MF3ICDHQ101DUD/06V

MF3ICD(H)Q1 MIFARE DESFire EV1 256B contactless smartcard IC Rev. 3.0 — 5 November 2015 351330 Product short data sheet COMPANY PUBLIC 1. General description MIFARE DESFire EV1 256B (MF3ICD(H)Q1), is the future proof entry level product of the well-established MIFARE DESFire family and is addressing applications with low memory but high security and data integrity needs. The MIFARE DESFire EV1 256B offers the same security and file creation features as the higher memory family members (Ref. 1), but the number of applications and related files on this product is limited due to its small memory plot. This addresses the needs of account based systems and environments requiring only a limited set of applications. These applications include but are not limited to access management, public transport ticketing, loyalty schemes and closed-loop payment. It is fully compatible to all other members of the MIFARE DESFire EV1 family, offering the same fast and highly secure data transmission, and is fully interoperable with existing MIFARE DESFire infrastructure. All MIFARE DESFire products are based on open global standards for both air interface and implemented cryptographic methods. It is compliant to all 4 levels of ISO/IEC 14443A and uses optional ISO/IEC 7816-4 commands, features an on-chip backup management system and mutual three-pass authentication as well as encrypted communication. The size of each file is defined at the moment of its creation, provides an automatic anti-tear mechanism for all file types, guaranteeing transaction-oriented data integrity. Data transfer rates from up to 848 Kbit/s can be achieved, allowing for fast data transmission. The main characteristics of the MIFARE DESFire family are denoted by the name “DESFire”: “DES” indicates the high level of security using a hardware crypto co-processor for either 3DES or AES-based data processing. “Fire” indicates its outstanding position as a fast, innovative and highly reliable IC ideally suited to enable a wide variety of different applications. MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 2. Features and benefits 2.1 RF interface: ISO/IEC 14443 Type A  Contactless transmission of data and powered by the RF-field (no battery needed)  Operating distance: up to 100 mm (depending on power provided by the PCD and antenna geometry)  Operating frequency: 13.56 MHz  Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s  High data integrity: 16/32 bit CRC, parity, bit coding, bit counting  True deterministic anticollision  7 bytes unique identifier (cascade level 2 according to ISO/IEC 14443-3 and option for random ID)  Uses ISO/IEC 14443-4 protocol 2.2 ISO/IEC 7816 compatibility          Supports ISO/IEC 7816-3 APDU message structure Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE Supports ISO/IEC 7816-4 INS code ‘B0’ for READ BINARY Supports ISO/IEC 7816-4 INS code ‘D6’ for UPDATE BINARY Supports ISO/IEC 7816-4 INS code ‘B2’ for READ RECORDS Supports ISO/IEC 7816-4 INS code ‘E2’ for APPEND RECORD Supports ISO/IEC 7816-4 INS code ‘84’ for GET CHALLENGE Supports ISO/IEC 7816-4 INS code ‘88’ for INTERNAL AUTHENTICATE Supports ISO/IEC 7816-4 INS code ‘82’ for EXTERNAL AUTHENTICATE 2.3 Non-volatile memory  256 bytes application memory1, 2  Data retention of 10 years  Write endurance typical 500 000 cycles 2.4 NV-memory organization  Flexible file system  Number of applications and files per application depending on available memory  File types supported: standard data file, back-up data file, value file, linear record file and cyclic record file  File size is determined during creation 1. User application example: 1 Application, 2 AES keys, 1 Data file (256 bytes) 2. Also available in 2 KB, 4 KB and 8 KB. Refer to Ref. 1. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 2 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 2.5 Security              Based on the same Common Criteria EAL4+ certified MIFARE DESFire EV1 platform Unique 7 bytes serial number for each device Optional “RANDOM” ID for enhance security and privacy Mutual three-pass authentication Mutual authentication according to ISO/IEC 7816-4 1 card master key and up to 14 keys per application Hardware DES using 56/112/168 bit keys featuring key version, data authenticity by 8 byte CMAC Hardware AES using 128-bit keys featuring key version, data authenticity by 8 byte CMAC Data encryption on RF-channel Authentication on application level Hardware exception sensors Self-securing file system Backward compatibility to MF3ICD40: 4 byte MAC, CRC 16 2.6 Special features     Transaction-oriented automatic anti-tear mechanism Configurable