDS Supports ISO/IEC 7816-4 INS code ‘E2’ for APPEND RECORD Supports ISO/IEC 7816-4 INS code ‘84’ for GET CHALLENGE Supports ISO/IEC 7816-4 INS code ‘88’ for INTERNAL AUTHENTICATE Supports ISO/IEC 7816-4 INS code ‘82’ for EXTERNAL AUTHENTICATE 2.1.7 Special features MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC Transaction oriented automatic anti-tear mechanism Configurable ATS information for card personalization Backward compatibility mode to MIFARE DESFire EV1 and D40 (MF3ICD40) Optional high input capacitance (70pF) for small form factor designs (MF3DHx2) All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 4 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 2.2 Summary of key differences between MIFARE DESFire generations Table 1 shows the key differences between each product generation of the MIFARE DESFire family. Table 1. Key differences between MIFARE DESFire generations Features MIFARE DESFire D40 MIFARE DESFire EV1 MIFARE DESFire EV2 Cryptography scheme(s) Single DES, 2KTDEA Single DES, 2KTDEA, 3KTDEA, AES128 Single DES, 2KTDEA, 3KTDEA, AES128 Secure messaging(s) D40 Native D40 Native, EV1 D40 Native, EV1, EV2 No. of applications 28 28 No limit No. of files per application 16 32 32 Max. no. of files with backup 8 32 32 ISO/IEC7816-4 commands 3 8 8 (refine) Random ID No Yes Yes Configurable ATS No Yes, Historical bytes only Yes, all parameters (FSCI supporting up to 128 bytes) Max. communication buffer 64 bytes 64 bytes 128 bytes Chaining during data transfer Native (AFh) Native (AFh) Native (AFh) or ISO/IEC14443-4 Multiple Key Sets with rolling No No Yes MIsmartApp (Delegated Application Management) No No Yes Shared Application Management No No Yes Multiple keys per access right No No Yes UpdateRecord command No No Yes Transaction MAC No No Yes Virtual Card Architecture No No Yes Proximity Check No No Yes Originality Check No No Yes 3. Applications MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC Secure public transport ticketing Multi-application smart city and mobility card Secure access management Micro-payment and Loyalty Student ID Road tolling and parking Hospitality Event ticketing All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 5 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 4. Quick reference data Table 2. Quick reference data [1][2] Symbol Parameter fi input frequency input capacitance Ci Conditions Min Typ Max Unit - 13.56 - MHz MF3Dx2 [3][4] 16.15 17.0 17.85 pF MF3DHx2 [3][4] 66.5 70.0 73.5 pF EEPROM characteristics tret retention time Tamb = 22 C 25 - - year Nendu(W) write endurance Tamb = 22 C 200000 500000 - cycle tcy(W) write cycle time Tamb = 22 C - 1 - ms [1] Stresses above one or more of the values may cause permanent damage to the device. [2] Exposure to limiting values for extended periods may affect device reliability. [3] Measured with LCR meter. [4] Tamb = 22 C; fi = 13.56 MHz; 2 V RMS MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 6 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 5. Ordering information Table 3. Ordering information Type number Package Description FFC Version 8 inch wafer (sawn; 120 m thickness)[1][2]; 8K EE, 17pF input capacitance - FFC 8 inch wafer (sawn; 120 m thickness)[1][2]; 4K EE, 17pF input capacitance - MF3D2201DUD/00 FFC 8 inch wafer (sawn; 120 m thickness)[1][2]; 2K EE, 17pF input capacitance - MF3DH8201DUD/00 FFC 8 inch wafer (sawn; 120 m thickness)[1][2]; 8K EE, 70pF input capacitance MF3DH4201DUD/00 FFC 8 inch wafer (sawn; 120 m thickness)[1][2]; 4K EE, 70pF input capacitance MF3DH2201DUD/00 FFC 8 inch wafer (sawn; 120 m thickness)[1][2]; 2K EE 70pF input capacitance MF3D8201DUF/00 FFC 8 inch wafer (sawn; 75 m thickness)[1][2]; 8K EE, 17pF input capacitance - MF3D4201DUF/00 FFC 8 inch wafer (sawn; 75 m thickness)[1][2]; 4K EE, 17pF input capacitance - MF3D2201DUF/00 FFC 8 inch wafer (sawn; 75 m thickness)[1][2]; 2K EE, 17pF input capacitance - MF3DH8201DUF/00 FFC 8 inch wafer (sawn; 75 m thickness)[1][2]; 8K EE, 70pF input capacitance - MF3DH4201DUF/00 FFC 8 inch wafer (sawn; 75 m thickness)[1][2]; 4K EE, 70pF input capacitance - MF3DH2201DUF/00 FFC 8 inch wafer (sawn; 75 m thickness)[1][2]; 2K EE, 70pF input capacitance - MF3D8200DA4/00 MOA4 plastic leadless module carrier package; 8K EE, 17pF input capacitance SOT500-2 MF3D4200DA4/00 MOA4 plastic leadless module carrier package; 4K EE, 17pF input capacitance SOT500-2 MF3D2200DA4/00 MOA4 plastic leadless module carrier package; 2K EE, 17pF input capacitance SOT500-2 MF3DH8200DA4/00 MOA4 plastic leadless module carrier package; 8K EE, 70pF input capacitance SOT500-2 MF3DH4200DA4/00 MOA4 plastic leadless module carrier package; 4K EE, 70pF input capacitance SOT500-2 MF3DH2200DA4/00 MOA4 plastic leadless module carrier package; 2K EE, 70pF input capacitance SOT500-2 MF3D8200DA6/00 MOB6 plastic leadless module carrier package; 8K EE, 17pF input capacitance SOT500-3 MF3D4200DA6/00 MOB6 plastic leadless module carrier package; 4K EE, 17pF input capacitance SOT500-3 MF3D2200DA6/00 MOB6 plastic leadless module carrier package; 2K EE, 17pF input capacitance SOT500-3 MF3DH8200DA6/00 MOB6 plastic