EXTERNAL USE

CHRISTOPH ZWAHLEN

JUNE 15TH, 2016

PRESENT IMPROVED - FUTURE

INSIDE

STREAMLINED USER

MANAGEMENT FOR MULTI-

VENDOR INSTALLATIONS

• Multi-vendor systems are common in IT

environments in users daily life

• Each user has multiple log-in credentials for

individual service reducing the user

convenience and the accessibility of services

• Significant increase of system maintenance

effort to manage user credentials across

multiple services

• Identity Access Management (IAM) offering

harmonized log-in solutions

Log-in CredentialsMulti-vendor solutions in IT systems

June 15, 20162.

Agenda

1. Drivers for multi-vendor systems

2. Card Identity Management – optimized for multi-

vendor systems

3. Practical implementation

• MIFARE DESFire EV2

Christoph ZwahlenMarketing Manager

Access Management

• Flexibility of contactless smart cards have

extended the usage into more applications• Optimized business processes for improved efficiency

• Increased comfort and availability through automation of

services

• Controllability and traceability and reduced cost of service

ownership

• New use cases introduce new solution specific

data structures on contactless smart card• New application specific data structures introducing new

identification data structure

• Increased efforts in centralized credential management

Multi-application contactless smart cardsFlexible solutions maximizing organizational benefits

June 15, 20164.

• Organizations are looking for best solutions fitting

the requirements of new use cases• Organizational benefits driving solutions selection

• Cost of system ownership

• Multi-application solutions enable simplified

operation of multi-vendor systems• Extension of application coverage e.g. offline locks replacing

mechanical keys

• Integration of new use cases, e.g. follow-me printing

• Manageability of growing systems for sustainable

solutions• Maintainability of system and individual applications

• High availability, controllability and traceability of applications

Multi-vendor systemsStandard ecosystem in growing technology adoption

June 15, 20165.

Use Cases: Multi-national companyCentralized credential management without limiting local autonomy

June 15, 20166.

• Centralized management of access rights

ensuring availability controllability and

traceability• E.g. Centralized blocking of credentials

• Global credential compatible with local

requirements• Local regulations

• Site specific security demands

• Support of individual local solutions

• Flexible system extendibility and maintainability• Enable site specific extension of use cases

Multi-vendor vendor systems

June 15, 20167.

Contactless Smart Card

• High acceptance in

various applications

• User convenience

• Fast roll-out of new

applications

Secure Multi-application

• Adaptable to organiza-

tional changes

• Simple and secure

integration into one

card

Manageable solutions

• Central user and right

management

• Cross application

traceability and

controllability

Shared platform Adaptable solutions Maintainability

• Secure multi-application ensure

protection of individual applications • Only dedicated devices are enabled to access

specific application data

• Usage of harmonized card ID not

natively supported

• Common solutions• Switching of applications resulting in

increased transaction times

• Harmonized application data structure limiting

benefits of individual applications

• Duplication of user id in each application

increasing system maintenance efforts

Challenges of multi-vendor systems

June 15, 20168.

Root directoryPICC Level

User ID1Standard file

Application 1Application ID

User ID2Standard file

Application 2Application ID

• Workflow enabling harmonized user management

throughout multiple applications and services on

card• Compliance with organizational security and privacy

requirements

• Ensuring centralized controllability and traceability

• Single secure user identification accessible from

different applications• Simplified multi-vendor solutions

• Resource efficient and convenient workflows

• Ensuring efficient long-term maintenance of multi-

application systems

Card Identity ManagementCross application user management

June 15, 20169.

MIFARE DESFire® generation benefitsMIFARE DESFire® EV2

June 15, 201610.

2002MIFARE DESFire

2008MIFARE DESFire EV1

2015

MIFARE DESFire EV1 256B

2016MIFARE DESFire EV2

MIFARE

DESFire EV1

MIFARE

DESFire EV2

ISO/IEC 14443 A 1-4

ISO/IEC 7816-4 support extended extended

EEPROM data memory 2/4/8KB 2/4/8KB

Flexible file structure

NFC Forum Tag Type 4

Secure, high-speed cmd

Unique ID 7BUID or 4B RID 7BUID or 4B RID

Number of applications 28 unlimited

Number of files per app 32 32

High data rates support up to 848 Kbit/s up to 848 Kbit/s

Crypto algorithms supportDES/2K3DES/

3K3DES/AES

DES/2K3DES/

3K3DES/AES

CC certification (HW + SW) EAL 4+ EAL 5+

MIsmartApp feature -

Transaction MAC per app -

Multiple keysets per app - Up to 16 keysets

Multiple file access rights - Up to 8 keys

Inter-app files sharing -

Virtual Card Architecture -

Proximity Check -

Delivery typesWafer, MOA4 &

MOA8

Wafer, MOA4 &

MOB6

• Improving maintainability and flexibility of multi-

vendor installations

• Enabling centralized credential management for

efficient local credential use cases• Centralized controllability and traceability

• Simplified cross-site usage

• Optimized overall system maintenance

• Support of individual use cases for maximal

solution benefits• Flexible introduction of new local applications

• Maximize benefits through usage of vendor specific data

structure

Inter-app files sharing Enhanced card identity management capabilities in MIFARE DESFire EV2

June 15, 201611.

Inter-app files sharing – example employee card

Employee Card(MIFARE DESFire EV2)

Upgrade

Employee Card(MIFARE DESFire EV1)

Site A Site B Global ID Site BSite A

New application in Site A is

available to all employees

• Verify backwards compatibility of MIFARE DESFire EV2

in existing applications

• Integration of Inter-app file sharing• To card management workflows

• To infrastructure components

• Integration of interfaces to centralized card identity

management solutions• E.g. blocking of credentials in system, log-file reporting

• Roll-out of flexible solution for multi-vendor environment

Inter-app files sharing – Integration Enabling smart solutions

June 15, 201613.

Thank you

Visit us at http://MIFARE.net

Follow us:

https://twitter.com/nxp_mifare https://at.linkedin.com/in/nxpmifarewww.youtube.com/user/nxpsemiconductorshttp://blog.nxp.com/ https://www.facebook.com/nxpsemi

Q&A

Webinar SeriesOutlookDate Title

May 24th 2016 MIFARE Innovation Roadmap – present improved, future inside

June 1st 2016 How to protect contactless systems today and tomorrow

June 8th 2016 Enhanced user experience through active application management

June 15th 2016 Streamlined user management for multi-vendor installations

June 22nd 2016 Secure closed loop payments in an open environment

June 29th 2016 Introduce the future in your today’s system – how to ensure smooth system upgrades

July 6th 2016 Added value to card based environments through NFC and cloud – when IoT

becomes reality

July 13th 2016 Complement use cases with mobiles and wearables