EXTERNAL USE
JOHANNES GRÜLL
JUNE 22ND, 2016
PRESENT IMPROVED - FUTURE INSIDE
SECURE CLOSED LOOP
PAYMENTS IN AN OPEN
ENVIRONMENT
• Diners Club first contemporary credit card in the
1950’s
• Convenient way to pay for goods & services
without cash
• Convenient use across multiple vendors
• Started as piece of cardboard with signature
• Evolved to complex payment scheme’s like
EMV
• Transaction fees
• Liability shifts
ChallengesFrom Cardboard to Multi-party Payment Solutions
June 22, 20162.
Agenda
1. Adding value to access credentials
2. Trust & guarding against fraud
3. Practical implementation
• MIFARE DESFire EV2
• MIFARE Plus EV1
• Secure your smartcard a slot in your customer’s
wallet• Increase personal value of card to customers
• Increased self service possibilities
• Increased customer & brand engagement
• Common Criteria based platforms allow to run
own payment solutions• Receive cash in advance
• Minimize cash handling cost
• Power own incentive schemes towards customers &
partners
Closed-loop MicropaymentIncreasing Value of Credentials
June 22, 20164.
Micropayment in Single-vendor vendor systems
June 22, 20165.
Vendor
Locations
Vendor/
Card Issuer
End
User
Card loadingSpending money
Demand for Multi-vendor Systems
June 22, 20166.
How can I attract
additional
customers?
Service
Providers
Card
Issuer
End
User
I want
convenient
access with 1
credential only
I want to
increase the
value of my card
to end users
Micropayment in Multi-vendor systems - Challenge
June 22, 20167.
Service
Providers
Card
Issuer
End
User
1.
2.Purchase
3.Multiple challenges in claiming and re-
imbursing within the application
provider eco-system arise
• Traceability of Transactions• Common Criteria certified solutions securing wallets
• New smartcard features securing and proofing transactions
• Authenticity of Transactions• Tax regulations
• Cash register
• Privacy of individual data• End user
• Service providers sales data
• Quick & reliable re-imbursement• Automated
• Scalable
• Protecting individual application providers sales data
Challenges in multi-vendor systemsShared Wallet Applications
June 22, 20168.
Use Cases: Campus CardCashless Campus as Eco-system
June 22, 20169.
• On-Campus Services• Payment (vending machines, copying machines,…)
• Student self-service (registering, printing documents,..)
• Off-Campus Eco-system integration• Public transport linking university sites
• Restaurants
• Cafes
• New Value Streams• Co-promotion
• Fee based model
• Dedication of stipendiums
• Requirement: Scalable & future proof platforms
MIFARE Plus® generation benefitsMIFARE Plus® EV1
June 22, 2016
MIFARE
Plus S
MIFARE
Plus SE
MIFARE
Plus X
MIFARE
Plus EV1
RF Interface
P rotocol
UID –
unique
identif ier
Communication
speed
M emory size
[Byte]2KB 1KB 2KB 2KB
4KB 4KB 4KB
M emory M odel
Crypto
Key Length
Authentication
Communication,
S ecurity
T ransaction
M ACyes
P roximity Check yes
V irtual Card
S elect
CC Certif ication EAL4+ no EAL4+ EAL5+
IS O 7816-4
AP DUyes
NFC compliance
T arget
applications
Input
capacitance17pF 17pF 17pF 17pF or 70pF
S ecure NFC
channelin SL1 & SL3
M ulti
applications
yes
NFC capabilities in SL3
Public transport / Campus cards / Access management
Compact, Sectors & 16- byte block
Crypto- 1, AES
48- bit crypto- 1, 128- bit AES
3- pass mutual
CMACed
MIFARE Plus
ISO/IEC 14443- 2, type A
ISO/IEC 14443- 3&4
7- byte UID, 4- byte NUID, RID
106- 848 Kbps
in SL3 level
Supported via MAD
no
no
no
1994
MIFARE Classic
2009
MIFARE Plus
06/2015
MIFARE Plus SE
04/2016
MIFARE Plus EV1
MIFARE DESFire® generation benefitsMIFARE DESFire® EV2
June 22, 201611.
2002MIFARE DESFire
2008MIFARE DESFire EV1
2015
MIFARE DESFire EV1 256B
2016MIFARE DESFire EV2
MIFARE
DESFire EV1
MIFARE
DESFire EV2
ISO/IEC 14443 A 1-4
ISO/IEC 7816-4 support extended extended
EEPROM data memory 2/4/8KB 2/4/8KB
Flexible file structure
NFC Forum Tag Type 4
Secure, high-speed cmd
Unique ID 7BUID or 4B RID 7BUID or 4B RID
Number of applications 28 unlimited
Number of files per app 32 32
High data rates support up to 848 Kbit/s up to 848 Kbit/s
Crypto algorithms supportDES/2K3DES/
3K3DES/AES
DES/2K3DES/
3K3DES/AES
CC certification (HW + SW) EAL 4+ EAL 5+
MIsmartApp feature -
Transaction MAC per app -
Multiple keysets per app - Up to 16 keysets
Multiple file access rights - Up to 8 keys
Inter-app files sharing -
Virtual Card Architecture -
Proximity Check -
Delivery typesWafer, MOA4 &
MOA8
Wafer, MOA4 &
MOB6
TransactionMACSecuring your money in a shared economy
June 22, 201612.
• MAC calculated over the data of a whole
transaction
• Prove of card presence
• Counters to eliminate replay attempts
• Possibility to integrate reader ID to allocate
transaction to specific service provider
• Detect missing transactions
TransactionMAC in Multi-vendor Systems
June 22, 201613.
Service
ProvidersClearing
House
TMAC keys shared by card and
clearing house
TMAC‘s sent to clearing house
Re-imbursement after clearing
Thank you
Visit us at http://MIFARE.net
Follow us:
https://twitter.com/nxp_mifare https://at.linkedin.com/in/nxpmifarewww.youtube.com/user/nxpsemiconductorshttp://blog.nxp.com/ https://www.facebook.com/nxpsemi
Q&A
Webinar SeriesOutlookDate Title
May 24th 2016 MIFARE Innovation Roadmap – present improved, future inside
June 1st 2016 How to protect contactless systems today and tomorrow
June 8th 2016 Enhanced user experience through active application management
June 15th 2016 Streamlined user management for multi-vendor installations
June 22nd 2016 Secure closed loop payments in an open environment
June 29th 2016 Introduce the future in your today’s system – how to ensure smooth system
upgrades
July 6th 2016 Added value to card based environments through NFC and cloud – when IoT
becomes reality
July 13th 2016 Complement use cases with mobiles and wearables