Discover how you can realize a smooth system migration of your contactless smart card system to a higher security level, including the benefits of using MIFARE Plus products.
NXP MIFARE Webinar: Introduce The Future In Your Today's System- How To Ensure Smooth System Upgrades
1. EXTERNAL USE
CHRISTOPH ZWAHLEN
JUNE 29TH, 2016
PRESENT IMPROVED - FUTURE
INSIDE
INTRODUCE THE FUTURE IN
YOUR TODAY'S SYSTEM –
ENSURING SMOOTH SYSTEM
UPGRADES
2. System maintenance
Main cost driver and limiting innovation
• System maintenance is a main matter of
expense in today´s IT budget
• 65% and more of IT budgets of organizations are
allocated to system maintenance
• Limited capacity to address new user
requirements
• Limited innovation improving user
convenience
June 29, 20162.
3. Agenda
1. Drivers for system migration
2. Complexity of migration projects
3. Practical implementation
• MIFARE Plus EV1
Christoph Zwahlen
Marketing Manager
Access Management
4. • Compliance with standards and regulations
• Ensure long-term availability and maintainability
• Operational efficiency and excellence
• Introduction of new features and functions
• User requirements
Drivers for migration
Adopting to changed requirements
June 29, 20164.
5. Methods of migration
Managing changes in a running system
June 29, 20165.
• Hard migration
• Change system in one step incl. discontinuation of legacy
system
• High risks on service availability and project coordination
• Soft migration
• Phase in of new system incl. availability of legacy system
• Slow adoption of new system and higher maintenance
costs
• Migration projects are complex and bind
lots of resources
6. Legacy systems limit innovation
Legacy technology is still widely used in access management
June 29, 20166.
• Contactless smart cards are used in various
applications and tools
• Involvement of different entities with different
requirements
• Effort to migrate contactless smart card
systems is huge
• Infrastructure has to be updated
• Existing card population has to be updated
• Legacy technology limiting innovation
• New use cases only difficult to achieve
7. Migration of contactless smart cards
Common migration routes
• Hybrid card supporting legacy and
future technology
• Lower contactless performance
• Higher costs in production and
personalization
• Disabling of legacy technology not
possible on the card
• Silicon supporting multiple
communication protocols
• Backwards compatibility
• Higher product complexity
• Higher costs due to complexity
June 29, 20167.
8. Requirements for ideal solution
Organizations needs for efficient migration projects
June 29, 20168.
• Compatibility with existing infrastructure
• Comparable user experience
• Upgradeability per application
• Cost efficient solution
• Compliance with new regulations
• Extendable solution
• Compliance with mobile ecosystem
9. MIFARE Plus® generation benefits
MIFARE Plus® EV1
June 29, 2016
MIFARE
Plus S
MIFARE
Plus SE
MIFARE
Plus X
MIFARE
Plus EV1
RF Interface
P rotocol
UID –
unique
identifier
Communication
speed
M emory size
[Byte]
2KB 1KB 2KB 2KB
4KB 4KB 4KB
M emory M odel
Crypto
Key Length
Authentication
Communication,
S ecurity
T ransaction
M AC
yes
P roximity Check yes
V irtual Card
S elect
CC Certification EAL4+ no EAL4+ EAL5+
IS O 7816-4
AP DU
yes
NFC compliance
T arget
applications
Input
capacitance
17pF 17pF 17pF 17pF or 70pF
S ecure NFC
channel
in SL1& SL3
M ulti
applications
yes
NFC capabilities in SL3
Public transport / Campus cards / Access management
Compact, Sectors & 16- byte block
Crypto- 1, AES
48- bit crypto- 1, 128- bit AES
3- pass mutual
CMACed
MIFARE Plus
ISO/IEC 14443- 2, type A
ISO/IEC 14443- 3&4
7- byte UID, 4- byte NUID, RID
106- 848 Kbps
in SL3 level
Supported via MAD
no
no
no
1994
MIFARE
Classic
2009
MIFARE Plus
06/2015
MIFARE Plus SE
04/2016
MIFARE Plus EV1
10. MIFARE Plus EV1
Introducing the future in your today´s system!
June 29, 201610.
Application wise
security upgrade
Improve security of
critical transactions
Enriched use cases with
mobile integration
11. Features & Benefits
June 29, 201611.
Sector-wise
security level
switching
Optional AES
secure channel
in SL1
Extending the application scope for existing customers
Switching only necessary infrastructure to AES
security
keep and operate non-security relevant Crypto1
infrastructure
Switching system integrators as soon as
implementation is finished
Enabling security update for critical applications
Introduce secure services into legacy systems
Fast enhancement of security critical use cases
12. MIFARE Plus EV1
Simplified Security Concept
June 29, 201612.
SL1 = MIFARE Plus® in Crypto1
mode +
existing MIFARE Classic® cards
SL3 =
MIFARE Plus®
with AES security
SL0 = Virgin
MIFARE Plus®
• Functional backwards
compatible with MIFARE
Classic
• AES for authentication,
integrity
• Multi sector authentication
• Optional Random ID
• Anti-tearing for keys &
sector trailers
Key features per level
• Program AES level
switching keys
(mandatory)
• Program Crypto 1 and
AES keys per sector
(recommended)
Security Level 2
• Mandatory AES
authentication
• Still using Crypto1 on
memory blocks
Optional applications
specific AES
authentication
available
13. Nutshell Security Concept for Physical Access Control
Sector-wise Security Level Switching
Different security layers possible
Reduce system upgrade effort
and complexity
Reduce system upgrade cost
AES
AES
14. Optional security in legacy mode for critical use cases
Optional AES secure channel in SL1
June 29, 201614.
All applications use the
same protocol
Seamless integration into
existing infrastructure
Fast update of security in
critical infrastructure
Reduce system upgrade
cost
15. • Verify backwards compatibility of MIFARE Plus EV1 in
legacy mode
• Integration of enhanced protocols
• To card management workflows
• To infrastructure components
• Protect existing and new systems with latest contactless
smart card technology
• Cost effective solution for both infrastructure and credential
technology
Enabling migration path
Introduce the future in your existing solutions
June 29, 201615.
16. Thank you
Visit us at http://MIFARE.net
Follow us:
https://twitter.com/nxp_mifare https://at.linkedin.com/in/nxpmifarewww.youtube.com/user/nxpsemiconductorshttp://blog.nxp.com/ https://www.facebook.com/nxpsemi
18. Webinar Series
Outlook
Date Title
May 24th 2016 MIFARE Innovation Roadmap – present improved, future inside
June 1st 2016 How to protect contactless systems today and tomorrow
June 8th 2016 Enhanced user experience through active application management
June 15th 2016 Streamlined user management for multi-vendor installations
June 22nd 2016 Secure closed loop payments in an open environment
June 29th 2016 Introduce the future in your today’s system – how to ensure smooth system upgrades
July 6th 2016 Added value to card based environments through NFC and cloud – when IoT
becomes reality
July 13th 2016 Complement use cases with mobiles and wearables