Authentication Flow with SAM AV1

[Rajesh S]

Hi,

We are looking to Authenticate DESFIRE 4K PICC Application with SAM AV1. we need the authentication flow for authenticating the PICC through SAM AV1.
Requesting you to share the APDU structure for authentication using Key No and Key Diversifer as inputs.

---

+ 0  |  - 0

[TapLinx Support]

Hi Rajesh S,

At general, you have two modes to authenticate a PICC: the X mode and the Non-X mode. The X mode requires a NXP NFC reader. In this case the SAM send all artifacts to the PICC autonomously. In the Non-X mode the embedding microcontroller have to handover all artifacts between SAM and the NFC reader.

Sorry, but I cannot share APDU material of a NDA certified products in public. There is an application note which describes your use-case: AN1826, MIFARE SAM AV2 – For MIFARE DESFire EV1.

The SAM AV2 replaces the SAM AV1.

Regards,
The TapLinx Team

---

+ 0  |  - 0

[Rajesh S]

Thanks for your response.

Do you need to do authenticate_host before we do an authenticate_PICC or we can directly do an authenticate_PICC by selecting the application in SAM. and also please let us know the difference between Authenticate_Host and Authenticate_PICC in Non-X mode.

Thanks.

---

+ 0  |  - 0

[Rajesh S]

Please also let me know on how to set the SAM communication in Non-X mode.

---

+ 0  |  - 0

[TapLinx Support]

Hello Rajesh,

You need a SAM_AuthenticateHost if you want to do “maintaining commands”, e.g.: change or set new keys, change key version etc. If the SAM is prepared and all keys updated, you use it in Non-X-mode to authenticate PICCs in front of a reader. Here it depends on the MIFARE card type, which command you use. For instance you use SAM_AuthenticatePICC to authenticate to a DESFire with AES keys. Therefore no host authentication is required.

Regards,
The TapLinx team

---

+ 0  |  - 0

[Rajesh S]

Thanks you for your quick response very much appreciated.

So now which SAM_authenticate commands needs to be triggered to authenticate a DESFIRE EV1 card with 3DES keys for authentication and also please help us in understanding the difference between various authenticate commands as listed below in product datasheet document.

1. SAM_AuthenticatePICC
2. SAM_AuthenticateMIFARE
3. SAM_ISOAuthenticatePICC
4. SAM_ISOExternalAuthenticate
5. SAM_IsoInternalAuthenticate.

When we use which command for authentication with the SAM module.

---

+ 0  |  - 0

[TapLinx Support]

Hello Rajesh,

The MIFARE SAM supports the whole MIFARE family: Classic, DESFire etc. Therefore you will find several authentication methods for each MIFARE product and for each cipher the product supports.

For the DESFire EV1 you use SAM_AuthenticatePICC for the Non-X-mode. This command can be used for all ciphers and for key diversification. If you want to use the ISO authentication procedure (GetChallenge, ExternalAuthenticate and InternalAuthenticate) you should use SAM_IsoAuthenticatePICC. For this commands you use “PICC keys”.

The TapLinx team

---

+ 0  |  - 0

[Author]

Posts