Secure Smart Cards

MIFARE DESFire EV3 Cards

Name: MIFARE DESFire EV3 Cards — AES-128 Transit & Access
Brand: Proud Tek
SKU: PT-MIFARE-DESFIRE-EV3-CARD
Availability: InStock

AES-128 Transit & Access

MIFARE DESFire EV3 contactless smart card in CR80 PVC format for transit, campus access and government ID deployments

Quick answer

MIFARE DESFire EV3 is NXP's AES-128 contactless smart card platform (ISO/IEC 14443 Type A + ISO/IEC 7816-4 APDU file system) certified to Common Criteria EAL5+, used for transit fare collection, multi-application campus and enterprise access, and Government ID credentials where anti-cloning, mutual authentication and Secure Dynamic Messaging (SDM) are mandatory.

AES-128 mutual authentication with Secure Dynamic Messaging (SDM) — every tap produces a unique, server-verifiable cryptogram, which makes replay and card cloning computationally infeasible.
ISO/IEC 7816-4 APDU file system: partition a single card into up to 28 independent applications and 32 files per application with per-file access conditions for access, transit, cashless and printing.
Common Criteria EAL5+ (augmented AVA_VAN.5 / ALC_DVS.2) — satisfies government, banking and transit procurement audits that disqualify lower-assurance chip families.

Request samples

10+ Years ISO 9001 500+ Clients 50+ Countries

At a glance

Use these short answers to decide whether this page matches the project before moving into the detail.

Air-interface + APDU envelope

ISO/IEC 14443-1/-2/-3/-4 Type A at 13.56 MHz with T=CL block transfer and 106-848 kbit/s bit-rate envelope. ISO/IEC 7816-4 APDU command set — DESFire file-system command...

AES-128 mutual authentication (NIST FIPS 197)

AES-128 reader-card mutual authentication per NIST FIPS 197 with session-fresh IVs; no clear-text UID exchange after authentication. Per-application keys — a loyalty or...

Next step

Ready to move forward? Start your inquiry to get specific answers for this project.

