As the next generation of NXP’s MIFARE Plus product family, the MIFARE Plus EV2 IC is designed to be both a gateway for new Smart City applications and a compelling upgrade, in terms of security and connectivity, for existing deployments. Its expanded feature set makes it a great choice for contactless Smart City services:
- Security-level concept for seamless migration from legacy infrastructures to high-level SL3 security
- Transaction MAC on Data and Value Blocks to prove genuineness of transaction towards backend system
- AES 128-bit cryptography for authentication and secure messaging
- Transaction Timer to mitigate man-in-the-middle attacks
- IC hardware and software certification according to Common Criteria EAL 5+
Product Details
Block Diagram
MIFARE Plus EV2 block diagram
Features
RF interface: ISO/IEC 14443 Type A
- Contactless interface compliant with ISO/IEC 14443-2/3 A
- Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna geometry)
- Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s
- 7 bytes unique identifier (option for Random ID), 4-byte NUID
- Uses ISO/IEC 14443-4 transmission protocol
- Configurable FSCI to support up to 256 bytes frame size
Non-volatile memory
- 2 kB, 4 kB
- Data retention of 25 years
- Write endurance typical 1 000 000 cycles
- Fast programming cycles
NV-memory organization
- Organized in sectors and blocks, backwards compatible to MIFARE Classic and MIFARE Plus memory organization
- MF1P(H)22 is organized in 32 sectors of 4 blocks
- MF1P(H)42 is organized in 32 sectors of 4 blocks and in addition 8 sectors of 16 blocks
- Block 0 of sector 0 stores the write protected NXP manufacturer data of the IC
- Each sector has a sector trailer that stores the access conditions and keys of the blocks within the sector
- Blocks can be used to store data or values
Security and Privacy
- Common Criteria certification: EAL5+ (Hardware and Software)
- Unique 7 bytes serial number for each device
- Optional “RANDOM” ID for enhanced security and privacy
- Mutual three-pass authentication
- Mutual authentication according to ISO/IEC 7816-4
- Hardware AES using 128-bit keys
- Data authenticity by 8 byte CMAC
- Data encryption on RF-channel
- Authentication on sector level
- Hardware exception sensors
- Transaction MAC to proof a transaction is genuine towards the backend system
- Virtual Card Architecture for enhanced card/application selection on multi-VC devices with privacy protection
- Proximity Check for protection against Relay Attacks
- Originality Check for proof of genuine NXP’s product
ISO/IEC 7816 compatibility
- Supports ISO/IEC 7816-4 APDU message structure
- Supports ISO/IEC 7816-4 APDU wrapper for MIFARE Plus native commands
- Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE
- Supports ISO/IEC 7816-4 INS code ’82’ for EXTERNAL AUTHENTICATE
Special features
- Flexible migration to secure AES-128 authentication and messaging at sector or chip level in SL1SL3MixMode
- Secure end-to-end communication channel for over-the-air services such as mobile top-up of smart cards and deployment of MIFARE 2GO (mobile services) in SL3
- Access rights division between SL1 and SL3 to restrict update operations
- Transaction-oriented automatic anti-tear mechanism with new transaction timer support
- Configurable ATS information for card personalization
- Backward compatibility mode to MIFARE Plus EV1, X, S and SE as well MIFARE Classic
- User-programmable activation parameters (SAK and ATQA) for preliminary migration of all security levels (SL0, SL1 and SL3) in MIFARE Classic product-based infrastructures
- Optional high input capacitance (70 pF) for small form factor designs (MF1PHx2)
Part numbers include: MF1P2200DA4, MF1P2200DA8, MF1P2201DUD, MF1P2230DA4, MF1P2230DA8, MF1P2231DUD, MF1P4200DA4, MF1P4200DA8, MF1P4201DUD, MF1P4230DA4, MF1P4230DA8, MF1P4231DUD, MF1PH2200DA4, MF1PH2200DA8, MF1PH2201DUD, MF1PH2230DA4, MF1PH2230DA8, MF1PH2231DUD, MF1PH4200DA4, MF1PH4200DA8, MF1PH4201DUD, MF1PH4230DA4, MF1PH4230DA8, MF1PH4231DUD.
Comparison Table
| Memory | MIFARE Plus EV2 | MIFARE Plus X |
|---|---|---|
| Memory configuration | Block/sector structure | Block/sector structure |
| Memory size | 2 kB / 4 kB | 2 kB / 4 kB |
| ISO/IEC | ISO/IEC 14443 A 1-4 ISO/IEC 7816 | ISO/IEC 14443 A 1-4 ISO/IEC 7816 |
| UID/ONUID | 7B UID or 4 B ONUID | 7B UID or 4 B ONUID |
| Data rates | Up to 848 kbps according to ISO/IEC 14443-4 | Up to 848 kbps according to ISO/IEC 14443-4 |
| Algorithm | AES 128-bit, secure messaging, legacy Crypto1 | AES 128-bit, secure messaging, legacy Crypto1 |
| Security Level concept | Sector-by-Sector or card | Card only |
| SL1SL3MixMode | Secure backend connection into SL1 sectors | – |
| Transaction MAC (TMAC) | Secure validation of back-end transaction | – |
| Transaction Timer | Mitigate man-in-the-middle attacks | – |
| Common Criteria certification | EAL5+ for IC HW and SW | EAL4+ for IC HW and SW |
Applications
Smart City
- Access Management
- Closed loop payments
- Loyalty
- Smart Lock
- Transport Ticketing