ATS information for card personalization Backward compatibility mode to MF3ICD40 Optional high input capacitance (70 pF) for small form factor design (MF3ICDHQ1) 3. Applications        MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC Public transport ticketing: Account based or Single Journey ticketing High secure access management Hospitality Event ticketing Loyalty Gift cards Smart Visitor Badges (SVB) All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 3 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 4. Quick reference data Table 1. Quick reference data [1][2] Symbol Parameter Conditions fi input frequency input capacitance Ci Min Typ Max Unit - 13.56 - MHz MF3ICDQ1 [3][4] 14.96 17.0 19.04 pF MF3ICDHQ1 [3][4] 64.00 69.0 74.00 pF EEPROM characteristics tret retention time Tamb = 22 C 10 - - year Nendu(W) write endurance Tamb = 22 C 200000 500000 - cycle tcy(W) write cycle time Tamb = 22 C - 2.9 - ms [1] Stresses above one or more of the values may cause permanent damage to the device. [2] Exposure to limiting values for extended periods may affect device reliability. [3] Measured with LCR meter. [4] Tamb = 22 C; fi = 13.56 MHz; 2.8 V RMS 5. Ordering information Table 2. Ordering information Type number MF3ICDQ101DUD/06 Package Name Description Version FFC 8 inch wafer (sawn; 120 m thickness, on film - frame carrier; electronic fail die marking according to SECSII format); see Ref. 4, 256B EEPROM, 17 pF MF3ICDHQ101DUD/06 FFC 8 inch wafer (sawn; 120 m thickness, on film - frame carrier; electronic fail die marking according to SECSII format); see Ref. 4, 256B EEPROM, 70 pF MF3ICDQ101DUF/06 FFC 8 inch wafer (sawn; 75 m thickness, on film - frame carrier; electronic fail die marking according to SECSII format); see Ref. 4, 256B EEPROM, 17 pF MF3ICDHQ101DUF/06 FFC 8 inch wafer (sawn; 75 m thickness, on film - frame carrier; electronic fail die marking according to SECSII format); see Ref. 4, 256B EEPROM, 70 pF MF3MODQ101DA8/06 PLLMC[1] plastic leadless module carrier package; 35 mm SOT500-4 wide tape; see Ref. 5, 256B EEPROM, 17 pF MF3MODHQ101DA8/06 PLLMC[1] plastic leadless module carrier package; 35 mm SOT500-4 wide tape; see Ref. 5, 256B EEPROM, 70 pF [1] This package is also known as MOA8. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 4 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 6. Block diagram RF INTERFACE UART ISO/IEC 14443A TRUE RANDOM NUMBER GENERATOR CRYPTO CO-PROCESSOR SECURITY SENSORS POWER ON RESET CPU CRC VOLTAGE REGULATOR CLOCK INPUT FILTER ROM RESET GENERATOR RAM EEPROM 001aah878 Fig 1. Block diagram of MF3ICD(H)Q1 7. Limiting values Table 3. Limiting values [1][2] In accordance with the Absolute Maximum Rating System (IEC 60134). MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC Symbol Parameter II Min Max Unit input current - 30 mA Ptot/pack total power dissipation per package - 200 mW Tstg storage temperature 55 125 C Tamb ambient temperature 25 70 C 2 - kV 100 - mA VESD electrostatic discharge voltage Ilu latch-up current Conditions [3] [1] Stresses above one or more of the limiting values may cause permanent damage to the device. [2] Exposure to limiting values for extended periods may affect device reliability. [3] MIL Standard 883-C method 3015; human body model: C = 100 pF, R = 1.5 k. All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 5 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 8. Functional description 8.1 Contactless energy and data transfer In the MIFARE system, the MIFARE DESFire EV1 is connected to a coil consisting of a few turns embedded in a standard ISO/IEC smart card (see Ref. 7). A battery is not needed. When the card is positioned in the proximity of the PCD antenna, the high-speed RF communication interface allows data to be transmitted up to 848 kbit/s. 8.2 Anti-collision An intelligent anti-collision mechanism allows more than one MIFARE DESFire EV1 in the field to be handled simultaneously. The anti-collision algorithm selects each MIFARE DESFire EV1 individually and ensures that the execution of a transaction with a selected MIFARE DESFire EV1 is performed correctly without data corruption resulting from other MIFARE DESFire EV1s in the field. 8.3 UID/serial number The unique 7 byte (UID) is programmed into a locked part of the NV memory which is reserved for the manufacturer. Due to security and system requirements these bytes are write-protected after being programmed by the IC manufacturer at production time. According to ISO/IEC 14443-3 (see Ref. 11) during the first anti-collision loop the cascade tag returns a value of 88h and also the first 3 bytes of the UID, UID0 to UID2 and BCC. The second anti-collision loop returns bytes UID3 to UID6 and BCC. UID0 holds the manufacturer ID for NXP (04h) according to ISO/IEC 14443-3 and ISO/IEC 7816-6 AMD 1. MIFARE DESFire EV1 also allows Random ID to be used. In this case MIFARE DESFire EV1 only uses a single anti-collision loop. The 3 byte random number is generated after RF reset of the MIFARE DESFire EV1. 