EXTERNAL USE

CHRISTOPH ZWAHLEN

JUNE 29TH, 2016

PRESENT IMPROVED - FUTURE

INSIDE

INTRODUCE THE FUTURE IN

YOUR TODAY'S SYSTEM –

ENSURING SMOOTH SYSTEM

UPGRADES

System maintenanceMain cost driver and limiting innovation

• System maintenance is a main matter of

expense in today´s IT budget• 65% and more of IT budgets of organizations are

allocated to system maintenance

• Limited capacity to address new user

requirements

• Limited innovation improving user

convenience

June 29, 20162.

Agenda

1. Drivers for system migration

2. Complexity of migration projects

3. Practical implementation

• MIFARE Plus EV1

Christoph ZwahlenMarketing Manager

Access Management

• Compliance with standards and regulations

• Ensure long-term availability and maintainability

• Operational efficiency and excellence

• Introduction of new features and functions

• User requirements

Drivers for migration Adopting to changed requirements

June 29, 20164.

Methods of migration Managing changes in a running system

June 29, 20165.

• Hard migration• Change system in one step incl. discontinuation of legacy

system

• High risks on service availability and project coordination

• Soft migration• Phase in of new system incl. availability of legacy system

• Slow adoption of new system and higher maintenance

costs

• Migration projects are complex and bind

lots of resources

Legacy systems limit innovation Legacy technology is still widely used in access management

June 29, 20166.

• Contactless smart cards are used in various

applications and tools• Involvement of different entities with different

requirements

• Effort to migrate contactless smart card

systems is huge• Infrastructure has to be updated

• Existing card population has to be updated

• Legacy technology limiting innovation• New use cases only difficult to achieve

Migration of contactless smart cardsCommon migration routes

• Hybrid card supporting legacy and

future technology• Lower contactless performance

• Higher costs in production and

personalization

• Disabling of legacy technology not

possible on the card

• Silicon supporting multiple

communication protocols• Backwards compatibility

• Higher product complexity

• Higher costs due to complexity

June 29, 20167.

Requirements for ideal solutionOrganizations needs for efficient migration projects

June 29, 20168.

• Compatibility with existing infrastructure

• Comparable user experience

• Upgradeability per application

• Cost efficient solution

• Compliance with new regulations

• Extendable solution

• Compliance with mobile ecosystem

MIFARE Plus® generation benefitsMIFARE Plus® EV1

June 29, 2016

MIFARE

Plus S

MIFARE

Plus SE

MIFARE

Plus X

MIFARE

Plus EV1

RF Interface

P rotocol

UID –

unique

identif ier

Communication

speed

M emory size

[Byte]2KB 1KB 2KB 2KB

4KB  4KB 4KB

M emory M odel

Crypto

Key Length

Authentication

Communication,

S ecurity

T ransaction

M ACyes

P roximity Check yes

V irtual Card

S elect

CC Certif ication EAL4+ no EAL4+ EAL5+

IS O 7816-4

AP DUyes

NFC compliance

T arget

applications

Input

capacitance17pF 17pF 17pF 17pF or 70pF

S ecure NFC

channelin SL1 & SL3

M ulti

applications

yes

NFC capabilities in SL3

Public transport / Campus cards / Access management

Compact, Sectors & 16- byte block

Crypto- 1, AES

48- bit crypto- 1, 128- bit AES

3- pass mutual

CMACed

MIFARE Plus

ISO/IEC 14443- 2, type A

ISO/IEC 14443- 3&4

7- byte UID, 4- byte NUID, RID

106- 848 Kbps

in SL3 level

Supported via MAD

no

no

no

1994

MIFARE Classic

2009

MIFARE Plus

06/2015

MIFARE Plus SE

04/2016

MIFARE Plus EV1

MIFARE Plus EV1Introducing the future in your today´s system!

June 29, 201610.

Application wise

security upgrade

Improve security of

critical transactions

Enriched use cases with

mobile integration

Features & Benefits

June 29, 201611.

Sector-wise

security level

switching

Optional AES

secure channel

in SL1

Extending the application scope for existing customers

Switching only necessary infrastructure to AES

security

keep and operate non-security relevant Crypto1

infrastructure

Switching system integrators as soon as

implementation is finished

Enabling security update for critical applications

Introduce secure services into legacy systems

Fast enhancement of security critical use cases

MIFARE Plus EV1 Simplified Security Concept

June 29, 201612.

SL1 = MIFARE Plus® in Crypto1

mode +

existing MIFARE Classic® cards

SL3 =

MIFARE Plus®

with AES security

SL0 = Virgin

MIFARE Plus®

• Functional backwards

compatible with MIFARE

Classic

• AES for authentication,

integrity

• Multi sector authentication

• Optional Random ID

• Anti-tearing for keys &

sector trailers

Key features per level

• Program AES level

switching keys

(mandatory)

• Program Crypto 1 and

AES keys per sector

(recommended)

Security Level 2

• Mandatory AES

authentication

• Still using Crypto1 on

memory blocks

Optional applications

specific AES

authentication

available

Nutshell Security Concept for Physical Access ControlSector-wise Security Level Switching

Different security layers possible

Reduce system upgrade effort

and complexity

Reduce system upgrade cost

AE

S

AE

S

Optional security in legacy mode for critical use casesOptional AES secure channel in SL1

June 29, 201614.

All applications use the

same protocol

Seamless integration into

existing infrastructure

Fast update of security in

critical infrastructure

Reduce system upgrade

cost

• Verify backwards compatibility of MIFARE Plus EV1 in

legacy mode

• Integration of enhanced protocols• To card management workflows

• To infrastructure components

• Protect existing and new systems with latest contactless

smart card technology• Cost effective solution for both infrastructure and credential

technology

Enabling migration pathIntroduce the future in your existing solutions

June 29, 201615.

Thank you

Visit us at http://MIFARE.net

Follow us:

https://twitter.com/nxp_mifare https://at.linkedin.com/in/nxpmifarewww.youtube.com/user/nxpsemiconductorshttp://blog.nxp.com/ https://www.facebook.com/nxpsemi

Q&A

Webinar SeriesOutlookDate Title

May 24th 2016 MIFARE Innovation Roadmap – present improved, future inside

June 1st 2016 How to protect contactless systems today and tomorrow

June 8th 2016 Enhanced user experience through active application management

June 15th 2016 Streamlined user management for multi-vendor installations

June 22nd 2016 Secure closed loop payments in an open environment

June 29th 2016 Introduce the future in your today’s system – how to ensure smooth system upgrades

July 6th 2016 Added value to card based environments through NFC and cloud – when IoT

becomes reality

July 13th 2016 Complement use cases with mobiles and wearables