leadless module carrier package; 8K EE, 70pF input capacitance SOT500-3 MF3DH4200DA6/00 MOB6 plastic leadless module carrier package; 4K EE, 70pF input capacitance SOT500-3 MF3DH2200DA6/00 MOB6 plastic leadless module carrier package; 2K EE, 70pF input capacitance SOT500-3 MF3D8201DUD/00 MF3D4201DUD/00 [1] Delivered on film frame carrier with electronic fail die marking according to SECSII format. [2] See Ref. 2 MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 7 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 6. Block diagram ANALOG ROM LA POR OSCILLATOR CLOCK GENERATION LB RECTIFIER, MODULATOR DEMODULATOR CLOCK FILTER data bus MMU CPU VOLTAGE SENSORS SUSPENSION TIME, TEMP SENSOR ACTIVE SHIELDING, RAIL SENSORS LIGHT GLITCH SENSOR RAM VOLTAGE REGULATOR EEPROM MF3D(H)x2 ISO14443 CIU CRC 16/32 TRNG 3-KEY DES AES 128 aaa-022071 Fig 2. MIFARE DESFire EV2 IC block diagram 7. Limiting values Table 4. Limiting values [1][2] In accordance with the Absolute Maximum Rating System (IEC 60134). Symbol Parameter II Min Max Unit input current - 50 mA Ptot/pack total power dissipation per package - 200 mW Tstg storage temperature 55 125 C Tamb ambient temperature 25 70 C - 2 kV VESD Conditions electrostatic discharge voltage [3] [1] Stresses above one or more of the limiting values may cause permanent damage to the device. [2] Exposure to limiting values for extended periods may affect device reliability. [3] MIL Standard 883-C method 3015; human body model: C = 100 pF, R = 1.5 k. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 8 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 8. Functional description 8.1 Introduction MIFARE DESFire EV2 is a contactless multi-application smart card IC compliant with ISOIEC 14443A (part 1-4). The MIFARE DESFire EV2 operating system provides an off-the-shelf development platform for smart card application providers. The memory organization of MIFARE DESFire EV2 is flexible and can be dynamically structured to fit into any application requirements. The application and file structure is shown in Figure 3. Each application folder is a container of data files usable within a certain real world application (e.g. Transport ticketing). There are 5 file types available for data storage and 1 file type for storing Transaction MAC as detailed in Section 8.6. Within the application folder, there are a set of keys and configuration settings dedicated for the application. The application owner can freely organize the file structure and security setting within his application. An adjacent application will not have access to its files as long as they do not possess the correct security rights. MIFARE DESFire EV2 also support the ISO/IEC 7816-4 file structure and APDU. At the PICC level, there is another set of keys and security settings for the PICC owner. The PICC owner will have the right to create or delete any application, but he will not have access to the application's files, unless he knows the application keys too. Application x Application z App. Setting configuration Application Keys PICC Setting and configuration Std. Data File BackUp Data File Cyclic Record File Linear Record File Value File Up to 14 keys, free and never access options per application. Applications are independent of PICC keys and crypto Applications are independent of each other 5 types of data file + 1 Transaction MAC file (optional) Maximum 32 files per application PICC Keys Independent file access and communication settings Application Y Transaction MAC File aaa-022073 Fig 3. MIFARE DESFire EV2 application and file structure MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 9 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC MIFARE DESFire EV2 supports confidential and integrity protected communication (see Section 8.7). Each MIFARE DESFire EV2 application can have its own cryptographic settings (i.e. 2TDEA, 3TDEA or AES) and secure messaging for communication. The D40 and EV1 secure messaging are included in the product for backward compatible support of existing installations. For new projects, the EV2 secure messaging is recommended. MIFARE DESFire EV2 offers a transaction oriented backup mechanism to prevent inconsistent updating of data storage across multiple files during a tearing situation. When transaction tearing occurs, either all data fields are updated or none is altered. Besides the application file structure support, MIFARE DESFire EV2 offers many optional features such as following: • Delegated Application Management (MIsmartApp) for giving rights to third party application creation and management. • Multiple key set within an application with key rolling mechanism and key migration supported. • Shared files between two applications, supporting a single transaction over two applications at the same time. • Multiple keys for each access rights of files. • Transaction MAC on application level, MACing the transacted data with a secret key on the card and served as a proof of transaction to the backend system. • Virtual Card Architecture providing a privacy protecting mechanism during card selection. • Proximity Check to prevent against relay attacks. • Originality Check for verification of genuine MIFARE DESFire EV2 product from NXP or its licensees. The following chapters will provide basic description of some functionality on MIFARE DESFire EV2. For a morel details description of each functionality on MIFARE DESFire EV2, please see Ref. 1. 