Upload
vankhue
View
230
Download
4
Embed Size (px)
Citation preview
mifaremifare®® DESFire FunctionalityDESFire Functionality
CAS - 2006
Semiconductors 2
mifaremifare®® DESFireDESFire Functionality AgendaFunctionality Agenda
• Introduction• Main Characteristics & Block Diagram• DESFire File System
• Typical Transaction Time• Delivery Types & Development Tools
Applications & FilesFile TypesKey Management Access RightsBackup Management Memory Mapping
Semiconductors 3
Interface:• Contactless only• Fully compliant to the ISO/IEC14443A (1-4)• 7 bytes UID (“Double Size UID”)• Operating distance up to 10cm• Data transmission: 106 – 424 kBd• Compatible to the Mifare Reader
Interface:• Contactless only• Fully compliant to the ISO/IEC14443A (1-4)• 7 bytes UID (“Double Size UID”)• Operating distance up to 10cm• Data transmission: 106 – 424 kBd• Compatible to the Mifare Reader
MF3ICD40MF3ICD40
RF-
Inte
rfac
e
CPUEEPROM(3)DES-Co-proc.
mifaremifare®® DESFire Main CharacteristicsDESFire Main Characteristics
CPU & OS:• Asynchronous CPU core• (3) DES coprocessor• Fixed Command Set• No Customer ROM codes
CPU & OS:• Asynchronous CPU core• (3) DES coprocessor• Fixed Command Set• No Customer ROM codes
„„Buy the card and use it.“Buy the card and use it.“
Semiconductors 4
mifaremifare®® DESFire Main CharacteristicsDESFire Main Characteristics
File System:• up to 28 application / card • up to 16 files / application• up to 14 keys / application• 1 masterkey for card maintenance• Plain, (3)DES encrypted, or MACed data transmission• On-Chip Backup management
File System:• up to 28 application / card • up to 16 files / application• up to 14 keys / application• 1 masterkey for card maintenance• Plain, (3)DES encrypted, or MACed data transmission• On-Chip Backup management
NV Memory:• 4 kByte EEPROM• Erase + Write access: 1ms each• R/W-Cycles: >100K• Data retention: 10 years
NV Memory:• 4 kByte EEPROM• Erase + Write access: 1ms each• R/W-Cycles: >100K• Data retention: 10 years
MF3ICD40MF3ICD40
RF-
Inte
rfac
e
CPUEEPROM(3)DES-Co-proc.
Semiconductors 5
CPU / Logic Unit
TRIPLE-DES
CO-PROCESSOR
UARTISO 14443A
RFINTERFACE
SECURITYSENSORS
POWER ONRESET
VOLTAGEREGULATOR
CLOCKINPUT FILTER
RESETGENERATOR
CARDCOIL
LA
LB
TRUE RANDOMNUMBER
GENERATOR
RAMROM RAM EEPROM
CRC
mifaremifare®® DESFire Block DiagramDESFire Block Diagram
MF3 IC D40
Semiconductors 6
up toup to 16 files / application(like data-files within one “sub-directory”)
mifare® mifare® DESFire File SystemDESFire File System
1) Data Files2) Value Files3) Record Files
3 File types:
The 4kByte EEPROM can be used for:The 4kByte EEPROM can be used for:
One MasterKey(for card maintenance)One MasterKey(for card maintenance)
up to 28 different applications(like “sub-directories” on a HDD)1 2 3 4 ... 28
up toup to 14 (3)DES keys / application(valid only within the “sub-directory” )
One MasterKey(for application maintenance)One MasterKey(for application maintenance)
includes
Semiconductors 7
mifaremifare®® DESFireDESFire File Types: Standard Data FileFile Types: Standard Data File
Standard Data File (0x00)Standard Data File (0x00)User File size: = 1 byte ... 4 kbyteRequired EEPROM size: = File Size*General data file (e.g. card issuer data, card holder name)
File# 0x00 ... 0x0F
Create Standard Data File1 1 1 2 3
CMD File # Com Set Access Rights File Size
[ ] 3232*32/)1( +−= FileSizeStdDataNTISizeEEPROM
*Internally the NV-memory is allocated in blocks of 32 bytes.(E.g. every file with a size of 1-32 bytes internally always uses 32 bytes.)
