NXP’s MIFARE DESFire EV1 Technology Receives Security Stamp of Approval

“The Madrid Sube-T system started using MIFARE DESFire-powered smart cards in 2006 across its entire network of urban buses, underground metro system and Interurban trains. Compared to previous systems, contactless ticketing offers our passengers a very convenient solution to easily move around the entire network which is also secure and highly flexible”, said Antonio Rubio Fernández, Jefe del Área de Innovación Tecnológica, Consorcio Regional de Transportes de Madrid. “The MIFARE DESFire has proven to be the best solution on the market and fully addresses our needs. The Madrid public transport network is one of the world's largest and most complex infrastructures transporting over 1.6 billion passengers a year across more than 40 different operators. We welcome NXP's efforts to further enhance the security of transport ticketing systems against attacks.”

The Common Criteria certification validates correct implementation of the promised security features and confirms in this case ‘high resistance’ against attacks. It provides an assurance stamp to allow systems integrators to compare the security quality of similar products on the market. The process also helps define the robustness of the solution over the full product life-cycle from IC production, usage and through to disposal of the card.

“Receiving Common Criteria certification is a huge step forward for the industry as system integrators and operators of public mass transportation systems across the world now have the opportunity to introduce increased security levels for their systems“, said Henri Ardevol, general manager of automatic fare collection, NXP Semiconductors. “The decision to have our products validated by the independent Common Criteria certification program has been long established within NXP’s identification business. For the DESFire EV1, speed, flexibility and security were at the heart of the initial concept and NXP is proud to be the first vendor to offer a certified technology for transport ticketing and other contactless applications.”

NXP’s heritage in security as the leading provider of ICs for contactless eGovernment and banking applications has enabled the company to develop the first AFC solution to be protected against both physical and logical security attacks. As part of the independent review, the key security elements of the DESFire EV1 including cryptography, random number generation algorithm and operating system were fully audited to ensure comprehensive protection. Moreover, as this evaluation has been conducted to ensure compliance to the standard Protection Profile for Smart Card ICs (BSI-PP-0002-2001), the product also fulfils e.g. banking and eGovernment security requirements.

As well as AFC solutions, MIFARE DESFire EV1 technology provides the flexibility and security to support a variety of contactless or dual interface applications beyond transport ticketing, such as electronic payment, access management, loyalty services and eGovernment.