8.4 Memory organization MF3ICD(H)Q1 has 480 bytes of physical NV memory. The NV memory is organized using a flexible file system. This file system allows a limited number of different applications on one MIFARE DESFire EV1. Each application can have multiple files. Every application is represented by its 3 bytes Application IDentifier (AID). Five different file types are supported; see Section 8.5. A guideline to assign DESFire AIDs can be found in the application note MIFARE Application Directory (MAD); see Ref. 8. Each file can be created either at MIFARE DESFire EV1 initialization (card production/card printing), at MIFARE DESFire EV1 personalization (vending machine) or in the field. If a file or application becomes obsolete in operation, it can be permanently invalidated. Commands which have impact on the file structure itself (e.g. creation or deletion of applications, change of keys) activate an automatic rollback mechanism, which protects the file structure from being corrupted. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 6 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC If this rollback is necessary, it is done without user interaction before carrying out further commands. To ensure data integrity on application level, a transaction-oriented backup is implemented for all file types with backup. It is possible to mix file types with and without backup within one application. As the commands are the same with MF3ICD81, the command details are available in Ref. 1. Only the memory size is different between the devices. 8.5 Available file types The files within an application can be any of the following types: • • • • • Standard data files Backup data files Value files with backup Linear record files with backup Cyclic record files with backup 8.6 Security The 7 byte UID is fixed, programmed into each device during production. It cannot be altered and ensures the uniqueness of each device. The UID may be used to derive diversified keys for each ticket. Diversified MIFARE DESFire EV1 keys contribute to gain an effective anti-cloning mechanism and increase the security of the original key; see Ref. 6. Prior to data transmission a mutual three-pass authentication can be done between MIFARE DESFire EV1 and PCD depending on the configuration employing either 56-bit DES (single DES, DES), 112-bit DES (triple DES, 3DES), 168-bit DES (3 key triple DES, 3K3DES) or AES. During the authentication, the level of security of all further commands during the session is set. In addition, the communication settings of the file/application result in the following options of secure communication between MIFARE DESFire EV1 and PCD: • Plain data transfer (only possible within the backwards-compatible mode to MF3ICD40) • Plain data transfer with cryptographic checksum (MAC): Authentication with backwards-compatible mode to MF3ICD40: 4 byte MAC, all other authentications based on DES/3DES/AES: 8 byte CMAC • Encrypted data transfer (secured by CRC before encryption): Authentication with backwards-compatible mode to MF3ICD40: A 16-bit CRC is calculated over the stream and attached. The resulting stream is encrypted using the chosen cryptographic method. All other authentications-based DES/3DES/AES: A 32-bit CRC is calculated over the stream and attached. The resulting stream is encrypted using the chosen cryptographic method. Find more information on the security concept of the product in Ref. 1. Be aware not all levels of security are recommended. The recommended secure handling of the product can be seen in Ref. 2 and in Ref. 10. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 7 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 8.7 Product identification The MF3ICD(H)Q1 can be identified by using the Get Version command and observing the response frames as following: The first frame: contains hardware-related information: byte 1: 0x04 byte 2: 0x01 byte 3: 0x01 for 17 pF or 0x02 for 70 pF byte 4: 0x01 byte 5: 0x00 byte 6: 0x10 byte 7: 0x05 The second frame contains software-related information: byte 1: 0x04 byte 2: 0x01 byte 3: 0x01 byte 4: 0x01 byte 5: 0x05 byte 6: 0x10 byte 7: 0x05 MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 8 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 9. DESFire command set A detailed description of all commands is provided in Ref. 1. 