What is MIFARE DESFire?
MIFARE DESFire is a secure, open standard access control technology developed by NXP. MIFARE DESFire is considered one of the most secure access control technologies.
It supports the most secure encryption methods (AES, TDES) and protects your cards and tags from hacking and cloning.
DESFire is part of a broadly-accepted open standard; the MIFARE standard ensures your freedom to source DESFire devices from any supporting manufacturer you choose.
Finally, as a 13,56 Mhz RFID technology, DESFire’s powerful data capacity provides a lot of possibilities to use it in advanced identification systems and multi-applications.
MIFARE DESFire benefits
Protect your data
Security
MIFARE DESFire uses secure encryption algorithms, such as 3DES and AES 128-bit. Mutual authentication between cards and readers ensures that only those devices specifically programmed to work together can communicate.
Unlike earlier UID technologies which operate by reading a card’s unique serial number, MIFARE DESFire is designed for applications requiring enhanced security, including military facilities, power plants, and critical infrastructure. The content of a DESFire card cannot be copied and used for unauthorized access because only a reader programmed with the correct credentials can read it.
Future-proof your system
Scalability
Open standard MIFARE® DESFire technology means multi-sourcing; you can purchase compatible devices from different suppliers.
MIFARE DESFire’s generous memory capacity supports robust security features and multi-applications. One DESFire card can hold different applications, e.g. access and payment. Each application is protected with their own security keys.
High data transfer capacity and reliability makes MIFARE DESFire a good choice for high volume sites. MIFARE DESFire devices are future-proof, convenient to re-configure, update and re-program.
How does MIFARE DESFire work?
DESFire uses mutual authentication to ensure that only authorized readers can access card credentials. This process not only secures entry but also protects cards from hacking or cloning by requiring both the reader and card to verify they share an identical digital security key before permitting access.
Mutual authentication is a lot like it sounds. When a repair person arrives at your home, you both ask questions that identify each other. You are ‘mutually authenticating’.
DESFire does the same thing. The door’s reader and your card begin a series of questions and answers.
Their crucial step is confirming they both possess an identical digital key: a security key.
MIFARE DESFire security keys
DESFire security is based on an advanced mutual authentication protocol that both readers and transponders follow. This protocol verifies that both entities possess an identical digital string, commonly referred to as a security key. Only after this verification does the transponder disclose its contents to the reader.
The introduction of diversified security keys further enhances this security framework. While traditional DESFire systems utilized a single security key for all readers and transponders at a site, diversified keys assign each transponder a unique security key.
With 128-bit AES encryption, DESFire provides robust protection against hacking and cloning, remaining resilient even against modern computing threats. The use of diversified security keys adds yet another layer of defense for transactions conducted over the air interface between readers and transponders.
Who controls your security keys?
MIFARE DESFire, just as any other secure access control technology, is based on programming mutual security keys for cards and tags. Security keys help readers and cards recognize each other, but if a supplier controls these keys, you might not be able to use new devices in the future.
With Idesco, you or your partners keep control of your security keys. You can update or change the keys using our DESCoder tool, or ask us to manage them for you. We make sure you own your keys, store them safely following ISO27001 standards, and only share them with others if you say so.
Idesco security key management service
When Idesco manages your reader and card coding, delivering them on-site, on-time, you save time and resources, and are free to focus entirely on your customers and your project’s success. Our goal is to maximize your cost-effectiveness.
MIFARE DESFire security keys belong to owners whose sites are secured by them. Idesco merely codes with and manages them, storing them according to ISO27001 certified information security practices. You keep control of your overall security.
Taking control of your overall security includes your right to choose your preferred device supplier. Choosing MIFARE DESFire technology is the first step. Taking ownership of your security keys is the next. Idesco supports you in both.
We have ISO 27001 certificate
We earned the ISO 27001 certification, demonstrating our strong and ongoing commitment to information security management.
MIFARE DESFire compatible access control readers
Increase MIFARE DESFire security with OSDP
MIFARE DESFire protects card data effectively with its powerful encryptions and mutual authentication process between readers and cards, programmed with mutual security keys.
However, be aware that if your reader uses Wiegand cable, the data must be sent unencrypted to your system, which makes it vulnerable to phishing attacks. You can protect against such attacks by replacing your Wiegand with RS-485 cable, then implementing OSDP over it.
Which MIFARE DESFire reader is the best fit to your system?
Are you planning a system update with future-proofed and secure MIFARE DESFire readers? Book a meeting with one of Idesco’s experts to talk about your security. What kind of a reader best suits your system? OSDPv2 compatible, mobile-ready, outdoor compliant? Let’s find out together!
Contact Us
