2 Features and benefits

2.1 Feature overview

2.1.1 RF interface: ISO/IEC 14443 Type A

• Contactless interface compliant with ISO/IEC 14443-2/3/4 A

• Contactless transmission protocol using ISO/IEC 14443-4

• Low Hmin enabling operating distance up to 100 mm (depending on power provided by the PCD and antenna

geometry)

• Fast data transfer: 106 kbit/s, 212 kbit/s, 424 kbit/s, 848 kbit/s

• Very High Bit Rate (VHBR): 1.7 Mbit/s and 3.4 Mbit/s - PICC to PCD only

• Configurable FSCI to support up to 256 bytes frame size

2.1.2 Non-volatile memory

• 2 kB, 4 kB or 8 kB standard memory sizes are available

• 16 kB memory size is available for applications requesting a large user memory size

• Data retention of 25 years

• Write endurance of typical 1 000 000 cycles

2.1.3 NV-memory organization and multi-application support

• Flexible application management on the IC

– Flexible file system offering the user free definition of application and file structures on the PICC

– Amount of applications is not limited: applications can be created as long as there is free user memory

available on the PICC

– Shared application management allows to access files from any two applications during a single transaction

if access rights are configured accordingly

• Flexible and dynamic file management inside the applications

– Amount of files per application is set to 32: up to 32 files can be created in each application

– Availability of 6 file types: Standard Data file, Backup Data file, Value file, Linear Record file, Cyclic Record

file and Transaction MAC file

– File size is determined during the file creation (exception for Transaction MAC file)

• Delegated Application Management feature allows smart management of multiple applications per

smartcard shared by different entities

– Memory can be re-used in delegated applications (via formatting the complete delegated application)

– Factory loaded NXP's Delegated Application Management (DAM) keys for a remote application

management service support

2.1.4 Security and Privacy

• Common Criteria certification: CC EAL6+ AVA_VAN.5 on Hardware and Software

• 7 bytes unique identifier (UID) for each device

• Optional 4 bytes random ID can be enabled, for enhanced security and privacy of the device

• Hardware exception sensors are in place

• Self-securing file system is implemented

• Symmetric cryptography features:

– Mutual AES-based three-pass authentication

– Flexible symmetric key management: One card master key and up to 14 application keys per application

key set

– Multiple key sets per application with fast key rolling mechanism (up to 16 key sets per application)

– Hardware AES co-processor supporting AES 128-bit keys or AES 256-bit keys

• Asymmetric cryptography features:

– Mutual and Reader-Unilateral ECC-based authentication

– Card-Unilateral ECC-based authentication

– Flexible certificate / asymmetric keypair management and certificate management:

– Up to two CA Public Keys at PICC level

– Up to five CA Public Keys per application

– Up to five private keys per application

– ECC key pair generation over NIST curve P-256 and brainpoolP256r1

– Hardware ECC co-processor supporting ECC 256-bit keys

– ECC based Originality Check feature ensures proof of genuine NXP products

• Access Rights Management:

– Multiple key assignment for each file access rights (up to eight)

– Unified access right management system allowing for mixed applications with symmetric- and asymmetricbased

authentication access control

• Secure Messaging:

– Secure channel with AES-based data encryption and data authenticity ensured by CMAC

– Authentication can be executed on card and on application level

• Security related features:

– Transaction MAC and Transaction Signature features are available for symmetric and asymmetric cases,

ensuring generating secure checksum / secure signature per application and executed transaction

– Transaction Timer feature is available to protect against Man-in-the-Middle attacks

– Proximity Check feature is offered for protection against Relay Attacks

• Originality Check feature ensuring authenticity of the product:

– Dynamic ECC based Originality Check to ensure proof of genuine NXP products

– MIFARE DUOX is pre-provisioned with an Originality Check ECC-based key pair and related certificate,

allowing the verification of the genuineness of the IC

– Executed via a card-unilateral authentication through a challenge-response protocol

2.1.5 ISO/IEC 7816 compatibility

• Supports ISO/IEC 7816-4 file structure (selection by File ID or by DF name)

• Supports ISO/IEC 7816-4 APDU message structure

• Supports ISO/IEC 7816-4 APDU wrapper for MF3E(H)x3 native commands

• Supports ISO/IEC 7816-4 INS code ‘A4’ for SELECT FILE

• Supports ISO/IEC 7816-4 INS code ‘B0’ for READ BINARY

• Supports ISO/IEC 7816-4 INS code ‘D6’ for UPDATE BINARY

• Supports ISO/IEC 7816-4 INS code ‘B2’ for READ RECORDS

• Supports ISO/IEC 7816-4 INS code ‘E2’ for APPEND RECORD

• Supports ISO/IEC 7816-4 INS code ‘84’ for GET CHALLENGE

• Supports ISO/IEC 7816-4 INS code ‘87’ for GENERAL AUTHENTICATE

• Supports ISO/IEC 7816-4 INS code ‘88’ for INTERNAL AUTHENTICATE

2.1.6 Special features

MF3E(H)x3 offers a wide variety of avaialble features that can be consumed and configured individually on

the IC. The flexibiliy of feature-availability allows a customization of the product according to the needs and

requirements of the customer.

