MIFARE DESFire cards are some of our most popular access control cards to date. However, they come in different types.
One of the most common questions we’re asked about access cards is the difference between DESFire EV1 and EV2.
The main difference between MIFARE DESFire EV1 and EV2 cards is that EV1 cards can hold up to 28 different applications, whereas EV2 can hold an unlimited number of different applications, limited only by the memory size.
In this post, we’ll take a deeper look at the differences between the two and hopefully demonstrate why DESFire EV2 is the better choice for your access control solution.
But first…
What is MIFARE DESFire EV1 and DESFire EV2?
The first MIFARE cards arrived in 1994 as a product of NXP and have since undergone several upgrades to ensure they remain as secure as possible. The DESFire contactless range was originally introduced in 2002 to mitigate the risks associated with low-frequency MIFARE Classic® cards – MIFARE Classic cards have been vulnerable to hacking since at least 2007.
The DESFire range has since spawned multiple generations including the two we are looking at today: EV1 and EV2. Note that there is also a newer range EV3 available, however, this post aims to look solely at the difference between DESFire EV1 vs EV2. For information about DESFire EV3 cards or any other MIFARE cards, check out our handy guide to the types of MIFARE cards.
Key applications for EV1 and EV2 products include:
- Access control
- Identity cards
- Loyalty cards
- Public transportation ticketing
- Micropayments
If you’re wondering what DESFire means, the ‘DES’ is indicative of the high-security level the cards use (3DES and or AES hardware). The ‘Fire’ element represents the cards’ key qualities: fast, innovative, reliable and secure.
MIFARE DESFire EV1 vs EV2: What’s the same?
It’s worth nothing that both MIFARE DESFire EV1 and EV2 cards are great options. Whether you choose to go for our genuine MIFARE® DESFire® 4K NXP EV1 cards or advanced DESFire EV2 cards, this will depend entirely on your requirements.
Despite there being numerous differences in the overall security and performance of the pair, EV1 and EV2 both operate at a frequency of 13.56MHz and use the same highly secure AES-128 encryption.
This means they can both be easily configured to work interchangeably. So, those wishing to upgrade from EV1 to EV2 can be sure existing access card readers will work with the newer technology.
MIFARE DESFire EV1 vs EV2: What’s the difference?
As mentioned earlier, the main difference between DESFire EV1 and EV2 is that EV2 can hold an unlimited number of different applications, while EV1 cam only hold up to 28 different applications.
EV2 has many benefits over EV1, including:
- A longer read range
- More secure EAL5+ certification
- Proximity check
- Unlimited application uses
- Backward compatibility
Now let’s look at these differences in more detail.
Read range and speed
To ensure the most convenient contactless functionality, DESFire EV2 features a significantly improved read range and speed when compared to EV1. The exact speed and performance will vary depending on the card type and the size of the antenna, but the official operating distance is 10cm. However, third parties have shown that the actual operating distance is higher than this.
Speed-wise, MIFARE DESFire 4K EV2 cards can transfer data rates of up to 848Kbit/s, making this one of the quickest contactless technologies to date.
High-security EAL5+ certification
Thanks to its DES, 2K3DES, 3K3DES and AES hardware encryption, MIFARE DESFire EV2 benefits from a Common Criteria EAL5+ certification, while EV1 makes to with EAL4+.
Other security features unique to EV2 include on-chip backup management and mutual three-pass authentication.
Proximity check
EV2’s Proximity check feature boosts security further, protecting your cards against relay attacks. It does this by ensuring the card signal is being read by a reader in close proximity and not a remote signal from a hacker.
Virtual Smart Card architecture also anticipates future needs for privacy protection.
Unlimited application uses
EV1 cards are limited to 28 simultaneous applications. This all changes with the EV2, with virtually no limits on the number of applications and processes the chip can run.
Backward compatibility
For those concerned with the compatibility of the EV2 chip, it has been designed to be compatible with previous chips. These include not only DESFire EV1 but also older MIFARE technologies too.
EV1 vs EV2 Comparison Table
Hopefully the above will have given you a little insight into the difference between DESFire EV1 and DESFire Ev2. To give you a full overview, however, we’ve included a comparison chart below. This goes into more technical detail regarding the differences between the two.
| MIFARE DESFire EV1 | MIFARE DESFire EV2 | |
| ISO/IEC 14443 A 1-4 | Yes | Yes |
| ISO/IEC 7816-4 support | Extended | Extended |
| EEPROM data memory | 2/4/8KB | 2/4/6/8/16/32KB |
| Flexible file structure | Yes | Yes |
| NFC Forum Tag Type 4 | Yes | Yes |
| Unique ID | 7B UID or 4B RID | 7B UID or 4B RID |
| Number of applications | 28 | Unlimited until memory is full |
| Number of files per app | 32 | 32 |
| Data rates supported | Up to 848Kbit/s | Up to 848Kbit/s |
| Crypto algorithms | DES/2K3DES/3K3DES/AES128 | DES/2K3DES/3K3DES/AES128 |
| Certification | EAL4+ | EAL5+ |
| Delegated Application Management (Multi-App) | No | Yes |
| Transaction MAC per app | – | Yes |
| Multiple keysets per app | – | Up to 16 keysets |
| Multiple file access rights | – | Up to 8 keys |
| Inter-app file sharing | – | Yes |
| Virtual Card Architecture | – | Yes |
| Proximity Check | – | Yes |
| Delivery types | Wafer, MOA4 & MOA8 | Wafer, MOA4 & MOB6 |
Ready to order?
Whether you’re considering upgrading to newer technologies or simply need more MIFARE® cards, our experts are always happy to help. Call us on 0800 988 2095 and we will find the products that best suit your requirements.
Alternatively, you can browse our complete range of MIFARE cards here.