P5DF081HN/T1AD2060 NXP Semiconductors, P5DF081HN/T1AD2060 Datasheet - Page 12

P5DF081HN/T1AD2060

Manufacturer Part Number

P5DF081HN/T1AD2060

Description

P5DF081HN/HVQFN32/REEL13//T1AD

Manufacturer

NXP Semiconductors

Series

MIFARE®r

Datasheet

1.P5DF081HNT1AD2060.pdf (36 pages)

Specifications of P5DF081HN/T1AD2060

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Current page: 12 of 36
Download datasheet (227Kb)

NXP Semiconductors

P5DF081_SDS

Objective short data sheet

PUBLIC

8.5.2.1 Increased security - CMAC calculation

8.5.2 MIFARE SAM AV1 compatibility mode SAM-Host protection

8.5.3 MIFARE SAM AV2 mode SAM-Host protection

or AES192 key. During this activation authentication, the maximal message size under

command chaining (MaxChainBlocks) is set. Once switched to MIFARE SAM AV2 mode

there is no mean to switch back.

When the MIFARE SAM AV2 mode is activated, the Key Storage Table (except the SAM

Master Key) gets reset.

In AV1 compatibility mode, SAM access and SAM-Host communication is protected by the

increased security mode exactly like for the MIFARE SAM AV1. The protection

mechanism is explained in the following subsection.

The MIFARE SAM AV2 offers the possibility to send each command on a higher security

level by applying a CMAC. If activated, the MIFARE SAM AV2 requires a logical channel

with an active host authentication to be defined for CMAC calculation to accept any

command.

The CMAC is calculated and padded according to the NIST Special Publication 800-38B,

which gives a recommendation for block cipher modes of operation.

The following commands of the MIFARE SAM AV2 do not apply the explained CMAC

mechanism:

Commands already protected by encryption apply the explained CMAC mechanism only

for the direction which is not protected:

Two kinds of host authentication can be distinguished. The first is used for locking and

unlocking the SAM.

The second kind is used to get the access rights to execute certain commands. It only

affects the SAM status for the LC it is executed over and can be used to set up a SAC

over this LC if preferred by the host. Once authenticated, three different protection modes

on the LC are foreseen: plain, MAC Protection and Full Protection (i.e. by MACs and

encryption). This host authentication is executed by using the SAM_AuthenticateHost

command.

Note that whether and when host authentications (be it for unlocking or for gaining access

rights) are required depends on the SAM configuration and is explained in

•

SAM_AuthenticateHost

SAM_GetChallenge, SAM_InternalAuthenticate and SAM_ExternalAuthenticate

SAM_ChangeKeyEntry for the command APDU

SAM_ChangeKUCEntry for the command APDU

SAM_DumpSessionKey for the response APDU

SAM_ChangeKeyMIFARE for the response APDU

All information provided in this document is subject to legal disclaimers.

Rev. 1 — 12 August 2010

191710

P5DF081

MIFARE SAM AV2

Ref.

12 of 36

P5DF081HN/T1AD2060 NXP Semiconductors, P5DF081HN/T1AD2060 Datasheet - Page 12

P5DF081HN/T1AD2060

Specifications of P5DF081HN/T1AD2060

Related parts for P5DF081HN/T1AD2060