Chip vs Chip

NTAG 424 DNA vs MIFARE DESFire EV3

<\/script>\n
'; }, get iframeSnippet() { const domain = '{ SITE_DOMAIN }'; const type = '{ embed_type }'; const slug = '{ embed_slug }'; return ''; }, get activeSnippet() { return this.method === 'script' ? this.scriptSnippet : this.iframeSnippet; }, copySnippet() { navigator.clipboard.writeText(this.activeSnippet).then(() => { this.copied = true; setTimeout(() => { this.copied = false; }, 2000); }); } }" @keydown.escape.window="open = false" @click.outside="open = false">

Embed This Widget

Theme


      
    


    
    

      Widget powered by
      .
      Free, no account required.
    

  




    
    
NTAG 424 DNA offers 256 bytes memory with AES-128 + SUN authentication security, making it ideal for product authentication, anti-counterfeiting, secure access. MIFARE DESFire EV3 provides 2-32 KB with AES-128 + SCP03 security, suited for transit, corporate access, national programs.

    
  


  
  
  

    
      
NTAG 424 DNA

      

        
제품군NTAG

        
메모리416 bytes (user: 256 B)

        
가격$0.250 – $0.550

      

    
    
      
MIFARE DESFire EV3

      

        
제품군MIFARE

        
메모리2048 bytes (user: 1760 B)

        
가격$0.700 – $1.600

      

    
  

  

  
  

  






  
  

    
NTAG 424 DNA vs MIFARE DESFire EV3


NTAG 424 DNA and MIFARE DESFire EV3
are the current flagship chips from NXP in their respective lines. DESFire EV3 is the most
capable multi-application secure smartcard in the DESFire family. NTAG 424 DNA is the
definitive anti-counterfeiting tag. Understanding their respective capabilities reveals
why they complement rather than replace each other in NFC deployments.




Overview


MIFARE DESFire EV3 adds Secure Channel Protocol 03 (SCP03)
to DESFire EV2's proximity check and multi-application architecture. SCP03 provides an
encrypted and MAC-authenticated secure channel for all card-reader communications —
going beyond the per-command AES authentication of earlier DESFire generations to protect
the entire communication session from eavesdropping and manipulation. It supports up to
32 KB EEPROM, 28 independent applications with separate key sets, and is certified
Common Criteria EAL5+ — the highest security certification available for a commercial
NFC IC. DESFire EV3 is the chip of choice for national transit programs, electronic
passports, government employee credentials, and corporate physical access systems.


NTAG 424 DNA is optimized for one specific capability: generating a unique AES-128
SUN MAC on every tap, embedded in a URL that any phone's browser
can present to a backend for verification. No app, no pairing, no infrastructure reader —
just a tap and a server-side URL validation. This Secure Dynamic Messaging (SDM)
architecture makes NTAG 424 DNA the gold standard for product anti-counterfeiting, supply
chain authentication, and pharmaceutical seal verification at consumer scale.




Key Differences


    

  • SCP03 secure channel: DESFire EV3's SCP03 encrypts and MACs the entire card-reader
  session, protecting all data in transit between card and reader. NTAG 424 DNA's AES
  protection is per-operation — the SUN MAC authenticates the tag's response but does not
  establish a session-level encrypted channel.
    • 

  • SDM: NTAG 424 DNA has SDM; DESFire EV3 does not. SDM is the enabling technology
  for app-free consumer authentication — a tap generates a URL with an embedded AES-128
  MAC that changes on every read, verifiable by any HTTPS server.
    • 

  • Common Criteria certification level: DESFire EV3 is certified EAL5+ — the level
  required by governments for national identity documents and high-security transit
  programs. NTAG 424 DNA is certified EAL4+.
    • 

  • Memory and multi-application: DESFire EV3 scales to 32 KB with up to 28 independent
  applications, each with separate AES key sets and file structures. NTAG 424 DNA is a
  single-application chip with 256 bytes — purpose-designed, not general purpose.
    • 

  • Proximity check: DESFire EV3 inherits EV2's hardware proximity check defending
  against relay attacks. NTAG 424 DNA does not have a proximity check mechanism.
    • 

  • Cost and form factor: NTAG 424 DNA at $0.25–$0.60 is typically deployed as a
  thin inlay or sticker label. DESFire EV3 at $1.50–$4.00 is deployed as an ISO 7816
  smart card, key fob, or wristband.
    • 





Technical Comparison






Parameter
NTAG 424 DNA
MIFARE DESFire EV3






NFC Tag Type
Type 4 (ISO 14443-4)
Type 4 (ISO 14443-4)




User memory
256 bytes
2 KB / 4 KB / 8 KB / 16 KB / 32 KB




Security
AES-128 + SDM
AES-128 + SCP03




SDM / SUN authentication
Yes (native)
No




SCP03 session secure channel
No
Yes




Proximity check (relay defence)
No
Yes




Multi-application
No
Yes (up to 28)




Consumer app-free verification
Yes
No




Common Criteria certification
EAL4+
EAL5+




NDEF native
Yes
Requires application configuration




Write endurance
500,000 writes
500,000 writes




Data retention
10 years
10 years




Unit cost (volume)
$0.25–$0.60
$1.50–$4.00




Deployment form
Inlay / sticker label
Smart card, key fob, wristband








Use Cases


Where NTAG 424 DNA Excels


    

  • Consumer-facing product authentication: Any tap by a consumer's NFC smartphone
  returns a server-verifiable URL. Ideal for luxury goods, pharmaceuticals, and
  electronics accessories where the verification happens in a browser, not an app.
    • 

  • Brand protection at scale: Millions of labels can be issued, each with a unique
  AES-128 key derived from a master key. A backend verifies each SUN MAC centrally,
  detecting any cloned tags (which would produce repeated or invalid MACs).
    • 

  • Supply chain track-and-trace: Each handoff in a distribution chain can be logged
  by tapping the product's NTAG 424 DNA label with a smartphone, recording the location,
  timestamp, and cryptographically verified tag identity.
    • 



Where MIFARE DESFire EV3 Excels


    

  • National transit programs: EAL5+ certification and SCP03 are required by most
  national transport procurement standards. DESFire EV3 is the current baseline for
  Navigo (Paris), OV-chipkaart (Netherlands), and similar national transit card programs.
    • 

  • Government employee credentials: Physical access to secure government facilities
  requires Common Criteria EAL5+ certified cards. DESFire EV3 meets the requirement;
  NTAG 424 DNA does not.
    • 

  • Corporate multi-domain smart cards: A single DESFire EV3 card can carry independent
  applications for building access, cafeteria payment, transit pass, and laptop logon —
  each domain isolated by DESFire's multi-application architecture with separate AES keys.
    • 





Verdict


DESFire EV3 is the peak of the multi-application smart card line — most appropriate for
national transit programs, government ID, and corporate access control where EAL5+
certification, SCP03 secure channels, and relay attack protection are mandatory requirements.
NTAG 424 DNA is unmatched for consumer-facing product authentication where SDM enables
server-verified anti-counterfeiting via any NFC smartphone without an app. These chips are
designed for fundamentally different deployment environments. The determining question is
whether the reader is controlled infrastructure (DESFire EV3) or a consumer's personal
phone in the open world (NTAG 424 DNA).

  

  

  
  
  

    
추천

    
Choose NTAG 424 DNA when you need dynamic URL authentication without an app; choose MIFARE DESFire EV3 when you need latest DESFire with Secure Channel Protocol.