Semiconductors 8
mifaremifare®® DESFireDESFire File Types: Backup Data FileFile Types: Backup Data File
Backup Data File (0x01)Backup Data File (0x01)File size: = 1 Byte ... 2 kByteRequired EEPROM: = 2 x File size*General data file (e.g. card issuer data, card holder name)
File# 0x00 ... 0x07
[ ] 3232*32/)1(2 +−⋅= FileSizeBackupDataNTISizeEEPROM
Create Backup Data File1 1 1 2 3
CMD File # Com Set Access Rights File Size
*Internally the NV-memory is allocated in blocks of 32 bytes.(E.g. every file with a size of 1-32 bytes internally always uses 32 bytes.)
Semiconductors 9
mifaremifare®® DESFireDESFire File Types: Value FilesFile Types: Value Files
Create Value File1 1 1 2 4 4 4 1
CMD File # Com Set Access Rights Lower Limit Upper Limit Value Credit Limited enabled
Value File (0x02)Value File (0x02)Required EEPROM size: = 32 Bytes
Value Range = -16 777 215...+16 777 216(4 Byte signed integer)
Lower Limit = -16 777 215...+16 777 215
Upper Limit = -16 777 214...+16 777 216(Lower Limit < Upper Limit)
Limited Credit enabled (0x01) / disabled (0x00)
File# 0x00 ... 0x07
Semiconductors 10
Record #3 after 3 Write commands3 Records can be read
Record #n after n Write commandsn Records can be read
mifaremifare®® DESFireDESFire File Types: Record FileFile Types: Record File
Record #1Record #2Record #3
Record #n-1Record #n
after 3 Write commands
Record File
Record #4Record #5
after n Write commands
Record Size# of Records
• A Record File contains n Records. • Each Record can be written once.• The latest and all the previous Records can be read (at once).
• A Record File contains n Records. • Each Record can be written once.• The latest and all the previous Records can be read (at once).
Semiconductors 11
mifaremifare®® DESFireDESFire File Types: Record FileFile Types: Record File
Record #1Record #2Record #3
Record #n-1Record #n
Record #1Record #2Record #3
Record #n-1Record #n
after 3 Write commands
after n Write commands
Linear Record File Cyclic Record File
after n+2 Write commands Record #2after n+1 Write commands Record #1Record File full
n+1 Write: Error instead of ACK
Semiconductors 12
mifaremifare®® DESFireDESFire File Types: Linear Record FileFile Types: Linear Record File
Create Record File1 1 1 2 3 3
CMD File # Com Set Access Rights Record Size Max. # of Records
Linear Record Files (0x03)Linear Record Files (0x03)Required EEPROM size: = 32Bytes + Record Size • # of Records*
Record Size = 0x00 00 01 ... 0xff ff ff (1 Byte - 4k Byte)
# of Records = 0x00 00 01 ... 0xff ff ff
File# 0x00 ... 0x07
* Internally the NV-memory is allocated in blocks of 32 bytes.(E.g. a Record File with 2 Records and a size of 10 Bytes/Record internally always uses 64 bytes.)
Semiconductors 13
mifaremifare®® DESFireDESFire File Types: Cyclic Record FileFile Types: Cyclic Record File
Create Record File1 1 1 2 3 3
CMD File # Com Set Access Rights Record Size Max. # of Records
Cyclic Record Files (0x03)Cyclic Record Files (0x03)Required EEPROM size: = 32Bytes + Record Size • # of Records*
Record Size = 0x00 00 01 ... 0xff ff ff (1 Byte - 4k Byte)
# of Records = 0x00 00 02 ... 0xff ff ff
File# 0x00 ... 0x07
* Internally the NV-memory is allocated in blocks of 32 bytes.(E.g. a Record File with 2 Records and a size of 10 Bytes/Record internally always uses 64 bytes.)