8.2 Contactless energy and data transfer In the MIFARE system, the MIFARE DESFire EV2 is connected to a coil consisting of a few turns embedded in a standard ISO/IEC smart card. A battery is not needed. When the card is positioned in the proximity of the PCD antenna, the high speed RF communication interface allows data to be transmitted up to 848 kbit/s. 8.3 Anti-collision An intelligent anti-collision mechanism allows more than one MIFARE DESFire EV2 in the field to be handled simultaneously. The anti-collision algorithm selects each MIFARE DESFire EV2 individually and ensures that the execution of a transaction with a selected MIFARE DESFire EV2 is performed correctly without data corruption resulting from other MIFARE DESFire EV2s in the field. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 10 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 8.4 UID/serial number The unique 7 byte (UID) is programmed into a locked part of the NV memory which is reserved for the manufacturer. Due to security and system requirements these bytes are write-protected after being programmed by the IC manufacturer at production time. According to ISO/IEC 14443-3 during the first anti-collision loop the cascade tag returns a value of 88h and also the first 3 bytes of the UID, UID0 to UID2 and BCC. The second anti-collision loop returns bytes UID3 to UID6 and BCC. UID0 holds the manufacturer ID for NXP (04h) according to ISO/IEC 14443-3 and ISO/IEC 7816-6 AMD 1. MIFARE DESFire EV2 also allows Random ID to be used. In this case MIFARE DESFire EV2 only uses a single anti-collision loop. The 3 byte random number is generated after RF reset of the MIFARE DESFire EV2. 8.5 Memory organization The NV memory is organized using a flexible file system. This file system allows a multiple number of different applications on one MIFARE DESFire EV2. Each application can have multiple files. Every application is represented by its 3 bytes Application IDentifier (AID) and an optional ISO DF Name. 5 different data file types and 1 Transaction MAC file type are supported; see Section 8.6. A guideline to assign DESFire AIDs can be found in the application note MIFARE Application Directory (MAD); see Ref. 3. Each file can be created either at MIFARE DESFire EV2 initialization (card production/card printing), at MIFARE DESFire EV2 personalization (vending machine) or in the field. If a file or application becomes obsolete in operation, it can be permanently invalidated. Commands which have impact on the file structure itself (e.g. creation or deletion of applications, change of keys) activate an automatic rollback mechanism, which protects the file structure from being corrupted. If this rollback is necessary, it is done without user interaction before carrying out further commands. To ensure data integrity on application level, a transaction-oriented backup is implemented for all file types with backup. It is possible to mix file types with and without backup within one application. 8.6 Available file types The files within an application can be any of the following types: • • • • • • MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC Standard data files Backup data files Value files with backup Linear record files with backup Cyclic record files with backup Transaction MAC file All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 11 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 8.7 Security The 7 byte UID is fixed, programmed into each device during production. It cannot be altered and ensures the uniqueness of each device. The UID may be used to derive diversified keys for each ticket. Diversified MIFARE DESFire EV2 keys contribute to gain an effective anti-cloning mechanism and increase the security of the original key. Prior to data transmission a mutual three pass authentication can be done between MIFARE DESFire EV2 and PCD depending on the configuration employing either 56-bit DES (single DES, DES), 112-bit DES (triple DES, 3DES), 168-bit DES (3 key triple DES, 3K3DES) or AES. During the authentication the level of security of all further commands during the session is set. In addition the communication settings of the file/application result in the following options of secure communication between MIFARE DESFire EV2 and PCD: • Plain data transfer (only possible within the backwards-compatible mode to MF3ICD40 and EV2 secure messaging) • Plain data transfer with cryptographic checksum (MAC): Authentication with backwards-compatible mode to MF3ICD40: 4 byte MAC; All other authentications based on DES/3DES/AES: 8 byte CMAC • Encrypted data transfer (secured by CRC before encryption): Authentication with backwards-compatible mode to MF3ICD40: A 16-bit CRC is calculated over the stream and attached. The resulting stream is encrypted using the chosen cryptographic method. All other authentications based DES/3DES/AES: A 32-bit CRC is calculated over the stream and attached. The resulting stream is encrypted using the chosen cryptographic method. A cryptographic checksum (CMAC) will also be attached when using EV2 secure messaging. Find more information on the security concept of the product in Ref. 1. Be aware not all levels of security are recommended. For new design, the EV2 secure messaging is recommended. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 12 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 9. DESFire command set This section contains an overview of MF3D(H)x2 command codes. A detailed description of all commands is provided in Ref. 1. 9.0.1 Secure Messaging Commands Table 5. Secure messaging commands overview Command Description Authenticate Authentication as it was already supported by D40. Only for KeyType.2TDEA keys. Note that the PICC only performs encryption operations. After this authentication, the D40 backwards compatible secure messaging is used. AuthenticateISO Authentication as already supported by DESFire EV1. Only for KeyType.2TDEA or KeyType.3TDEA keys. After this authentication EV1 backwards compatible secure messaging is used. AuthenticateAES Authentication as already supported by DESFire EV1. Only for KeyType.AES keys. After this authentication EV1 backwards compatible secure messaging is used. AuthenticateEV2First Authentication for KeyType.AES keys. After this authentication EV2 secure messaging is used. This authentication is intended to be the first in a transaction. AuthenticateEV2NonFirst Authentication for KeyType.AES keys. After this authentication EV2 secure messaging is used. This authentication is intended for any subsequent authentication after Cmd.AuthenticateEV2First in a transaction. 9.0.2 Memory and Configuration Management Commands Table 6. Memory and configuration management commands overview Command Description FreeMem Returns the free memory available on the card Format At PICC level, all applications and files are deleted. At application level (only for delegated applications), all files are deleted. The deleted memory is released and can be reused. SetConfiguration Configures the card and pre personalizes the card with a key, defines if the UID or the random ID is sent back during communication setup and configures the ATS string. GetVersion Returns manufacturing related data of the PICC. GetCardUID Returns the UID. 9.1 Key Management Commands Table 7. Key management commands overview Command Description ChangeKey Changes any key stored on the PICC. ChangeKeyEV2 Depending on the currently selected AID, this command updates a key of the PICC or of one specified application keyset. InitializeKeySet Depending on the currently selected application, initialize the key set with specific index. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 13 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC Table 7. Key management commands overview …continued Command Description FinalizeKeySet Within the currently selected application, finalize the key set with specified number RollKeySet Within the currently selected application, roll to the key set with specified number GetKeySettings Gets information on the PICC and application master key settings. ChangeKeySettings Changes the master key settings on PICC and application level. GetKeyVersion Reads out the current key version of any key stored on the PICC. 9.2 Application Management Commands Table 8. Application management commands overview Command Description CreateApplication Creates new applications on the PICC. The application is initialized according to the given settings. The application keys of the active key set are initialized with the Default Application Key. DeleteApplication Permanently deactivates applications on the PICC. CreateDelegatedApplication Creates delegated applications on the PICC with limited memory consumption. SelectApplication Selects one specific application for further access. GetApplicationIDs Returns the Application IDentifiers of all applications on a PICC. GetDFNames Returns the DF names GetDelegatedInfo Returns the DAMSlotVersion and QuotaLimit of a target DAM slot on the card. 9.3 File Management Commands Table 9. File management commands overview Command Description CreateStdDataFile Creates files for the storage of plain unformatted user data within an existing application on the PICC. CreateBackupDataFile Creates files for the storage of plain unformatted user data within an existing application on the PICC, additionally supporting the feature of an integrated backup mechanism. CreateValueFile Creates files for the storage and manipulation of 32bit signed integer values within an existing application on the PICC. CreateLinearRecordFile Creates files for multiple storage of structural similar data, for example for loyalty programs, within an existing application on the PICC. Once the file is filled completely with data records, further writing to the file is not possible unless it is cleared. CreateCyclicRecordFile Creates files for multiple storage of structural similar data, for example for logging transactions, within an existing application on the PICC. Once the file is filled completely with data records, the PICC automatically overwrites the oldest record with the latest written one. This wrap is fully transparent for the PCD. CreateTransactionMACFile Creates a Transaction MAC File and enables the Transaction MAC feature for the targeted application. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 14 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC Table 9. File management commands overview Command Description DeleteFile Permanently deactivates a file within the file directory of the currently selected application. GetFileIDs Returns the File IDentifiers of all active files within the currently selected application. GetISOFileIDs Get back the ISO File ID. GetFileSettings Get information on the properties of a specific file. ChangeFileSettings Changes the access parameters of an existing file. 9.4 Data Management Commands Table 10. Data management commands overview Command Description ReadData Reads data from FileType.StandardData or FileType.BackupData. WriteData Writes data to FileType.StandardData or FileType.BackupData GetValue Reads the currently stored value from FileType.Value. Credit Increases a value stored in a FileType.Value. Debit Decreases a value stored in a FileType.Value. LimitedCredit Allows a limited increase of a value stored in a FileType.Value without having full Credit permissions to the file. ReadRecords Reads out a set of complete records from a FileType.CyclicRecord or FileType.LinearRecord. WriteRecord Writes data to a record in a FileType.CyclicRecord or FileType.LinearRecord. UpdateRecord Updates data of an existing record in a FileType.LinearRecord or FileType.CyclicRecord file. ClearRecordFile Resets a FileType.LinearRecord or FileType.CyclicRecord to empty state. 9.5 Transaction Management Commands Table 11. Transaction management commands overview Command Description CommitTransaction Validates all previous write access’ on FileType.BackupData, FileType.Value, FileType.LinearRecord and FileType.CyclicRecord within one application. AbortTransaction Invalidates all previous write access’ on FileType.BackupData, FileType.Value, FileType.LinearRecord and FileType.CyclicRecord within one application. CommitReaderID Commits a ReaderID for the ongoing transaction. This will allow a backend to identify the attacking merchant in case of fraud detected. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 15 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 9.6 ISO/IEC 7816-4 Standard Commands Table 12. ISO/IEC 7816-4 support commands overview Command Description ISOSelectFile Selects either the PICC level, a DESFire application or a DESFire file within an application. ISOReadBinary Read data from FileType.StandardData and FileType.BackupData files. ISOUpdateBinary Write data to FileType.StandardData and FileType.BackupData files. ISOReadRecord Read data from FileType.LinearRecord and FileType.CyclicRecord files. ISOAppendRecord Write a new record to FileType.LinearRecord and FileType.CyclicRecord files. ISOGetChallenge To initiate a ISO/IEC 7816-4 authentication ISOExternalAutheticate Authenticate the PCD during a ISO/IEC 7816-4 authentication ISOInternalAuthenticate Authenticate the PICC during a ISO/IEC 7816-4 authentication 9.7 Virtual Card Commands Table 13. Virtual Card commands overview Command Description ISOSelect Select VC with the given IID. ISOExternalAuthenticate Authenticate PCD before accessing the VC. 9.8 Proximity Check Commands Table 14. Proximity Check commands overview Command Description PreparePC Prepare for the Proximity Check ProximityCheck Perform the precise measurement for the Proximity Check VerifyPC Verify the Proximity Check 9.9 Originality Check Commands Table 15. Originality Check commands overview Command Description Read_Sig Retrieve the ECC originality check signature MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 16 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 10. Abbreviations Table 16. Abbreviations Acronym Description AES Advanced Encryption Standard AID Application IDentifier APDU Application Protocol Data Unit ATS Answer to Select CC Common Criteria CMAC Cryptic Message Authentication Code CRC Cyclic Redundancy Check DES Digital Encryption Standard DF Dedicated File EAL Evaluation Assurance Level EEPROM Electrically Erasable Programmable Read-Only Memory FWT Frame Waiting Time ID IDentifier INS Instructions LCR inductance, Capacitance, Resistance MAC Message Authentication Code MAD MIFARE Application Directory NV Non-Volatile Memory PCD Proximity Coupling Device PPS Protocol Parameter Selection RATS Request Answer To Select REQA Request Answer RF Radio Frequency UID Unique Identifier WTX Waiting Time eXtension WUPA Wake Up Protocol A MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 17 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 11. References 1. [1] Data sheet — MF3Dx2 MIFARE DESFire EV2 Functional specification, document number: 2260**1. [2] Data sheet — MF3D(H)x2 Wafer specification, document number: 2953**. [3] Application note — MIFARE Application Directory, document number: 0018**. ** ... BU-ID document version number MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 18 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 12. Revision history Table 17. Revision history Document ID Release date Data sheet status MF3Dx2_MF3DHx2_SDS 20160224 Preliminary short data sheet - MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC Change notice All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 Supersedes - © NXP Semiconductors N.V. 2016. All rights reserved. 