NXP Semiconductors
MF3D(H)x2
MIFARE DESFire EV2 contactless multi-application IC
MF3Dx2_MF3DHx2_SDS All information provided in this document is subject to legal disclaimers. © NXP B.V. 2018. All rights reserved.
Product short data sheet Rev. 3.1 — 17 May 2018
COMPANY PUBLIC 364231 13 / 27
MIFARE DESFire EV2 also allows Random ID to be used. In this case MIFARE DESFire
EV2 only uses a single anti-collision loop. The 3 byte random number is generated after
RF reset of the MIFARE DESFire EV2.
8.5 Memory organization
The NV memory is organized using a flexible file system. This file system allows a
multiple number of different applications on one MIFARE DESFire EV2. Each application
can have multiple files. Every application is represented by its 3 bytes Application
IDentifier (AID) and an optional ISO DF Name.
5 different data file types and 1 Transaction MAC file type are supported; see Section
8.6.
A guideline to assign DESFire AIDs can be found in the application note MIFARE
Application Directory (MAD); see [3].
Each file can be created either at MIFARE DESFire EV2 initialization (card production/
card printing), at MIFARE DESFire EV2 personalization (vending machine) or in the field.
If a file or application becomes obsolete in operation, it can be permanently invalidated.
Commands which have impact on the file structure itself (e.g. creation or deletion of
applications, change of keys) activate an automatic rollback mechanism, which protects
the file structure from being corrupted.
If this rollback is necessary, it is done without user interaction before carrying out further
commands. To ensure data integrity on application level, a transaction-oriented backup is
implemented for all file types with backup. It is possible to mix file types with and without
backup within one application.
8.6 Available file types
The files within an application can be any of the following types:
• Standard data files
• Backup data files
• Value files with backup
• Linear record files with backup
• Cyclic record files with backup
• Transaction MAC file
8.7 Security
The 7 byte UID is fixed, programmed into each device during production. It cannot be
altered and ensures the uniqueness of each device.
The UID may be used to derive diversified keys for each ticket. Diversified MIFARE
DESFire EV2 keys contribute to gain an effective anti-cloning mechanism and increase
the security of the original key.
Prior to data transmission a mutual three pass authentication can be done between
MIFARE DESFire EV2 and PCD depending on the configuration employing either 56-bit
DES (single DES, DES), 112-bit DES (triple DES, 3DES), 168-bit DES (3 key triple DES,
3K3DES) or AES. During the authentication the level of security of all further commands