Request DESFire EV3 samples & quote

File-system architecture (28 apps × 32 files): Up to 28 independent applications, each with up to 32 files (Standard Data, Backup Data, Value, Linear Record, Cyclic Record).
Per-file access conditions (Read / Write / ReadWrite / ChangeAccessRights) — canonical separation between transit, cashless, access, printing.
Memory options 2 KB / 4 KB / 8 KB EEPROM per AN12343 application note.
Secure Dynamic Messaging (SDM + CMAC): Every tap generates a unique server-verifiable URL — identical SUN mechanism to NTAG 424 DNA.
CMAC integrity per NIST SP 800-38B; encryption of picc-data + read-counter prevents replay.
Tap-to-verify on any NFC-enabled iPhone (iPhone 7+) or Android device — no app install required.
Transaction MAC + offline value-store: Transaction MAC returns a cryptographic receipt on every stored-value mutation — offline readers reconcile without a server round-trip.
Prevents the offline revenue leakage pattern that broke Classic-era fare systems (OV-chipkaart 2008, Oyster 2009 academic retrospectives).
Supports back-office settlement reconciliation in transit agencies operating fare gates across multiple network generations.
Key diversification (NXP AN10922): NXP AN10922 defines the canonical AES-128 diversification scheme used across DESFire issuance programmes — master key is never present on any issued card.
Per-card diversified keys derived from UID + application identifier; compromising one card does not compromise a fleet.
Issuance bureaux typically run the diversification under an HSM or SAM (secure application module) at pre-encoding.
Common Criteria EAL5+ (AVA_VAN.5 / ALC_DVS.2): Common Criteria EAL5+ certificate with augmented AVA_VAN.5 (high attack-potential vulnerability analysis) and ALC_DVS.2 (developer security).
Above the EAL4+ bar typical for EMV contactless; within the range accepted for US/EU government employee credentials.
Certificate indexed on the Common Criteria Portal under NXP Semiconductors product listings.
Transit fare collection deployment: EN 1545 transit interoperability + Calypso CD97 regional variants + APTA TCRP Report 115 US-side guidance.
Fare-gate tap budget 150-180 ms at 300+ pax/min peak throughput; transaction MAC eliminates offline revenue leakage.
DESFire EV3 is the 2026 default for transit agencies upgrading from Classic / EM4100 legacy stored-value cards.
Enterprise + campus access control: Native reader-firmware support across HID iCLASS SE, ASSA ABLOY Aperio, SALTO XS4 and LEGIC ecosystems.
Replaces MIFARE Classic + 125 kHz HID Prox + EM4100 cleartext credentials with AES-128 in a single procurement cycle.
Multi-application layout consolidates access + canteen + printing + library + exam authentication on one credential.
Government + defense ID adjacency: EAL5+ satisfies Common Criteria procurement lines for agency employee credentials and controlled-facility access.
Complements FIPS 201-3 PIV programmes where DESFire EV3 carries the physical access credential alongside the PIV contact chip.
Used by defense supply-chain contractors for controlled-substance, toolroom and classified-area access credentials.
Hospitality keycard compatibility: Compatible with Saflok, VingCard, SALTO and Onity hotel lock ecosystems per their respective DESFire-capable firmware branches.
Combi cards co-laminate DESFire EV3 inlay with HiCo 2750 Oe or LoCo 300 Oe magnetic stripe per ISO/IEC 7811-2.
Hospitality is the most common phased-migration path: magstripe + DESFire combi card covers legacy and newer locks simultaneously.
Regulatory + issuance-bureau posture: ISO/IEC 7810 ID-1 CR80 (85.60 × 53.98 × 0.76 mm) physical card dimensions; ISO/IEC 27001 controlled pre-encoding.
RoHS 3 + REACH Annex XVII compliant PVC substrates; chip-body lamination under ISO/IEC 10373 durability test regime.
Batch chip certificates + ISO/IEC 14443 conformance test reports + UID lists ship with every production lot.

What is MIFARE DESFire EV3, and who deploys it?

MIFARE DESFire EV3 is the third generation of NXP's DESFire family — a 13.56 MHz ISO/IEC 14443-4 contactless smart card^[2] with an AES-128 / 3DES file system^[4] and Common Criteria EAL5+ certification^[6]. It is the 2026 default chip for transit agencies, enterprise multi-application badges, university campus cards and EU/US government employee credentials.

AES-128Mutual authentication (NIST FIPS 197)
2 / 4 / 8 KBEEPROM options per card
28 × 32Applications × files per card
EAL5+Common Criteria assurance level

DESFire EV3 keeps EV2's AES-128 mutual authentication, file-system architecture (up to 28 applications × 32 files) and ISO/IEC 7816-4 APDU command set, and adds Secure Dynamic Messaging (SDM) — the same SUN-style URL signing mechanism that made NTAG 424 DNA popular for brand authentication. That lets the same card act as a secure access credential on a reader and as a tap-to-verify NFC authenticator on a consumer smartphone, without changing firmware on either side.

Most enterprise buyers choose DESFire EV3 over Classic or Plus SE because the security conversation is finished on day one: AES-128 with diversified keys per NXP AN10922, EAL5+ lab evaluation and transaction MAC for offline receipt verification are in the chip, not bolted on in middleware. The remaining decisions — memory (2/4/8 KB), file layout, key diversification scheme, printer and lamination — are workflow choices the issuing office already owns.

DESFire EV3 vs EV2 vs Plus SE vs Classic — decision matrix

Use this matrix to position DESFire EV3 against the MIFARE family alternatives a procurement specification is most likely to be measured against.

Chip	Cryptography	Memory	Architecture	Best fit
MIFARE Classic 1K / 4K	CRYPTO-1 (publicly broken since 2008)	1 KB / 4 KB, 16 / 40 sectors	Sector-based, symmetric keys	Low-value legacy deployments only
MIFARE Plus SE (SL1 → SL3)	AES-128 (SL3); CRYPTO-1 emulation in SL1	1 KB, 16 sectors	Sector-based; Classic-compatible	Phased upgrade on existing Classic readers
MIFARE DESFire EV2	AES-128, 3DES	2 / 4 / 8 KB EEPROM	File system (ISO/IEC 7816-4 APDU)	Existing DESFire estates; EV3 is backward-compatible
MIFARE DESFire EV3 (recommended)	AES-128, 3DES, SDM, transaction MAC	2 / 4 / 8 KB EEPROM	File system + SUN-style SDM	New transit, campus, enterprise and government deployments
NTAG 424 DNA	AES-128 SUN/CMAC	416 B fixed	Single-file NDEF + SUN	Brand authentication, DPP, tap-to-verify only

Why teams upgrade from Classic / 125 kHz Prox to DESFire EV3

The typical buyer is replacing a cryptographically broken Classic (or cleartext EM4100 / HID Prox) credential stack. The difference before and after the upgrade is concrete.

Classic 1K / 125 kHz Prox today

CRYPTO-1 cipher broken since 2008 — card cloned with a Proxmark or Flipper Zero in under a minute.
Separate cards for door access, canteen, printing, parking — badge clutter, duplicated issuance cost.
No transaction receipt — offline value-store reconciliation relies on reader log aggregation only.
Procurement audits flag the credential as out-of-policy for PCI / SOX / government review cycles.

DESFire EV3 after migration

AES-128 mutual authentication — cloning requires recovering diversified per-card keys; no public attack path.
Single card, up to 28 firewalled applications — access + canteen + printing + transit on one credential.
Transaction MAC gives each tap a cryptographic receipt — offline readers reconcile without a round-trip.
EAL5+ certification satisfies PCI DSS, HIPAA, SOC 2 and US federal procurement review in a single spec line.

Throughput and security economics — DESFire EV3 vs broken Classic

The concrete economic case for DESFire EV3 on transit and enterprise programmes is the combination of EAL5+ attack-resistance and the fare-gate / turnstile throughput it unlocks.

150–180 ms DESFire EV3 fare-gate tap-to-open at 300+ pax/min peak turnstile throughput vs. $30 Flipper Zero cloning of MIFARE Classic in under 60 seconds

Transit agencies measure DESFire EV3 fare-gate transactions at 150–180 ms (AES-128 mutual auth + transaction MAC + gate actuation) against a 300+ passengers-per-minute turnstile design envelope per APTA TCRP Report 115 and EN 1545 transit-interoperability guidance. The same EAL5+ chip that carries a transit credential is certified against AVA_VAN.5 high-potential attacks — MIFARE Classic CRYPTO-1 was publicly broken by Garcia et al. (CRYPTO 2008) and is routinely cloned today with a $30 Flipper Zero in under 60 seconds, which is why every EU/US government and enterprise procurement cycle now excludes Classic for any new credential.

Source: APTA TCRP Report 115 (2018); EN 1545 transit interoperability; Garcia et al. CRYPTO 2008; NXP DESFire EV3 security target (Common Criteria Portal)

How a DESFire EV3 rollout actually runs

Typical DESFire EV3 deployment timeline from sample request to first production issuance, for a 10k–50k-card enterprise or transit project.

Week 1–2 · Sample + reader validation
Blank DESFire EV3 samples ship from stock; integrator validates ATS/ATQA on the deployed reader firmware and confirms any reader-side firmware upgrade path.
Week 3–4 · Application layout design
File structure, application keys and access conditions are defined; NXP AN10922 key diversification scheme is agreed between Proud Tek and the issuer's PKI custodian.
Week 4–6 · Artwork + personalisation proof
Card artwork (offset + spot UV + hologram) plus personalisation proof (photo ID, employee number, barcode) are approved. Pre-encoding template is locked.
Week 6–10 · Pre-encoded production
Cards are laminated, personalised and pre-encoded under ISO/IEC 27001 controlled process; batch UID list + QC reports ship with the lot.
Week 10–12 · Phased issuance and integrator handoff
Issuance starts on a pilot building or transit line; DESFire EV3 coexists with legacy credentials until cut-over; reader firmware estate is upgraded in parallel. Operating notes from transit-fare-collection, campus-multi-application-credential, enterprise-access-control, government-employee-ID and hospitality-keycard DESFire-EV3 programmes.