• Various configuration options on the IC via the SetConfiguration command:

– Configurable ATS and contacltess protocol parameter (ATQA, SAK) configuration: Offering flexible NFC

parameter settings to fit the customer`s NFC reader infrastructure requirements

– Secure Messaging related configuration: Offering selection of authentication and secure messaging related

detail setting, including curve selection for asymmetric authentication protocol, optional asymmetric private

key usage limitation, and authentication counter setting

– Card and application level configuration: Offering specific settings to apply configurations for ISODFName,

VCIID, Capability Data, Application Default Keys, etc

– Communication channel configuration: Offering settings to define NFC, I2C and GPIO related detailed

settings (if applicable to the product type / product configuration, and if required)

• Inclusion of asymmetric cryptography to the product:

– Aditionally to the symmetric AES128 and AES256 functionality also ECC asymmetric cryptography is

supported

– Major functionality related to ECC is added to MF3E(H)x3 (e.g. ECC-based authentication, certificate

management, asymmetric key management, PKI functionality etc)

• Transaction Signature feature:

– Similar functionality offered as via the symmetric Transaction MAC feature which is consuming AES128

or AES256 symmetric crypto. Transaction Signature is based on asymmetric ECDSA signature which is

calculated on top the executed transaction, allowing for reduced security requirements on the reader / backend

infrastructure storage, as only a public key is required for validation

• Transaction Timer feature:

– Feature to prevent Man-in-the-Middle (MitM) attacks where the attacker delays the conclusion of a

transaction by keeping the card powered after it left the legitimate reader device

• Secure Unique NFC (SUN) enabled by Secure Dynamic Messaging (SDM) to ensure confidential and

integrity-protected data exchange without prior authentication. There are two flavors of the feature available

on MF3E(H)x3:

– Symmetric SDM MAC: data is protected by a MAC generated by a symmetric AES key

– Asymmetric SDM SIG: data is protected by a ECDSA signature generated by the private key of an ECC key

pair

– SUN / SDM allows adding security to the data that´s read out from the chip, while still being able to access it

with standard NDEF readers for NFC Forum Tag Type 4 formatted cards.

– The typical use case is an NDEF holding a URI and some meta-data, where SDM allows this meta-data to

be communicated confidentiality and integrity protected toward a backend server.

• NFC Forum Type 4 Tag certification of the IC, allowing to store NDEF Tag Type 4 formatted messages on

the IC, for an automated interaction when tapping the smartcard to an NFC enabled mobile device

• Product versions offering both the low input and high input capacitance versions (17 pF and 70 pF):

– Allowing to optimally tune smartcard IC antennas for any kind of form factor size and design (standard ID-1

sized smartcards or smaller form factors like wristbands, key fobs, tokens, etc)

• Compatibility to MIFARE DESFire products:

– MF3E(H)x3 is based on the same underlying file system concept as exisitng products in the MIFARE

DESFire product family. The concept of applications and files that can be created on the PICC is

backwards-compatible.

– MF3E(H)x3 is functional compatible to the AES-128 cryptographic mechanisms of the MIFARE DESFire

EV3 product. Support and compatibility for DES, 2K3DES and 3K3DES cryptographic mechanisms has

been disabled on MF3E(H)x3.

– Existing card layouts that are based on MIFARE DESFire EV3 utilizing AES-128 cryptography can be ported

to MIFARE DUOX.

• Compliancy to Automotive Industry regulations and requirements:

– Compliancy of MF3E(H)x3 to ISO / SAE 21434 cyber security regulations

– Compliancy to the MISRA-C coding standard

– Dedicated Automotive-like qualification on silicon level of MF3E(H)x3, which is based on a dedicated

qualification flow including cold test

– Support of an extended temperature range from -40 °C up to 105 °C operating condition on silicon level,

which is the perfect fit for automotive environments

– Fast ECC-based authentication for initial pairing between smartcard IC and vehicle

– Proximity Check feature as key functionality to prevent Relay Attacks in the automotive segment

• Compliancy to Electric Vehicle Charging (EV-Charging) Industry regulations and requirements:

– Utilizing PKI capability of MF3E(H)x3 for enabling interoperability between multiple CPOs and EMSPs

– Seamless feasibility to use one smartcard in multiple EV-Charging networks (tremendous end user benefit)

– Compliancy to the VDE-DKE regulation VDE-AR-E 2532-100 (support of required file structure and

command support for electric vehicle charging applications)

– Availability of the required command set to interact with EV-Charging stations as per the mentioned

guideline

– Provisioning of required card layout, application structure, configuration settings, asymmetric keypair

and certificate during the NXP Trust Provisioning process (available in a dedicated product type with

dedicated part number)