NXP Semiconductors
MF1P(H)x1y1
MIFARE Plus EV1
MF1P(H)x1y1 All information provided in this document is subject to legal disclaimers. © NXP B.V. 2018. All rights reserved.
Product short data sheet Rev. 3.0 — 23 July 2018
COMPANY PUBLIC 366930 8 / 27
With the implemented Virtual Cards (VCs) concept, a Proximity Device (PD), e.g. the
Secure Element in a mobile phone, can hold multiple VCs. With having multiple VCs in a
single device there are several requirements:
1. It must be determined how the appropriate VC to use gets selected, in other words
how a specific VC is to be presented at a given moment.
2. Privacy considerations need to be maintained. When a device can be freely
interrogated about its UID, VC specific information (like implementation, file layout, ...)
or even only to what installations the supported VCs belong, this data or the
combination of a subset of it would make it possible to track a person from location to
location. Furthermore, the combination of VCs could reveal a category of persons.
3. Performance and ease of use. The selection of the appropriate VC must be done fast,
in order to increase transaction times only minimally.
4. Compliancy and portability to existing Card OSes supporting application selection
methods on secure chip technologies, as defined by Java Card and GlobalPlatform.
The Virtual Card Architecture as implemented on the MF1P(H)x1y1 has the following
benefits:
• Fast VC selection is possible by issuing a single ISOSelect command as defined by
ISO/IEC 7816-4
• If Random ID is used, the UID can be retrieved in a very fast and secure way from the
VC using ISOSelect and ISOExternalAuthenticate
• Detect whether a VC belongs to certain installation and do so fast and privacy friendly
• Proximity Check may also be enforced via a configuration, giving additionally protection
against relay attacks
• Exchange capabilities, e.g. a key-set version indication together with the fast retrieval
of the UID.
8.3 Proximity check
The Proximity Check is used in conjunction with the Virtual Card Architecture, see
Section 8.2. It can also be used afterwards. It allows the PCD to verify whether the PICC
is within a certain physical proximity.
MF1P(H)x1y1 enables ISO/IEC 7816-4 compliant Proximity Check by supporting
wrapping of the native Proximity Check commands into ISO/IEC 7816-4 compliant
APDUs, as outlined in Section 8.6.3.
The SL3 and SL1 after ISO/IEC 14443-4 activation offers the Proximity Check function
which protect the PICC from relay attacks by measurement of the round trip time of
a challenge-response interaction. If an attacker wants to mount a relay attack, then
he necessarily introduces delays. Depending on how large the delays are, they may
be detected. The accuracy of the time measurement and the residual relay attack
window that remains is dependent on the intrinsic latency of the PICC as well as of the
implementation of the reader.
8.4 AES Secure Messaging
8.4.1 AES security concept
A MIFARE Plus transaction includes a set of operations from card activation,
authentication to the reading and changing of data on the card. Each interaction with data