Skip to content
MIFARE 13.56 MHz Secured credential

MIFARE DESFire EV1 Compatible Cards & Fobs

MIFARE DESFire EV1 is NXP's first-generation multi-application secure smart card, offering AES-128 and 3DES hardware encryption at 13.56 MHz with EAL4+ certification — not cloneable, suitable for legacy high-security deployments, but superseded by EV3 for new installations.

Quote MIFARE DESFire EV1 cards View specs

MIFARE DESFire EV1 operates at 13.56 MHz per ISO/IEC 14443 Type A and supports up to 28 simultaneous password-protected applications, each secured with independent DES, 2K3DES, 3K3DES, or AES-128 keys in a Common Criteria EAL4+ certified secure element. American Key Cards supplies DESFire EV1 cards in blank factory state for operators deploying or expanding new installations — existing secured credentials cannot be copied or duplicated, as the cryptographic keys never leave the card's secure element.

MIFARE DESFire EV1 specifications

Brand / OEM
NXP Semiconductors
Technology
Contactless smart card (ISO/IEC 14443 Type A, ISO 7816)
Frequency
13.56 MHz
Chip
NXP MF3ICD21 (2K), MF3ICD41 (4K), MF3ICD81 (8K); hardware-accelerated DES, 2K3DES, 3K3DES, and AES-128; EAL4+ Common Criteria certified; 7-byte UID
Bit formats
Proprietary NXP DESFire application-layer encoding, 26-bit Wiegand (via reader-side extraction of card serial number), 37-bit Wiegand (via reader-side extraction), OSDP v2 (reader-dependent)
OEM part numbers
MF3ICD21, MF3ICD41, MF3ICD81, MF3ICDH21, MF3ICDH41, MF3ICDH81

Honest note: MIFARE DESFire EV1 is a secured credential

MIFARE DESFire EV1 cannot be cloned. AES-128 and 3DES hardware encryption with mutual authentication means the application keys never leave the card's secure element. American Key Cards supplies blank, unencoded DESFire EV1 cards for operators standing up new deployments or encoding infrastructure — we cannot duplicate or clone an existing secured DESFire credential. NXP no longer recommends EV1 for new designs; EV3 is the current preferred product. If you're deploying a new system or need standard prox credentials your readers also accept, contact us and we'll tell you exactly what's possible.

Can MIFARE DESFire EV1 cards be copied?

No. MIFARE DESFire EV1 relies on secure encryption, so it cannot be cloned from an existing card. This is a security strength, not a limitation of our service.

Where MIFARE DESFire EV1 is used

  • Government and federal facility access control (legacy deployments)
  • University and campus multi-application smart ID cards
  • Healthcare facility access and logical ID
  • Corporate enterprise access control
  • Transit agency fare media (legacy NFC infrastructure)
  • Secure building access requiring AES/3DES credential protection

Compatible readers

HID multiCLASS SE RP40 / iCLASS SE readers with DESFire credential moduleAllegion aptiQ multi-technology readersLenelS2 BlueDiamond multi-tech readersDormakaba DESFire-capable readersHID OMNIKEY desktop readers (for encoding)ACR122U / ACR1252U NFC readers (for encoding/verification)

Related formats

You might also need

MIFARE

MIFARE DESFire EV2

MIFARE DESFire EV2 is NXP's second-generation multi-application secure card with EAL5+ certification, AES-128 encryption, anti-relay proximity check, and Transaction MAC — not cloneable, widely deployed in enterprise and government access control.

13.56 MHz Secure
View compatible cards
MIFARE

MIFARE DESFire EV3

MIFARE DESFire EV3 is NXP's current-generation flagship smart card — EAL5+ certified, AES-128 only (single DES removed), with Secure Unique NFC messaging, 1 million write cycles, and extended read range — not cloneable, recommended for all new high-security deployments.

13.56 MHz Secure
View compatible cards
HID Rare format

HID Seos

HID Seos is HID Global's current flagship smart card credential, delivering AES-128 encryption, Common Criteria EAL 5+ hardware, and SIO Data Binding — making it immune to all known cloning attacks.

13.56 MHz Secure
View compatible cards

MIFARE DESFire EV1 — FAQ

Can MIFARE DESFire EV1 cards be cloned?

No. DESFire EV1 uses mutual AES-128 and 3DES authentication with keys stored in a certified secure element — the keys never leave the card, so there is no known method to clone a properly secured DESFire credential. American Key Cards supplies blank cards for new deployments; we cannot duplicate an existing encoded card.

What is the difference between DESFire EV1, EV2, and EV3?

EV1 is the first generation (EAL4+ certified, up to 28 simultaneous applications, supports DES/3DES/AES). EV2 adds EAL5+, Transaction MAC, proximity check, and unlimited applications. EV3 adds Secure Unique NFC (SUN messaging), 1 million write cycles (vs 500K on EV1/EV2), and improved read range. NXP recommends EV3 for all new designs.

Do you sell pre-programmed DESFire EV1 cards?

We supply DESFire EV1 cards in blank/factory state only. Because DESFire credentials are secured with operator-held AES or 3DES keys, we cannot encode them without your specific application keys — and doing so would give us access to your secured system. Your access control integrator or system software handles encoding.