MIFARE DESFire EV2 vs MIFARE DESFire EV3
MIFARE DESFire EV2 offers 2-32 KB memory with AES-128 + proximity check security, making it ideal for high-security transit, national ID, government. MIFARE DESFire EV3 provides 2-32 KB with AES-128 + SCP03 security, suited for transit, corporate access, national programs.
MIFARE DESFire EV2
MIFARE DESFire EV3
MIFARE DESFire EV2 vs MIFARE DESFire EV3
EV2 and EV3 share the same AES-128 + Proximity Check foundation. EV3 adds Secure Dynamic Messaging, Transaction MAC, SFI, and SCP03 — capabilities that extend the card into anti-counterfeiting and remote key management use cases.
Overview
MIFARE DESFire EV2: AES-128, Proximity Check, MIsmartApp, 2–32 KB. Released ~2013. Widely deployed in transit and high-security access programs.
MIFARE DESFire EV3: All EV2 features plus SDM (Secure Dynamic Messaging), Transaction MAC, SFI (Short File Identifiers), and SCP03 (GlobalPlatform Secure Channel). Released 2020. The current flagship DESFire product.
Key Differences
- SDM: EV3 supports Secure Dynamic Messaging — NDEF URLs with embedded, per-tap cryptographic counters and encrypted payloads. This enables server-side tap verification without a dedicated reader or app. EV2 does not support SDM.
- Transaction MAC: EV3 appends a verifiable MAC to each file transaction. Backends can audit card activity cryptographically. EV2 does not include this.
- SCP03: EV3 supports GlobalPlatform SCP03 for over-the-air key management and remote application updates. EV2 uses NXP's proprietary key management.
- SFI: EV3 adds ISO 7816-4 Short File Identifiers, enabling faster file selection in complex multi-application environments.
- EV2 compatibility: EV3 is backward compatible with EV2 applications.
- Cost: EV3 commands a small premium over EV2.
Technical Comparison
| Parameter | MIFARE DESFire EV2 | MIFARE DESFire EV3 |
|---|---|---|
| Memory | 2–32 KB | 2–32 KB |
| Security | AES-128, Proximity Check | AES-128, Proximity Check, SCP03 |
| SDM | No | Yes |
| Transaction MAC | No | Yes |
| SFI | No | Yes |
| SCP03 | No | Yes |
| MIsmartApp | Yes | Yes |
| Protocol | ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4 | ISO 14443-4 |
| EV2 compatibility | N/A | Yes |
| Typical cost (volume) | $0.50–$1.00 | $0.60–$1.20 |
Use Cases
Where EV2 Remains Sufficient
EV2 is adequate for secure transit, corporate access, and campus card deployments where: - Relay attack protection is required (Proximity Check) - Multi-tenant delegated app management is needed (MIsmartApp) - SDM and transaction audit are not required
Where EV3 Is Required
- Programs using NDEF URL-based tap verification (SDM) for anti-counterfeiting
- Transit or payment systems needing cryptographic transaction audit logs
- Card programs requiring SCP03 remote key management
- Any new card issuance where the additional EV3 features are available at minimal cost premium
Verdict
For existing EV2 deployments, migration to EV3 is not necessary on security grounds — EV2's AES-128 and Proximity Check remain solid. For new programs, EV3 is the recommended choice: the added SDM, transaction MAC, and SCP03 capabilities provide significant operational and security benefits at a modest premium.
التوصية
Choose MIFARE DESFire EV2 when you need relay attack protection via proximity check; choose MIFARE DESFire EV3 when you need latest DESFire with Secure Channel Protocol.