Six features that make DESFire EV3 procurement-ready

What a security and procurement panel typically looks for on the RFP response — each mapped to a concrete DESFire EV3 feature.

AES-128 mutual auth

Reader and card both prove key knowledge on every session; no clear-text UID exchange after authentication.

28-app file system

Independent applications are firewalled by separate AES keys, so a loyalty vendor can never read the access app.

Transaction MAC

Every stored-value transaction returns a signed receipt — offline reconciliation without a server round-trip.

SUN / SDM messaging

Each NFC tap generates a unique, server-verifiable URL — the same mechanism that powers NTAG 424 DNA.

EAL5+ certification

Common Criteria evaluation (augmented AVA_VAN.5 / ALC_DVS.2) accepted by government, banking and transit audits.

EV2 backward compatibility

EV3 runs on EV2 reader firmware — no forced reader replacement, so migration cost is card-side only.

Industries and applications for DESFire EV3

Where DESFire EV3 is the default credential today. Each bullet links to the industry page that unpacks the deployment pattern and the SKU fitment.

Hotel front desk issuing MIFARE DESFire EV3 key cards to arriving guests — a typical hospitality deployment

Public transit: stored-value, season pass and transfer logic on the card; transaction MAC eliminates offline revenue leakage that broke Classic-era fare systems.
Hospitality: DESFire EV3 hotel key cards compatible with Saflok, VingCard, SALTO and Onity locks.
Enterprise access control: replaces MIFARE Classic and 125 kHz Prox with AES-128 credentials compatible with HID iCLASS SE, ASSA ABLOY Aperio and SALTO reader ecosystems.
Education: consolidated student credential carrying building access, library, meal plan, printing credits and exam authentication as firewalled applications.
Government & defense: EAL5+ evaluation satisfies Common Criteria procurement lines for agency badges and controlled-facility credentials.
Healthcare: staff ID carrying access, time-attendance and controlled-substance dispensing authorisation in separately keyed applications.

Standards, certifications and compliance references

The standards a DESFire EV3 specification is typically expected to cite on an RFP response.

ISO/IEC 14443-1 / -2 / -3 / -4 — 13.56 MHz Type A air interface and T=CL block transfer.
ISO/IEC 7816-4 — APDU command set; DESFire file-system commands map onto this standard.
ISO/IEC 7810 ID-1 (CR80, 85.60 × 53.98 × 0.76 mm) — physical card dimensions.
NIST FIPS 197 — AES specification; DESFire EV3 implements AES-128 in hardware.
Common Criteria EAL5+ (augmented AVA_VAN.5 / ALC_DVS.2) — NXP's published certification for DESFire EV3.
NXP Application Note AN10922 — the AES-128 key diversification scheme used across DESFire issuance programmes.
NFC Forum Type 4 Tag Platform — DESFire EV3 operates as an NFC Forum Type 4 tag for NDEF messaging.
NIST SP 800-38B — CMAC integrity mode used by Secure Dynamic Messaging (SDM).

Common pitfalls to avoid on a DESFire EV3 programme

Mistakes that get caught on the first procurement audit or the first reader pilot.

Specifying DESFire EV3 without locking the key diversification scheme per NXP AN10922 — every card ends up issuable with the master key.
Running DESFire EV3 in MIFARE Classic emulation mode to 'save reader upgrade cost' — emulation drops back to CRYPTO-1 and loses the AES-128 benefit.
Using a single application key for access + canteen + printing — defeats the firewalled multi-application architecture.
Skipping EAL5+ reference on the RFP — procurement audits flag unreferenced assurance levels as a compliance gap.
Pre-encoding on a desktop card printer instead of in-factory — throughput caps at 4–8 cards/min, which breaks any issuance over a few thousand cards.