9.1 ISO/IEC 14443-3 Table 4. ISO/IEC 14443-3 Command Description REQA REQA and ATQA are implemented fully according to ISO/IEC 14443-3 WUPA WUPA is implemented fully according to ISO/IEC 14443-3 ANTICOLLISION/SELECT Cascade Level 1 ANTICOLLISION and SELECT commands are implemented fully according to ISO/IEC 14443-3; the response is part 1 of the UID ANTICOLLISION/SELECT Cascade Level 2 ANTICOLLISION and SELECT commands are implemented fully according to ISO/IEC 14443-3; the response is part 2 of the UID HALT brings MIFARE DESFire EV1 to the HALT state 9.2 ISO/IEC 14443-4 Table 5. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC ISO/IEC 14443-4 Command Description RATS identifies the MIFARE DESFire EV1 type to the PCD PPS allows individual selection of the communication baud rate between PCD and MIFARE DESFire EV1; for DESFire it is possible to set different communication baud rates for each direction i.e. DESFire allows a non-symmetrical information interchange speed. WTX if the MIFARE DESFire EV1 needs more time than the defined FWT to respond to a PCD command it requests a Waiting Time eXtension (WTX) DESELECT allows MIFARE DESFire EV1 to be brought to the HALT state All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 9 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 9.3 MIFARE DESFire EV1 command set overview – security related commands Table 6. Security related commands Command Description Authenticate MIFARE DESFire EV1 and the reader device show in an encrypted way that they possess the same secret which especially means the same key; this not only confirms that both entities are permitted to perform operations on each other but also creates a session key which can be used to keep the further communication path secure; as the name “session key” implicitly indicates, each time a new authentication procedure is successfully completed a new key for further cryptographic operations is generated Change KeySettings changes the master key settings on MIFARE DESFire EV1 and application level Set Configuration configures the card and pre-personalizes the card with a key, defines if the UID or the random ID is sent back during communication setup and configures the ATS string Change Key changes any key stored on the MIFARE DESFire EV1 Get Key Version reads out the current key version of any key stored on the MIFARE DESFire EV1 Remark: All command and data frames are exchanged between MIFARE DESFire EV1 and PCD by using block format as defined in ISO/IEC 14443-4. 9.4 MIFARE DESFire EV1 command set overview – MIFARE DESFire EV1 level commands Table 7. Level commands Command Description Create Application creates new applications on the MIFARE DESFire EV1 Delete Application permanently deactivates applications on the MIFARE DESFire EV1 Get Applications IDs returns the Application IDentifiers of all applications on a MIFARE DESFire EV1 Free Memory returns the free memory available on the card GetDFNames returns the DF names Get KeySettings gets information on the MIFARE DESFire EV1 and application master key settings; in addition it returns the maximum number of keys which are configured for the selected application Select Application selects one specific application for further access FormatPICC releases the MF3ICD(H)Q1 user memory Get Version returns manufacturing related data of the MIFARE DESFire EV1 GetCardUID returns the UID Remark: All command and data frames are exchanged between MIFARE DESFire EV1 and PCD by using block format as defined in ISO/IEC 14443-4. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 10 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 9.5 MIFARE DESFire EV1 command set overview – application level commands Table 8. Application level commands Command Description Get FileIDs returns the File IDentifiers of all active files within the currently selected application Get FileSettings gets information on the properties of a specific file Change FileSettings changes the access parameters of an existing file Create StdDataFile creates files for the storage of plain unformatted user data within an existing application on the MIFARE DESFire EV1 Create BackupDataFile creates files for the storage of plain unformatted user data within an existing application on the MIFARE DESFire EV1, additionally supporting the feature of an integrated backup mechanism Create ValueFile creates files for the storage and manipulation of 32-bit signed integer values within an existing application on the MIFARE DESFire EV1 Create LinearRecordFile creates files for multiple storage of similar structural