Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

German Federal Certification for MIFARE Plus based contactless smart cards

NXP Semiconductors : 28 January, 2010  (New Product)
Dutch Contactless Smart Card Specialist Gains EAL 4+ Certification in Germany for 128-bit AES encrypted smartcard using MIFARE Plus standard for access control applications
NXP Semiconductors has announced that its MIFARE Plus contactless smart card CPU IC (MF1PLUSx0y1) has been awarded Common Criteria EAL 4+ certification by the German Federal Office for Information Security (Ref.: BSI-DSZ-CC-0586-2009). In addition, MIFARE Plus has proven successful in independent security reviews conducted by leading cryptography experts from the Ruhr-Universität in Germany and the Katholieke Universiteit Leuven in Belgium, which executed a thorough security and privacy assessment of the architecture of MIFARE Plus.

"NXP is striving to ensure that our products such as the MIFARE Plus microcontroller IC provide customers with the highest possible level of trust and privacy for secure transactions in contactless smart card applications," said Henri Ardevol, general manager, Secure Transactions, NXP Semiconductors. "We're very pleased that the security features of MIFARE Plus have been independently validated by three different institutions following extensive testing. Since the release in mid 2009 we have worked with over 300 partner companies worldwide to adopt MIFARE Plus while the product is already being shipped in millions."

MIFARE Plus technology features 128-bit Advanced Encryption Standard (AES) and supports migration from existing MIFARE Classic implementations. The contactless microcontroller IC offers an upgrade path for system integrators and operators wishing to implement additional layers of security to their automatic fare collection, access management and micro-payment installations.

The independent third-party validation of MIFARE Plus offers NXP's customers a high degree of certainty that the technology is providing advanced security. The Common Criteria certification validates correct implementation of the promised security features, evaluates attack resistance and allows systems integrators to assess the security quality of similar products. "For newly built contactless smart card installations we strongly recommend Common Criteria-certified products, preferably those based on AES encryption," said Dipl.-Ing. Harald Kelter, security expert, Federal Office for Information Security in Germany.

Working with leading universities in the area of IT security and cryptography has enabled NXP to tap into the latest cryptographic research and validate the technologies' security features.

"Despite extensive and careful analysis, we have not identified any security weakness with practical relevance," said Prof. Dr.-Ing. Christof Paar of the Ruhr-Universität Bochum. "We consider the MIFARE Plus architecture to be secure if all security mechanisms are activated as recommended in the MIFARE Plus documentation. The CC evaluation of the card further supports our belief that NXP has succeeded in designing a very secure contactless authentication and storage system."

"Based on our study, we believe that the MIFARE Plus architecture is a solid design, which is based on a detailed analysis of the requirements including security, privacy and feasibility," said Prof. Dr. Ir. Bart Preneel of the Katholieke Universiteit Leuven. "The solutions proposed take into account the severe constraints offered by the contactless environment. In spite of these constraints, the MIFARE Plus architecture allows to deploy applications in areas such as access control and transportation that offer a level of security and privacy that is state of the art."

Security, performance, privacy and ease of use are at the heart of MIFARE Plus. It is - next to MIFARE DESFire EV1 - the only contactless smart card technology to offer strong AES encryption for authentication, integrity and confidentiality. Furthermore, MIFARE Plus chips comprise a number of additional privacy features which, when used optimally in the infrastructure, provide a system that prevents individuals from being identified and tracked by others. Finally, migration planning is made easier as MIFARE Plus supports the pre-issuance of new cards; co-existence of current and new cards; and software based infrastructure upgrades.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo