Eindhoven, Netherlands, – NXP Semiconductors N.V. (Nasdaq: NXPI) today announced that its MIFARE DESFire™ EV1 contactless microcontroller IC has been chosen to power the Automatic Fare Collection (AFC) scheme of Madrid’s public transportation system. Operated by the Consorcio Regional de Transportes de Madrid (CRTM), the public transportation system covers the city’s urban metro, bus network and suburban rail network, which is run by more than 50 different private operators. In total, more than 1.8 billion journeys are taken across the network annually, and migrating to contactless AFC will enable the consortium to offer an improved service to its passengers.

Based on MIFARE DESFire EV1, NXP’s contactless IC technology will be used to drive all season tickets including subsidized travel tickets for younger and retired passengers. NXP’s MIFARE DESFire EV1 is one of the most secure solutions for smartcards on the market today, offering fast read rates and advanced security features, which make it the ideal solution for transport ticket schemes, access management and identity applications. 

MIFARE DESFire is an open architecture platform for end-to-end solutions offering the flexibility and security necessary for a state of the art fare collection system. The platform has been proven in many cities worldwide including London, New Delhi and Nanjing. It is important that innovative multi-application services can be added seamlessly onto the platform, such as banking convergence cards through the MIFARE DESFire EV1 implementations on payment cards or NFC applications on mobile phones. In the open architecture platform of MIFARE, these services are enabled by a wide range of supporting products from licensed partners. 

“The ability of MIFARE DESFire to integrate security systems based on 3-DES and AES, and its evolution to more advanced products (like the MIFARE DESFire EV1), have been some of the reasons, among others, that have determined the choice of this product by CRTM as the technology for their tickets” said Antonio Rubio Fernández, Jefe del Área de Innovación Tecnológica, Consorcio Regional de Transportes de Madrid. 

Madrid’s new contactless ticketing operation is serving a population of over 5.2 million people and many tourists and business travelers. It offers increased benefits to both passengers and the CRTM alike. Typically contactless terminals and checkpoint gates offer increased performance, improving embarkation and disembarkation speeds, helping improve the overall passenger experience. In addition, the creation of a new contactless-based AFC solution will enable the development of new fare systems, benefiting both residents and visitors to Madrid. 

“This is a huge milestone for NXP. Madrid is the continent’s third largest city, so this is a significant testament to the capabilities of this product,” said Henri Ardevol, Vice President and General Manager of Secure Transactions, NXP Semiconductors. “Due to the size of Madrid’s public transportation systems, CRTM wanted to deploy the most secure and scalable contactless AFC solution possible. As a result, our solution was required to undergo rigorous testing and piloting to ensure it fully met the needs of the consortium, thus demonstrating the superior features and security we’ve built into this product.”

MIFARE DESFire EV1 has been designed for systems integrators looking for leading security features and wanting to combine multiple applications in one contactless smartcard. The product is based upon open global standards for both air interfaces and cryptographic methods. In addition to offering data transfer rates of up to 848 kbit/s, MIFARE DESFire utilizes a Triple DES, 3K DES, and AES hardware cryptographic engine for securing the data on the smartcards and data during transmission.

After rigorous testing and careful evaluation, NXP’s MIFARE DESFire EV1 smart card technology has received Common Criteria certification from the German Federal Office of Information Security. It is the first automatic fare collection (AFC) product to achieve the Evaluation Assurance Level (EAL) 4+ rating for security.

MIFARE DESFire EV1, the world’s first fully integrated solution on the market, is already used in many public transportation networks around the world, including New Delhi, Melbourne, Oslo, Seattle, and the Sube-T system in Madrid.

 The Madrid public transport network, for example, is one of largest and most complex infrastructure in the world, carrying more than 1.6 billion passengers a year across more than 40 different operators. The network includes urban buses, an underground metro system, and inter-urban trains. Using MIFARE DESFire EV1 for contactless ticketing gives passengers a very convenient way to navigate the entire system, and gives them the confidence of full security. 

