MIFARE DESFire EV1 vs MIFARE DESFire EV3
MIFARE DESFire EV1 offers 2-8 KB memory with 3DES + AES-128 security, making it ideal for transit, campus cards, access control. MIFARE DESFire EV3 provides 2-32 KB with AES-128 + SCP03 security, suited for transit, corporate access, national programs.
MIFARE DESFire EV1
MIFARE DESFire EV3
MIFARE DESFire EV1 vs MIFARE DESFire EV3
EV3 represents two generations of evolution beyond EV1. While EV1 remains a capable secure card, EV3 adds relay attack protection, Secure Dynamic Messaging, transaction audit MACs, and SCP03 key management — features that significantly expand what a card can do.
Overview
MIFARE DESFire EV1: AES-128 / 3DES, ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4, 2–8 KB. The foundational DESFire platform, widely deployed since the mid-2000s.
MIFARE DESFire EV3 (released 2020): AES-128, Proximity Check, Transaction MAC, SDM (Secure Dynamic Messaging), SFI (Short File Identifiers), SCP03, 2–32 KB. EV3 is the first DESFire variant to support SDM — enabling NDEF URLs that contain per-tap cryptographic counters verifiable by a backend server, without requiring a dedicated app.
Key Differences
- SDM: EV3 uniquely supports Secure Dynamic Messaging. An EV3 card can present an NDEF URL that changes its cryptographic parameters on every tap, enabling server-side verification of card authenticity — the same mechanism that makes NTAG 424 DNA powerful for anti-counterfeiting, now available on a full card platform.
- Transaction MAC: EV3 generates a MAC over each transaction that a backend server can verify post-hoc, providing a cryptographic audit trail.
- SCP03: EV3 supports GlobalPlatform SCP03 for remote key management and application provisioning — important for managed card programs.
- SFI: ISO 7816-compatible Short File Identifiers speed up file selection in multi- application environments.
- Relay protection: EV3 includes Proximity Check (inherited from EV2). EV1 does not.
Technical Comparison
| Parameter | MIFARE DESFire EV1 | MIFARE DESFire EV3 |
|---|---|---|
| Memory | 2 / 4 / 8 KB | 2 / 4 / 8 / 16 / 32 KB |
| Security | AES-128, 3DES | AES-128, SCP03 |
| SDM | No | Yes |
| Transaction MAC | No | Yes |
| Proximity Check | No | Yes |
| SFI | No | Yes |
| SCP03 | No | Yes |
| Protocol | ISO 14443-4 | ISO 14443-4 |
| NDEF + SDM | No | Yes |
| Typical cost (volume) | $0.40–$0.80 | $0.60–$1.20 |
Use Cases
EV1 continues to serve well in existing deployments without relay attack exposure. EV3 is the correct choice for:
- New card programs requiring anti-counterfeiting via SDM URL verification
- Transit networks implementing cryptographic transaction audit logs
- Corporate card programs requiring SCP03 remote key management
- Any program where card-format SDM is needed (luxury brand protection on card credentials, government ID with dynamic verification)
Verdict
For new deployments, EV3 is the recommended choice over EV1. The addition of SDM, transaction MAC, proximity check, and SCP03 addresses security and operational requirements that EV1 cannot meet. EV1 remains serviceable in existing, non-relay-exposed deployments but should not be specified for new card programs when EV3 is available at a comparable cost premium.
Đề Xuất
Choose MIFARE DESFire EV1 when you need flexible file system with strong encryption; choose MIFARE DESFire EV3 when you need latest DESFire with Secure Channel Protocol.