Semiconductors 14
mifaremifare®® DESFire DESFire EncryptionEncryption
DESFireDESFire data transmission:data transmission:
Plain Data
Example Data: „Hello World“
48 65 6C 6C 6F 20 57 6F 72 6C 64Data
48 65 6C 6C 6F 20 57 6F 72 6C 64 23 42 A1 2E Data MAC
f2 45 2a e0 50 56 3c 02 43 4e 63 ac 04 bb 21 26Data + 2Byte CRC -> filled up to n*8 -> (3)DES encrypted
MACed* Data
(3)DES enciphered
*MAC: Message Authentication Code
b7 b6 b5 b4 b3 b2 b1 b0 HexPlain Data 0 0 0 0 0 0 x 0 0x00MACed 0 0 0 0 0 0 0 1 0x01(3)DES encrypted 0 0 0 0 0 0 1 1 0x03
Coding of the Communication Settings:
Semiconductors 15
mifaremifare®® DESFire DESFire KeysKeys
00 11 22 33 44 55 66 77 00 11 22 33 44 55 66 77
DES:
DES and 3DES keys are stored in 16 bytes strings.
1st half = 2nd half Single DES
00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
3DES: 1st half = 2nd half Triple DES
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (default)
Semiconductors 16
mifaremifare®® DESFire DESFire Access RightsAccess Rights
4 different Access Rights are stored for each file. Access Rights are defined during creation of a file.
all other filesR Get Value Debit ReadW Get Value Debit Limited Credit Write
R&W Get Value Debit Limited Credit Credit Read&WriteC
Value File
Change Config
Key #0 always is the Masterkey• on PICC level (if no application or AID 0x00 00 00 is selected)• on Application level (if an Application is selected).
Semiconductors 17
mifaremifare®® DESFire Coding of DESFire Coding of Access RightsAccess Rights
b15 b12 b11 b8 b7 b4 b3 b0
R W R&W C
MSBit LSBitDuring creation of a file the Access Rights are defined with a 2-byte code:
Remark:If a file is accessed without valid authentication but free access (0xe) is possible, the communication mode is forced to plain (through at least one relevant access right).
Remark:If a file is accessed without valid authentication but free access (0xe) is possible, the communication mode is forced to plain (through at least one relevant access right).
Hex Key0x0 00x1 10x2 20x3 30x4 40x5 50x6 60x7 70x8 80x9 90xa 100xb 110xc 120xd 130xe "free"0xf never
no authentication requiredno access
Semiconductors 18
mifaremifare®® DESFireDESFire Application ExampleApplication Example
Up to 28 different applications per card
ApplAppl0x 00 00 020x 00 00 02
ApplAppl0x 00 00 010x 00 00 01
ApplAppl0x 00 00 030x 00 00 03
Application 0x 00 00 02Application 0x 00 00 02
File 0x03File 0x03
FileFile0x0C0x0C
File File 0x070x07
File 0x04File 0x04
Up to 16 different files per applicationUp to 16 different files per application
Semiconductors 19
mifaremifare®® DESFireDESFire Application ExampleApplication Example
Application 0x 00 00 02Application 0x 00 00 02
File 0x03File 0x03
FileFile0x0C0x0C
File File 0x070x07
File 0x04File 0x04
File 0x03:
File 0x0C:
File 0x07:
File 0x04:
Application # 0x 00 00 02 contains 4 Files:
Value File lower limit: -10upper limit: +2000MACed Data
Cyclic Record File Record Size: 10 bytes# of Records: 21MACed Data
Backup Data File File Size: 30 bytes3DES encrypted Data
Standard Data File File Size: 30 bytesPlain Data
Semiconductors 20
mifaremifare®® DESFireDESFire Application ExampleApplication Example
Application 0x 00 00 02Application 0x 00 00 02
File 0x03File 0x03
FileFile0x0C0x0C
File File 0x070x07
File 0x04File 0x04
File 0x03:File 0x0C: File 0x07:File 0x04:
Application # 0x 00 00 02 contains 4 Files and 5 keys:
Value File Cyclic Record File
Backup Data File
Standard Data File
R W R&W CR W R&W C R W R&W CR W R&W C R W R&W CR W R&W C R W R&W CR W R&W C
neverneverfreefreeKEY 1KEY 1 KEY 4KEY 4KEY 2KEY 2 KEY 3KEY 3
KEY 0KEY 0
Semiconductors 21
mifaremifare®® DESFireDESFire Backup ManagementBackup Management
Transaction oriented approachTransaction oriented approach
On application level, Multiple write commands can be issued.On application level, Multiple write commands can be issued.