data, for example, loyalty programs within an existing application on the MIFARE DESFire EV1; once the file is filled completely with data records, further writing to the file is not possible unless it is cleared Create CyclicRecordFile creates files for multiple storage of similar structural data, for example, logging transactions within an existing application on the MIFARE DESFire EV1; once the file is filled completely with data records, the MIFARE DESFire EV1 automatically overwrites the oldest record with the latest written one (this wrap is fully transparent for the PCD) DeleteFile permanently deactivates a file within the file directory of the currently selected application Remark: All command and data frames are exchanged between MIFARE DESFire EV1 and PCD by using block format as defined in ISO/IEC 14443-4. 9.6 MIFARE DESFire EV1 command set overview – data manipulation commands Table 9. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC Data manipulation commands Command Description Read Data reads data from Standard Data files or Backup Data files Write Data writes data to Standard Data files or Backup Data files Get Value reads the currently stored value from Value files Credit increases a value stored in a Value file Debit decreases a value stored in a Value file Limited Credit allows a limited increase of a value stored in a Value file without having full Credit permissions to the file Write Record writes data to a record in a Cyclic or Linear Record file Read Records reads out a set of complete records from a Cyclic or Linear Record file All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 11 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC Table 9. Data manipulation commands …continued Command Description Clear RecordFile resets a Cyclic or Linear Record file to empty state Commit Transaction validates all previous write accesses on Backup Data files, Value files and Record files within one application Abort Transaction invalidates all previous write accesses on Backup Data files, Value files and Record files within one application Remark: All command and data frames are exchanged between MIFARE DESFire EV1 and PCD by using block format as defined in ISO/IEC 14443-4. 9.7 MIFARE DESFire EV1 command set - ISO/IEC 7816 APDU commands The MIFARE DESFire EV1 provides the following commands according to ISO/IEC 7816-4: – INS code ‘A4’ SELECT – INS code ‘B0’ READ BINARY – INS code ‘D6’ UPDATE BINARY – INS code ‘B2’ READ RECORDS – INS code ‘E2’ APPEND RECORD – INS code ‘84’ GET CHALLENGE – INS code ‘88’ INTERNAL AUTHENTICATE – INS code ‘82’ EXTERNAL AUTHENTICATE 9.7.1 ISO/IEC 7816-4 APDU message structure DESFire supports the APDU message structure according to ISO/IEC 7816-4 for: – an optional wrapping of the native DESFire APDU format – additionally implemented ISO/IEC 7816-4 commands Find more information on the ISO/IEC 7816-4 commands in Ref. 1. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 12 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 10. Abbreviations Table 10. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC Abbreviations Acronym Description AES Advanced Encryption Standard AID Application IDentifier APDU Application Protocol Data Unit ATS Answer to Select CC Common Criteria CMAC Cryptic Message Authentication Code CRC Cyclic Redundancy Check DES Digital Encryption Standard DF Dedicated File EAL Evaluation Assurance Level EEPROM Electrically Erasable Programmable Read-Only Memory FWT Frame Waiting Time ID IDentifier INS Instructions LCR inductance, Capacitance, Resistance MAC Message Authentication Code MAD MIFARE Application Directory NV Non-Volatile Memory PCD Proximity Coupling Device PPS Protocol Parameter Selection RATS Request Answer To Select REQA Request Answer RF Radio Frequency UID Unique IDentifier WTX Waiting Time eXtension WUPA Wake Up Protocol A All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 13 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 11. References [1] Data sheet — MF3ICD81 MIFARE DESFire EV1 Functional Specification, document number: 13403**3. [2] Data sheet — MF3ICD81 Guidance, Delivery and Operation Manual, document number: 1469**. [3] Data sheet — Specification addendum MF3ICD81, document number: 1673**. [4] Data sheet — MF3ICD8101 Sawn bumped 120 m wafer addendum, document number: 1318**. [5] Data sheet — MF3MOD81 Contactless chip card module, document number: 1439**. [6] Application note — MIFARE DESFire - Implementation hints and examples, document number: 0945**. [7] Application note — Card Coil Design Notes for MIFARE DESFire EV1, document number: 1713**. [8] Application note — MIFARE Application Directory, document number: 0018**. [9] Application note — MIFARE ISO/IEC 14443 PICC Selection, document number: 1308**. [10] Application note — End to end system security risk considerations for implementing contactless cards, document number: 1550**. [11] ISO/IEC Standard — ISO/IEC 14443 Identification cards - Contactless integrated circuit cards - Proximity cards. 