The Common Criteria certification validates that the promised security features are, in fact, implemented correction, and verifies the claim of providing “high resistance” against attacks. Certification is a stamp of assurance that lets system integrators compare the security quality of similar products on the market. The process also helps define the robustness of the solution over its full product life, from IC production and usage to disposal of the card. 

The DESFire EV1 product is the first AFC solution to be protected against both physical and logical security attacks. As part of the independent review, the key security elements of the DESFire EV1, including cryptography, random number generation, and operating system were fully audited to ensure comprehensive protection. Moreover, as this evaluation has been conducted to ensure compliance to the standard Protection Profile for Smart Card ICs (BSI-PP-0002-2001), the product also fulfils security requirements for banking and eGovernment applications.

Key features of the MIFARE DESFire EV1

  • Fully ISO / IEC 14443 A 1-4 compliant
  • Anti-collision
  • Unique 7-byte serial number (ISO cascade level 2) and Random IDs
  • High data rates according to ISO / IEC 14443-4: up to 848 Kbit/s
  • Secure, high speed command set
  • 2K bytes, 4K bytes and 8K bytes EEPROM with fast programming
  • Flexible file structure for multiple applications
  • Choice of open DES/3DES/3K3DES/AES crypto algorithm with hardware co-processor

Contactless energy and data transfer:
In the MIFARE system, the MIFARE DESFire EV1 is connected to a coil consisting of a few turns embedded in a standard ISO/IEC smart card. A battery is not needed. When the card is positioned in the proximity of the PCD antenna, the high speed RF communication interface allows data to be transmitted up to 848 kbit/s.

An intelligent anti-collision mechanism allows more than one MIFARE DESFire EV1 in the field to be handled simultaneously. The anti-collision algorithm selects each MIFARE DESFire EV1 individually and ensures that the execution of a transaction with a selected MIFARE DESFire EV1 is performed correctly without data corruption resulting from other MIFARE DESFire EV1s in the field.

UID/serial number:
The unique 7 byte (UID) is programmed into a locked part of the NV memory which is reserved for the manufacturer. Due to security and system requirements these bytes are write-protected after being programmed by the IC manufacturer at production time.According to ISO/IEC 14443-3 (see Ref. 12) during the first anti-collision loop the cascade
tag returns a value of 88h and also the first 3 bytes of the UID, UID0 to UID2 and BCC.The second anti-collision loop returns bytes UID3 to UID6 and BCC.

UID0 holds the manufacturer ID for NXP (04h) according to ISO/IEC 14443-3 and ISO/IEC 7816-6 AMD 1.

MIFARE DESFire EV1 also allows Random ID to be used. In this case MIFARE DESFire EV1 only uses a single anti-collision loop. The 3 byte random number is generated after RF reset of the MIFARE DESFire EV1.

Memory organization:
The 2/4/8 KB NV memory is organized using a flexible file system. This file system allows a maximum of 28 different applications on one MIFARE DESFire EV1. Each application
provides up to 32 files. Every application is represented by its 3 bytes Application IDentifier (AID).

Five different file types are supported;

A guideline to assign MIFARE DESFire AIDs can be found in the application note MIFARE Application Directory (MAD); Each file can be created either at MIFARE DESFire EV1 nitialization (card production/card printing), at MIFARE DESFire EV1 personalization (vending machine) or in the field.

If a file or application becomes obsolete in operation, it can be permanently invalidated.

Commands which have impact on the file structure itself (e.g. creation or deletion of applications, change of keys) activate an automatic rollback mechanism, which protects the file structure from being corrupted.

If this rollback is necessary, it is done without user interaction before carrying out further commands. To ensure data integrity on application level, a transaction-oriented backup is implemented for all file types with backup. It is possible to mix file types with and without backup within one application.

As the commands are the same for MF3ICD(H)81, MF3ICD(H)41 and MF3ICD(H)21, the command details are available in Ref. 1. Only the memory size and input capacitance are different between the devices.

Available file types:
The files within an application can be any of the following types:
-Standard data files
-Backup data files
-Value files with backup
-Linear record files with backup
-Cyclic record files with backup