19 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 13. Legal information 13.1 Data sheet status Document status[1][2] Product status[3] Definition Objective [short] data sheet Development This document contains data from the objective specification for product development. Preliminary [short] data sheet Qualification This document contains data from the preliminary specification. Product [short] data sheet Production This document contains the product specification. [1] Please consult the most recently issued document before initiating or completing a design. [2] The term ‘short data sheet’ is explained in section “Definitions”. [3] The product status of device(s) described in this document may have changed since this document was published and may differ in case of multiple devices. The latest product status information is available on the Internet at URL http://www.nxp.com. 13.2 Definitions Draft — The document is a draft version only. The content is still under internal review and subject to formal approval, which may result in modifications or additions. NXP Semiconductors does not give any representations or warranties as to the accuracy or completeness of information included herein and shall have no liability for the consequences of use of such information. Short data sheet — A short data sheet is an extract from a full data sheet with the same product type number(s) and title. A short data sheet is intended for quick reference only and should not be relied upon to contain detailed and full information. For detailed and full information see the relevant full data sheet, which is available on request via the local NXP Semiconductors sales office. In case of any inconsistency or conflict with the short data sheet, the full data sheet shall prevail. Product specification — The information and data provided in a Product data sheet shall define the specification of the product as agreed between NXP Semiconductors and its customer, unless NXP Semiconductors and customer have explicitly agreed otherwise in writing. In no event however, shall an agreement be valid in which the NXP Semiconductors product is deemed to offer functions and qualities beyond those described in the Product data sheet. 13.3 Disclaimers Limited warranty and liability — Information in this document is believed to be accurate and reliable. However, NXP Semiconductors does not give any representations or warranties, expressed or implied, as to the accuracy or completeness of such information and shall have no liability for the consequences of use of such information. NXP Semiconductors takes no responsibility for the content in this document if provided by an information source outside of NXP Semiconductors. In no event shall NXP Semiconductors be liable for any indirect, incidental, punitive, special or consequential damages (including - without limitation - lost profits, lost savings, business interruption, costs related to the removal or replacement of any products or rework charges) whether or not such damages are based on tort (including negligence), warranty, breach of contract or any other legal theory. Notwithstanding any damages that customer might incur for any reason whatsoever, NXP Semiconductors’ aggregate and cumulative liability towards customer for the products described herein shall be limited in accordance with the Terms and conditions of commercial sale of NXP Semiconductors. Right to make changes — NXP Semiconductors reserves the right to make changes to information published in this document, including without limitation specifications and product descriptions, at any time and without notice. This document supersedes and replaces all information supplied prior to the publication hereof. MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC Suitability for use — NXP Semiconductors products are not designed, authorized or warranted to be suitable for use in life support, life-critical or safety-critical systems or equipment, nor in applications where failure or malfunction of an NXP Semiconductors product can reasonably be expected to result in personal injury, death or severe property or environmental damage. NXP Semiconductors and its suppliers accept no liability for inclusion and/or use of NXP Semiconductors products in such equipment or applications and therefore such inclusion and/or use is at the customer’s own risk. Applications — Applications that are described herein for any of these products are for illustrative purposes only. NXP Semiconductors makes no representation or warranty that such applications will