Useful next pages

Use these linked product, guide and comparison pages to keep the next click specific and practical.

Related MIFARE card SKUs

Other NXP chip families Proud Tek stocks for the same card body format.

MIFARE Plus SE cards MIFARE Classic 1K cards NTAG 424 DNA TT cards MIFARE Ultralight C cards

Hotel lock and enterprise reader compatibility

Integration and encoding references for hotel-lock and enterprise access deployments.

Saflok compatibility VingCard compatibility SALTO compatibility Onity compatibility Hotel key card encoding

Compare and decide

Side-by-side comparisons that come up during the DESFire specification review.

MIFARE Plus EV2 vs DESFire EV3 Classic vs Plus vs DESFire for hotel locks DESFire EV1 vs EV2 vs EV3 generations

FAQ

Is MIFARE DESFire EV3 backward compatible with our existing DESFire EV2 readers?

Yes. DESFire EV3 keeps the full EV2 command set and AES-128 mutual authentication, so EV3 cards enrol on EV2 reader firmware without change. EV3-only features (Secure Dynamic Messaging, improved transaction timing, delegated application management) require a reader firmware update, but basic access and transit workflows continue to work on day one. We recommend pilot-testing a small EV3 batch on the existing reader estate before committing a full production run.

Can DESFire EV3 cards work with our legacy MIFARE Classic readers?

Only by running EV3 in MIFARE Classic emulation mode, which drops the card back to the CRYPTO-1 cipher and loses the AES-128 benefit — effectively a Classic card with DESFire packaging. For any new deployment we recommend upgrading the reader firmware (or, for older readers, the reader hardware) to native DESFire support before issuing cards. HID iCLASS SE, ASSA ABLOY Aperio and SALTO readers have supported native DESFire for years.

What memory size should we specify — 2 KB, 4 KB or 8 KB?

Choose 2 KB for single-purpose access-only credentials, 4 KB for two applications (access plus canteen or printing), and 8 KB for multi-application campus or government cards carrying access, meal plan, library, printing and exam authentication. The per-card chip cost difference is modest compared to the card body, printing and personalisation cost, so it is usually cheaper to specify one size larger than the current roadmap needs than to re-tool halfway through a multi-year rollout.

Do DESFire EV3 cards support NFC tap-to-verify from a smartphone without an app?

Yes. DESFire EV3 implements NFC Forum Type 4 Tag NDEF messaging plus Secure Dynamic Messaging (SDM), so every tap can generate a unique, server-verifiable URL. Any NFC-enabled iPhone (iPhone 7 and later) or modern Android device reads the URL directly in the browser — no app install. This is the same SUN-style mechanism NTAG 424 DNA uses for brand authentication, on a chip that also carries the full enterprise access credential.

What Common Criteria assurance level does DESFire EV3 hold?

NXP's DESFire EV3 chip is certified to Common Criteria EAL5+ (augmented with AVA_VAN.5 and ALC_DVS.2) per its published security target on the Common Criteria Portal. That places it above the EAL4+ level typically required for payment EMV contactless and within the range accepted for government employee credentials. The certification applies to the chip itself; the overall card product inherits the assurance provided card-body lamination, inlay bonding and pre-encoding remain under an ISO/IEC 27001 controlled process.

What is the MOQ and lead time for custom-printed DESFire EV3 cards?

Blank white DESFire EV3 cards: 100-piece minimum, ships from stock in 2–3 business days. Custom 4-colour offset printed cards with overlay lamination: 500-piece minimum, typical lead time 12–18 business days from artwork approval. Cards with pre-encoded AES-diversified application structures add 3–5 business days for encoding and QC. Every production lot ships with chip batch certificates, ISO/IEC 14443 conformance test reports and UID lists for integrator pre-loading.

