MF4SAM3 MIFARE SAM AV3 secure access module Rev. 3.0 2 August 2019 Product short data sheet 561930 COMPANY PUBLIC 1 General description The NXP MIFARE SAM AV3 secure hardware solution is the ideal add-on for reader devices offering additional security services. Supporting DES, TDEA, AES and RSA capabilities, it offers secure storage and secure communication in a variety of infrastructures. Unlike other products in the field, MIFARE SAM AV3 has proven interoperability with all of NXP s broad card and RFID product portfolio, (MIFARE, NTAG DNA, ICODE DNA, UCODE DNA and SmartMX product families), making it the most versatile and secure SAM solution on the market today. The MIFARE SAM AV3 is built on NXPs SmartMX2 P60 secure smart card controller with CC EAL6+ certification. Its software implementation is evaluated and composite certified by the MIFARE Security Evaluation Scheme. Similar to the hardware CC evaluation, the MIFARE Scheme also evaluates against high attack potential. Hence, systems using MIFARE SAM AV3 are reassured with the state-of-the-art security measures adopted by the industry. Programmable Logic The MIFARE SAM AV3 is equipped with a new Programmable Logic functionality which allows customers to flexibly create their business logic on the SAM. This new functionality opens up many new possibilities with the creation of project-specific customization such as a new key diversification algorithm, a new secure messaging, or a new secure storage. X-mode communication When used in combination with a reader IC supporting innovative features, MIFARE SAM AV3 provides a significant boost in performance to the reader along with faster communication between reader and module. The feature is a new way to use the SAM in a system, with SAM connected to the microcontroller and the reader IC simultaneously. Secured communication The connection between the SAM and the reader is performed using security protocols based on either AES symmetric cryptography or PKI RSA asymmetric cryptography. The protocols comply with the state-of-art standards and thereby ensure data confidentiality and integrity.NXP Semiconductors MF4SAM3 MIFARE SAM AV3 secure access module 2 Features and benefits 2.1 Cryptography Supports MIFARE Crypto1, DES, TDEA (112 and 168 bits), AES (128, 192 and 256 bits), RSA (up to 2048 bits) and ECC (up to 256 bits) cryptography Supported NXPs products: MIFARE DESFire, MIFARE DESFire EV1, MIFARE DESFire EV2 MIFARE Plus, MIFARE Plus EV1 MIFARE Classic, MIFARE Classic EV1 MIFARE Ultralight EV1, MIFARE Ultralight C MIFARE DESFire Light NTAG DNA ICODE DNA UCODE DNA Secure storage and updating of keys 128 key entries for symmetric cryptography 3 RSA key entries for asymmetric cryptography 8 ECC public key entries for signature verification 4 ECC curves entries 48 EMV CA public key entries (supports 8 RID minimum) SHA-1, SHA-224 and SHA-256 hashing computation TDEA and AES-based key diversification Generic cryptography commands for user-defined schemes Supports EMVCo terminal functionality True random number generator (TRNG) compliant to AIS-31 2.2 Communication ISO/IEC 7816 (part 2 and 3) contact interface Support Class A, B and C operating condition Support ISO/IEC 7816 baud rates Support high-speed baud rates up to 1.5 Mbit/s Optional I2C slave mode host interface (only available on HVQFN package) Communication protocol compliant with ISO/IEC 7816-3 T=1 protocol Up to four logical channels simultaneous multiple card support Support for MIFARE DESFire and MIFARE Plus authentication (with related secure messaging and session key generation) Secure Host to SAM and back end to SAM communication with symmetric cryptography including 3-pass authentication for confidentiality and integrity Secure Host to SAM and back end to SAM communication with RSA-based cryptography for key updating X-mode direct interface with NXPs contactless reader ICs (RC663, RC52x, PN512) MF4SAM3 All information provided in this document is subject to legal disclaimers. NXP B.V. 2019. All rights reserved. Product short data sheet Rev. 3.0 2 August 2019 COMPANY PUBLIC 561930 2 / 31