3. ** ... BU-ID document version number MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 14 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 12. Revision history Table 11. Revision history Document ID Release date MF3ICDQ1_MF3ICDHQ1_ 20151105 SDS MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC Data sheet status Change notice Supersedes Product short data sheet - - All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 15 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 13. Legal information 13.1 Data sheet status Document status[1][2] Product status[3] Definition Objective [short] data sheet Development This document contains data from the objective specification for product development. Preliminary [short] data sheet Qualification This document contains data from the preliminary specification. Product [short] data sheet Production This document contains the product specification. [1] Please consult the most recently issued document before initiating or completing a design. [2] The term ‘short data sheet’ is explained in section “Definitions”. [3] The product status of device(s) described in this document may have changed since this document was published and may differ in case of multiple devices. The latest product status information is available on the Internet at URL http://www.nxp.com. 13.2 Definitions Draft — The document is a draft version only. The content is still under internal review and subject to formal approval, which may result in modifications or additions. NXP Semiconductors does not give any representations or warranties as to the accuracy or completeness of information included herein and shall have no liability for the consequences of use of such information. Short data sheet — A short data sheet is an extract from a full data sheet with the same product type number(s) and title. A short data sheet is intended for quick reference only and should not be relied upon to contain detailed and full information. For detailed and full information see the relevant full data sheet, which is available on request via the local NXP Semiconductors sales office. In case of any inconsistency or conflict with the short data sheet, the full data sheet shall prevail. Product specification — The information and data provided in a Product data sheet shall define the specification of the product as agreed between NXP Semiconductors and its customer, unless NXP Semiconductors and customer have explicitly agreed otherwise in writing. In no event however, shall an agreement be valid in which the NXP Semiconductors product is deemed to offer functions and qualities beyond those described in the Product data sheet. 13.3 Disclaimers Limited warranty and liability — Information in this document is believed to be accurate and reliable. However, NXP Semiconductors does not give any representations or warranties, expressed or implied, as to the accuracy or completeness of such information and shall have no liability for the consequences of use of such information. NXP Semiconductors takes no responsibility for the content in this document if provided by an information source outside of NXP Semiconductors. In no event shall NXP Semiconductors be liable for any indirect, incidental, punitive, special or consequential damages (including - without limitation - lost profits, lost savings, business interruption, costs related to the removal or replacement of any products or rework charges) whether or not such damages are based on tort (including negligence), warranty, breach of contract or any other legal theory. Notwithstanding any damages that customer might incur for any reason whatsoever, NXP Semiconductors’ aggregate and cumulative liability towards customer for the products described herein shall be limited in accordance with the Terms and conditions of commercial sale of NXP Semiconductors. Right to make changes — NXP Semiconductors reserves the right to make changes to information published in this document, including without limitation specifications and product descriptions, at any time and without notice. This document supersedes and replaces all information supplied prior to the publication hereof. MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC Suitability for use — NXP Semiconductors products are not designed, authorized or warranted to be suitable for use in life support, life-critical or safety-critical systems or equipment, nor in applications where failure or malfunction of an NXP Semiconductors product can reasonably be expected to result in personal injury, death or severe property or environmental damage. NXP Semiconductors and its suppliers accept no liability for inclusion and/or use of NXP Semiconductors products in such equipment or applications and therefore such inclusion and/or use is at the customer’s own risk. Applications — Applications that are described herein for any of these products are for illustrative purposes only. NXP Semiconductors makes no representation or warranty that such applications will be suitable for the specified use without further testing or modification. Customers are responsible for the design and operation of their applications and products using NXP Semiconductors products, and NXP Semiconductors accepts no liability for any assistance with applications or customer product design. It is customer’s sole responsibility to determine whether the NXP Semiconductors product is suitable and fit for the customer’s applications and products planned, as well as for the planned application and use of customer’s third party customer(s). Customers should provide appropriate design and operating safeguards to minimize the risks associated with their applications and products. NXP Semiconductors does not accept any liability related to any default, damage, costs or problem which is based on any weakness or default in the customer’s applications or products, or the application or use by customer’s third party customer(s). Customer is responsible for doing all necessary testing for the customer’s applications and products using NXP Semiconductors products in order to avoid a default of the applications and the products or of the application or use by customer’s third party customer(s). NXP does not accept any liability in this respect. Limiting values — Stress above one or more limiting values (as defined in the Absolute Maximum Ratings System of IEC 60134) will cause permanent damage to the device. Limiting values are stress ratings only and (proper) operation of the device at these or any other conditions above those given in the Recommended operating conditions section (if present) or the Characteristics sections of this document is not warranted. Constant or repeated exposure to limiting values will permanently and irreversibly affect the quality and reliability of the device. Terms and conditions of commercial sale — NXP Semiconductors products are sold subject to the general terms and conditions of commercial sale, as published at http://www.nxp.com/profile/terms, unless otherwise agreed in a valid written individual agreement. In case an individual agreement is concluded only the terms and conditions of the respective agreement shall apply. NXP Semiconductors hereby expressly objects to applying the customer’s general terms and conditions with regard to the purchase of NXP Semiconductors products by customer. No offer to sell or license — Nothing in this document may be interpreted or construed as an offer to sell products that is open for acceptance or the grant, conveyance or implication of any license under any copyrights, patents or other industrial or intellectual property rights. All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 16 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC Export control — This document as well as the item(s) described herein may be subject to export control regulations. Export might require a prior authorization from competent authorities. Translations — A non-English (translated) version of a document is for reference only. The English version shall prevail in case of any discrepancy between the translated and English versions. Quick reference data — The Quick reference data is an extract of the product data given in the Limiting values and Characteristics sections of this document, and as such is not complete, exhaustive or legally binding. 