→→ Application data is always consistentApplication data is always consistent
Completed transaction has to be validated by a Completed transaction has to be validated by a CommitTransactionCommitTransaction command.command.
If not validated or aborted, a full rollback of all writes happeIf not validated or aborted, a full rollback of all writes happens.ns.
Either ALL writes are done or NO writes are done.Either ALL writes are done or NO writes are done.
Semiconductors 22
Image 1Image 1
Image 2Image 2
Valid ImageValid Image
mifaremifare®® DESFire DESFire DataData File BackupFile Backup
Image 1Image 1
Image 2Image 2
Valid ImageValid Image
CommitTransactionCommitTransactionvalidates updated Imagevalidates updated Image
Write DataWrite Data Image 2Image 2
WriteWriteupdates mirror imageupdates mirror image
*Data File Backup Management requires a Backup Data File.
Backup Data File
Semiconductors 23
mifaremifare®® DESFire DESFire ValueValue File BackupFile Backup
Image 1 Image 2 Image 1 Image 2
Valid Image
Image 1 Image 2 Image 1 Image 2
Valid Image
CommitTransactionCommitTransactionvalidates updated Imagevalidates updated Image
Write
Image 2 Image 2WriteWriteupdates mirror imageupdates mirror image
Value File
Semiconductors 24
mifaremifare®® DESFire DESFire RecordRecord File BackupFile Backup
Record #1Record #2Record #3
Record #n-1Record #n
Record File
Current RecordWriteWriteinto next empty Recordinto next empty Record
Write DataRecord #3
CommitTransactionCommitTransactionvalidates new Record #validates new Record #
Record #1Record #2Record #3
Record #n-1Record #n
Current Record
Semiconductors 25
mifaremifare®® DESFire DESFire Memory MappingMemory Mapping 11
The mifare® DESFire EEPROM area is allocated in blocks of 32 bytes.
Blank Chip
The “blank” chip in delivery state uses 4 blocks for Manufacturer data and Administration.
Card Administration
The card administration requires 1 block per 4 created applications. This memory is re-used after “Delete Application”.
Semiconductors 26
mifaremifare®® DESFire DESFire Memory MappingMemory Mapping 22
Application
For each created application n blocks are required with:
blockskeysn ⎟⎠⎞⎜
⎝⎛ ++= 2
)1(int1number of keys number of blocks
0 11 22 23 34 35 46 4... ...
This memory cannot be re-used after “Delete Application”, but only after “FormatPICC”.
Semiconductors 27
mifaremifare®® DESFire DESFire Memory MappingMemory Mapping 33
File Administration
Every 2nd file entry uses 1 block, beginning with 2nd generated file.
number of files number of blocks1 02 13 14 25 26 37 3... ...
This memory is re-used after “Delete File”.
Semiconductors 28
mifaremifare®® DESFire DESFire Memory MappingMemory Mapping 44Data
The data of a Standard Data File requires n blocks with:
blocksfilesizen ⎟⎠⎞⎜
⎝⎛ ++= 32
)31(int1
Standard Data File Backup Data Filefile size number of blocks number of blocks
1 1 22 1 2... 1 232 1 233 2 434 2 4... 2 464 2 465 3 6... ... ...
Semiconductors 29
mifaremifare®® DESFire Memory Mapping 5DESFire Memory Mapping 5
The Value Data File requires 1 block, independent on value or limits.