Can DESFire EV3 carry both an RFID credential and a magnetic stripe?

Yes. Combi cards laminate the DESFire EV3 inlay into the PVC body and apply a HiCo 2750 Oe or LoCo 300 Oe magnetic stripe per ISO/IEC 7811-2 to the back. The two subsystems operate independently — the RFID antenna sits around the card perimeter, the magstripe lies on the rear face — so there is no electromagnetic interference. This is the standard form factor for hotel-room keys in properties still running magstripe-only doors alongside newer DESFire-capable locks.

Sources & references

Primary standards, OEM datasheets and regulatory documents cited by this article. All URLs were verified on the access date shown below.

NXP MIFARE DESFire EV3 product pageNXP Semiconductors · Jun 1, 2020 · accessed Apr 24, 2026
Official product brief covering AES-128, SDM, file-system layout and EAL5+ claim.
ISO/IEC 14443-3:2018 — Proximity card air interface, Type A initialisation and anticollisionISO · Apr 1, 2018 · accessed Apr 24, 2026
Type A air-interface standard under which DESFire EV3 operates.
ISO/IEC 7816-4:2020 — Organisation, security and commands for interchangeISO · May 1, 2020 · accessed Apr 24, 2026
APDU command set on which DESFire file-system commands are built.
NIST FIPS 197 — Advanced Encryption Standard (AES)NIST · Nov 26, 2001 · accessed Apr 24, 2026
AES-128 specification implemented in the DESFire EV3 secure element.
NIST SP 800-38B — Recommendation for Block Cipher Modes of Operation: the CMAC ModeNIST · May 1, 2005 · accessed Apr 24, 2026
CMAC integrity mode used by DESFire EV3 Secure Dynamic Messaging (SDM).
Common Criteria Portal — certified products catalogueCommon Criteria · Jan 1, 2024 · accessed Apr 24, 2026
EAL5+ certifications for the MIFARE DESFire EV3 family are indexed under NXP.
NXP AN10922 — Symmetric-key diversifications for MIFARE Plus, DESFire and UCODENXP Semiconductors · Mar 1, 2021 · accessed Apr 24, 2026
The reference AES-128 key-diversification scheme used in DESFire issuance programmes.
NXP AN12343 — MIFARE DESFire EV3 features and hintsNXP Semiconductors · Sep 1, 2020 · accessed Apr 24, 2026
EV3-specific application note covering memory layout, SDM, transaction MAC and delegated application management.
NFC Forum — Type 4 Tag Operation SpecificationNFC Forum · Jun 1, 2021 · accessed Apr 24, 2026
NDEF messaging platform that DESFire EV3 implements for tap-to-verify URLs.
Garcia et al. — Dismantling MIFARE Classic (CRYPTO 2008)Radboud University / IACR CRYPTO 2008 · Aug 15, 2008 · accessed Apr 24, 2026
Academic CRYPTO-1 break establishing the cryptographic gap that DESFire EV3 AES-128 closes.
APTA TCRP Report 115 — Smartcard Interoperability Issues for the Transit IndustryTransportation Research Board / APTA · Jan 1, 2006 · accessed Apr 24, 2026
US-side guidance on transit fare-collection interoperability consistent with EN 1545 Europe.
EN 1545 — Identification card systems, surface transport applicationsCEN · Jun 1, 2005 · accessed Apr 24, 2026
European transit-ticketing interoperability standard against which DESFire EV3 file layouts are designed.

10+ Years RFID Manufacturing

ISO 9001 Certified Factory

500+ Enterprise Clients

50+ Countries Served

Proud Tek is a Shenzhen-based RFID & NFC manufacturer supplying hotel chains, transit operators, event venues and retail brands worldwide. Every order includes free samples, RF testing and dedicated project support.

Get a Quick Quote

Tell us about your project and we'll respond within one business day. Fields marked (asterisk) are required.