13.4 Licenses Non-automotive qualified products — Unless this data sheet expressly states that this specific NXP Semiconductors product is automotive qualified, the product is not suitable for automotive use. It is neither qualified nor tested in accordance with automotive testing or application requirements. NXP Semiconductors accepts no liability for inclusion and/or use of non-automotive qualified products in automotive equipment or applications. In the event that customer uses the product for design-in and use in automotive applications to automotive specifications and standards, customer (a) shall use the product without NXP Semiconductors’ warranty of the product for such automotive applications, use and specifications, and (b) whenever customer uses the product for automotive applications beyond NXP Semiconductors’ specifications such use shall be solely at customer’s own risk, and (c) customer fully indemnifies NXP Semiconductors for any liability, damages or failed product claims resulting from customer design and use of the product for automotive applications beyond NXP Semiconductors’ standard warranty and NXP Semiconductors’ product specifications. ICs with DPA Countermeasures functionality NXP ICs containing functionality implementing countermeasures to Differential Power Analysis and Simple Power Analysis are produced and sold under applicable license from Cryptography Research, Inc. 13.5 Trademarks Notice: All referenced brands, product names, service names and trademarks are the property of their respective owners. MIFARE — is a trademark of NXP Semiconductors N.V. DESFire — is a trademark of NXP Semiconductors N.V. 14. Contact information For more information, please visit: http://www.nxp.com For sales office addresses, please send an email to: salesaddresses@nxp.com MF3ICD(H)Q1 Product short data sheet COMPANY PUBLIC All information provided in this document is subject to legal disclaimers. Rev. 3.0 — 5 November 2015 351330 © NXP Semiconductors N.V. 2015. All rights reserved. 17 of 18 MF3ICD(H)Q1 NXP Semiconductors MIFARE DESFire EV1 256B contactless smartcard IC 15. Contents 1 2 2.1 2.2 2.3 2.4 2.5 2.6 3 4 5 6 7 8 8.1 8.2 8.3 8.4 8.5 8.6 8.7 9 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.7.1 10 11 12 13 13.1 13.2 13.3 13.4 13.5 14 General description . . . . . . . . . . . . . . . . . . . . . . 1 Features and benefits . . . . . . . . . . . . . . . . . . . . 2 RF interface: ISO/IEC 14443 Type A . . . . . . . . 2 ISO/IEC 7816 compatibility . . . . . . . . . . . . . . . 2 Non-volatile memory. . . . . . . . . . . . . . . . . . . . . 2 NV-memory organization . . . . . . . . . . . . . . . . . 2 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Special features . . . . . . . . . . . . . . . . . . . . . . . . 3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Quick reference data . . . . . . . . . . . . . . . . . . . . . 4 Ordering information . . . . . . . . . . . . . . . . . . . . . 4 Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Limiting values. . . . . . . . . . . . . . . . . . . . . . . . . . 5 Functional description . . . . . . . . . . . . . . . . . . . 6 Contactless energy and data transfer. . . . . . . . 6 Anti-collision . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 UID/serial number. . . . . . . . . . . . . . . . . . . . . . . 6 Memory organization . . . . . . . . . . . . . . . . . . . . 6 Available file types . . . . . . . . . . . . . . . . . . . . . . 7 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Product identification . . . . . . . . . . . . . . . . . . . . 8 DESFire command set. . . . . . . . . . . . . . . . . . . . 9 ISO/IEC 14443-3 . . . . . . . . . . . . . . . . . . . . . . . 9 ISO/IEC 14443-4 . . . . . . . . . . . . . . . . . . . . . . . 9 MIFARE DESFire EV1 command set overview – security related commands. . . . . . . . . . . . . . . 10 MIFARE DESFire EV1 command set overview – MIFARE DESFire EV1 level commands . . . . . 10 MIFARE DESFire EV1 command set overview – application level commands . . . . . . . . . . . . . . 11 MIFARE DESFire EV1 command set overview – data manipulation commands. . . . . . . . . . . . . 11 MIFARE DESFire EV1 command set - ISO/IEC 7816 APDU commands . . . . . . . . . . . . . . . . . 12 ISO/IEC 7816-4 APDU message structure. . . 12 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . 13 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Revision history . . . . . . . . . . . . . . . . . . . . . . . . 15 Legal information. . . . . . . . . . . . . . . . . . . . . . . 16 Data sheet status . . . . . . . . . . . . . . . . . . . . . . 16 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Trademarks. . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Contact information. . . . . . . . . . . . . . . . . . . . . 17 15 Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Please be aware that important notices concerning this document and the product(s) described herein, have been included in section ‘Legal information’. © NXP Semiconductors N.V. 2015. All rights reserved. For more information, please visit: http://www.nxp.com For sales office addresses, please send an email to: salesaddresses@nxp.com Date of release: 5 November 2015 351330