The Record File requires n blocks with:
blocksrecordsofnumberrecordsizen ⎟⎠⎞⎜
⎝⎛ +⋅+= 32
)31__(int1
The data of a Backup Data File requires 2x n blocks
Semiconductors 30
mifaremifare®® DESFire DESFire Transaction TimeTransaction Time
Transaction Time 3DES MACed for Read 156 byte, Write 108 byte (incl. Backup):
@ 106 kbaud: <130ms*@ 212 kbaud: <110ms*@ 424 kbaud: <100ms*
Transaction Time 3DES MACed for Read 156 byte, Write 108 byte (incl. Backup):
@ 106 kbaud: <130ms*@ 212 kbaud: <110ms*@ 424 kbaud: <100ms*
* Includes communication PCD - PICC, does NOT include reader data handling
Command Sequence (typical transport transaction):–Establish protocol according to ISO 14443-4
•Application Selection•mutual 3pass Authentication•Read Standard Data File ( 48 bytes 3DES MACed )•Read Backup Data File ( 48 bytes 3DES MACed )•Read Value ( 12 bytes 3DES MACed )•Read Record File ( 48 bytes 3DES MACed )•Write to backup file ( 48 bytes 3DES MACed )•Append record to record file ( 48 bytes 3DES MACed ) •Modify value file ( 12 bytes 3DES MACed )•CommitTransaction
–Deselect according to ISO 14443-4
Command Sequence (typical transport transaction):–Establish protocol according to ISO 14443-4
•Application Selection•mutual 3pass Authentication•Read Standard Data File ( 48 bytes 3DES MACed )•Read Backup Data File ( 48 bytes 3DES MACed )•Read Value ( 12 bytes 3DES MACed )•Read Record File ( 48 bytes 3DES MACed )•Write to backup file ( 48 bytes 3DES MACed )•Append record to record file ( 48 bytes 3DES MACed ) •Modify value file ( 12 bytes 3DES MACed )•CommitTransaction
–Deselect according to ISO 14443-4
Semiconductors 31
Sawn Wafer on FFCSawn Wafer on FFC MOA4MOA4 ContactlessContactless ModuleModule
150µm thickness150µm thickness
MF3ICD4001DW/V5MF3ICD4001DW/V5
330µm thickness330µm thickness
MOA4: MF3MOD4001DV/4MOA4: MF3MOD4001DV/4
DESFireDESFire Delivery TypesDelivery Types
Semiconductors 32
mifaremifare®® DESFire DESFire DevelopmentDevelopment ToolsTools
MF EV70xbased on the Pegoda Reader, contains:• USB Pegoda Reader (RD70x)• Datasheets & Documents on a CD • 5 Mifare Cards
MF EV70xbased on the Pegoda Reader, contains:• USB Pegoda Reader (RD70x)• Datasheets & Documents on a CD • 5 Mifare Cards
PEGODA Reader
Sample Cards• mifare® DESFire Sample Cards• MF DESFire UI (Demo-SW)• Debug Client SW• C-library (incl. Source Code)
• mifare® DESFire Sample Cards• MF DESFire UI (Demo-SW)• Debug Client SW• C-library (incl. Source Code)
+
Semiconductors 33
•• Fully ISO 14443A compliant, up to part 4Fully ISO 14443A compliant, up to part 4
•• Unique 7 byte serial number Unique 7 byte serial number ISO cascade level 2ISO cascade level 2
•• 4 4 KByteKByte EEPROM, 1ms erase, 1ms program EEPROM, 1ms erase, 1ms program
•• Fast Data Transfer, up to 424Fast Data Transfer, up to 424 KbitKbit/s/s
•• Mutual Three Pass AuthenticationMutual Three Pass Authentication
•• DES/3DES Data Encryption on RFDES/3DES Data Encryption on RF--channelchannel
•• Data Authenticity by 4 byte 3DES MACData Authenticity by 4 byte 3DES MAC
•• Flexible File SystemFlexible File System
•• Up to 28 Applications per cardUp to 28 Applications per card
•• Up to 14 3DES keys per Application, with key versioningUp to 14 3DES keys per Application, with key versioning
•• Up to 16 Files per ApplicationUp to 16 Files per Application
•• Automatic backup mechanism for all available file types Automatic backup mechanism for all available file types
mifaremifare®® DESFireDESFire FactsFacts