be suitable for the specified use without further testing or modification. Customers are responsible for the design and operation of their applications and products using NXP Semiconductors products, and NXP Semiconductors accepts no liability for any assistance with applications or customer product design. It is customer’s sole responsibility to determine whether the NXP Semiconductors product is suitable and fit for the customer’s applications and products planned, as well as for the planned application and use of customer’s third party customer(s). Customers should provide appropriate design and operating safeguards to minimize the risks associated with their applications and products. NXP Semiconductors does not accept any liability related to any default, damage, costs or problem which is based on any weakness or default in the customer’s applications or products, or the application or use by customer’s third party customer(s). Customer is responsible for doing all necessary testing for the customer’s applications and products using NXP Semiconductors products in order to avoid a default of the applications and the products or of the application or use by customer’s third party customer(s). NXP does not accept any liability in this respect. Limiting values — Stress above one or more limiting values (as defined in the Absolute Maximum Ratings System of IEC 60134) will cause permanent damage to the device. Limiting values are stress ratings only and (proper) operation of the device at these or any other conditions above those given in the Recommended operating conditions section (if present) or the Characteristics sections of this document is not warranted. Constant or repeated exposure to limiting values will permanently and irreversibly affect the quality and reliability of the device. Terms and conditions of commercial sale — NXP Semiconductors products are sold subject to the general terms and conditions of commercial sale, as published at http://www.nxp.com/profile/terms, unless otherwise agreed in a valid written individual agreement. In case an individual agreement is concluded only the terms and conditions of the respective agreement shall apply. NXP Semiconductors hereby expressly objects to applying the customer’s general terms and conditions with regard to the purchase of NXP Semiconductors products by customer. No offer to sell or license — Nothing in this document may be interpreted or construed as an offer to sell products that is open for acceptance or the grant, conveyance or implication of any license under any copyrights, patents or other industrial or intellectual property rights. All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 20 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC Export control — This document as well as the item(s) described herein may be subject to export control regulations. Export might require a prior authorization from competent authorities. Translations — A non-English (translated) version of a document is for reference only. The English version shall prevail in case of any discrepancy between the translated and English versions. Quick reference data — The Quick reference data is an extract of the product data given in the Limiting values and Characteristics sections of this document, and as such is not complete, exhaustive or legally binding. 13.4 Licenses Non-automotive qualified products — Unless this data sheet expressly states that this specific NXP Semiconductors product is automotive qualified, the product is not suitable for automotive use. It is neither qualified nor tested in accordance with automotive testing or application requirements. NXP Semiconductors accepts no liability for inclusion and/or use of non-automotive qualified products in automotive equipment or applications. In the event that customer uses the product for design-in and use in automotive applications to automotive specifications and standards, customer (a) shall use the product without NXP Semiconductors’ warranty of the product for such automotive applications, use and specifications, and (b) whenever customer uses the product for automotive applications beyond NXP Semiconductors’ specifications such use shall be solely at customer’s own risk, and (c) customer fully indemnifies NXP Semiconductors for any liability, damages or failed product claims resulting from customer design and use of the product for automotive applications beyond NXP Semiconductors’ standard warranty and NXP Semiconductors’ product specifications. ICs with DPA Countermeasures functionality NXP ICs containing functionality implementing countermeasures to Differential Power Analysis and Simple Power Analysis are produced and sold under applicable license from Cryptography Research, Inc. 13.5 Trademarks Notice: All referenced brands, product names, service names and trademarks are the property of their respective owners. MIFARE — is a trademark of NXP B.V. DESFire — is a trademark of NXP Semiconductors N.V. 14. Contact information For more information, please visit: http://www.nxp.com For sales office addresses, please send an email to: [email protected] MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 21 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 15. Tables Table 1. Table 2. Table 3. Table 4. Table 5. Table 6. Table 7. Table 8. Key differences between MIFARE DESFire generations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Quick reference data [1][2] . . . . . . . . . . . . . . . . . .6 Ordering information . . . . . . . . . . . . . . . . . . . . .7 Limiting values [1][2] . . . . . . . . . . . . . . . . . . . . . . .8 Secure messaging commands overview . . . . .13 Memory and configuration management commands overview . . . . . . . . . . . . . . . . . . . . .13 Key management commands overview . . . . . .13 Application management commands overview 14 Table 9. Table 10. Table 11. Table 12. Table 13. Table 14. Table 15. Table 16. Table 17. File management commands overview . . . . . . 14 Data management commands overview . . . . . 15 Transaction management commands overview15 ISO/IEC 7816-4 support commands overview. 16 Virtual Card commands overview . . . . . . . . . . 16 Proximity Check commands overview . . . . . . . 16 Originality Check commands overview . . . . . . 16 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . 17 Revision history . . . . . . . . . . . . . . . . . . . . . . . . 19 16. Figures Fig 1. Fig 2. Fig 3. Evolution of MIFARE DESFire . . . . . . . . . . . . . . . .2 MIFARE DESFire EV2 IC block diagram . . . . . . . .8 MIFARE DESFire EV2 application and file structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 MF3Dx2_MF3DHx2_SDS Preliminary short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 2.0 — 24 February 2016 364220 © NXP Semiconductors N.V. 2016. All rights reserved. 22 of 23 MF3D(H)x2 NXP Semiconductors MIFARE DESFire EV2 contactless multi-application IC 17. Contents 1 1.1 1.2 2 2.1 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.2 3 4 5 6 7 8 8.1 8.2 8.3 8.4 8.5 8.6 8.7 9 9.0.1 9.0.2 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9 10 11 12 13 13.1 General description . . . . . . . . . . . . . . . . . . . . . . 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Evolution of MIFARE DESFire products family. 2 Features and benefits . . . . . . . . . . . . . . . . . . . . 3 Features overview . . . . . . . . . . . . . . . . . . . . . . 3 RF interface: ISO/IEC 14443 Type A . . . . . . . . 3 Non-volatile memory. . . . . . . . . . . . . . . . . . . . . 3 NV-memory organization . . . . . . . . . . . . . . . . . 3 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 New features on MIFARE DESFire EV2. . . . . . 4 ISO/IEC 7816 compatibility . . . . . . . . . . . . . . . 4 Special features . . . . . . . . . . . . . . . . . . . . . . . . 4 Summary of key differences between MIFARE DESFire generations . . . . . . . . . . . . . . . . . . . . 5 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Quick reference data . . . . . . . . . . . . . . . . . . . . . 6 Ordering information . . . . . . . . . . . . . . . . . . . . . 7 Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Limiting values. . . . . . . . . . . . . . . . . . . . . . . . . . 8 Functional description . . . . . . . . . . . . . . . . . . . 9 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Contactless energy and data transfer. . . . . . . 10 Anti-collision . . . . . . . . . . . . . . . . . . . . . . . . . . 10 UID/serial number. . . . . . . . . . . . . . . . . . . . . . 11 Memory organization . . . . . . . . . . . . . . . . . . . 11 Available file types . . . . . . . . . . . . . . . . . . . . . 11 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 DESFire command set. . . . . . . . . . . . . . . . . . . 13 Secure Messaging Commands. . . . . . . . . . . . 13 Memory and Configuration Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Key Management Commands . . . . . . . . . . . . 13 Application Management Commands. . . . . . . 14 File Management Commands. . . . . . . . . . . . . 14 Data Management Commands. . . . . . . . . . . . 15 Transaction Management Commands . . . . . . 15 ISO/IEC 7816-4 Standard Commands . . . . . . 16 Virtual Card Commands . . . . . . . . . . . . . . . . . 16 Proximity Check Commands . . . . . . . . . . . . . 16 Originality Check Commands . . . . . . . . . . . . . 16 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . 17 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Revision history . . . . . . . . . . . . . . . . . . . . . . . . 19 Legal information. . . . . . . . . . . . . . . . . . . . . . . 20 Data sheet status . . . . . . . . . . . . . . . . . . . . . . 20 13.2 13.3 13.4 13.5 14 15 16 17 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . Contact information . . . . . . . . . . . . . . . . . . . . Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 20 21 21 21 22 22 23 Please be aware that important notices concerning this document and the product(s) described herein, have been included in section ‘Legal information’. © NXP Semiconductors N.V. 2016. All rights reserved. For more information, please visit: http://www.nxp.com For sales office addresses, please send an email to: [email protected] Date of release: 24 February 2016 364220