- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- RFID / NFC
- :
- TapLinx SDK, TagWriter and TagInfo
- :
- Re: Using external SAM (card) on POS SAM slot to authenticate/read DESFire EV2/EV3 with TapLinx v4.1
Using external SAM (card) on POS SAM slot to authenticate/read DESFire EV2/EV3 with TapLinx v4.1.0
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Using external SAM (card) on POS SAM slot to authenticate/read DESFire EV2/EV3 with TapLinx v4.1.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear NXP TapLinx Support Team,
I am integrating TapLinx (v4.1.0) on an Android POS device and require guidance on the recommended approach to securely read/write data from MIFARE DESFire EV2/EV3 cards when using an external SAM (Secure Access Module) installed in the POS SAM slot.
Environment & hardware
TapLinx SDK: v4.1.0
POS device: Android POS (model available on request), Android 13
NFC: working (TapLinx can detect card type on this POS via IsoDep/Android NFC)
Card: MIFARE DESFire EV2 / EV3
SAM: external SAM card/module available and the POS has a SAM slot; the POS vendor SDK exposes APIs to open the SAM channel and send/receive APDUs (e.g., exchangeApdu(...))
What we want to achieve
We want to use the external SAM (inserted in the POS SAM slot) to perform secure authentication for DESFire cards (so keys are never exposed in the application), and then use TapLinx to perform DESFire read/write operations once the card session is authenticated.
Questions / Request
Does TapLinx v4.1.0 provide any official or recommended integration pattern for using an external SAM (inserted into a POS SAM slot) to perform DESFire authentication while TapLinx handles DESFire protocol and file operations?
If such integration is supported or recommended, could you please provide:
Example code (or pseudo-code) demonstrating the SAM ↔ TapLinx relay flow for EV2/EV3 (AES preferred). Specifically:
How to call the TapLinx method that initiates the card challenge (e.g., authenticateEV2First or equivalent), capture the challenge data, send it to the SAM via APDU, and pass the SAM’s response back to TapLinx (e.g., authenticateEV2Next).
Any helper classes or methods in TapLinx that simplify bridging a SAM (for example, recommended APDU framing or expected byte formats).
The APDU format TapLinx expects for authentication exchanges, or mapping guidance between TapLinx methods and the APDUs you recommend for SAM operations.
If TapLinx does not directly provide SAM integration, what is the recommended secure flow (best practice) to:
Relay card challenges to the SAM (in POS SAM slot),
Use SAM to compute responses (cryptogram / MAC), and
Feed those results into TapLinx so the DESFire session is authenticated and ready for secure read/write.
Any sample projects, technical notes, or internal docs you can share that cover TapLinx + external SAM (POS) integration would be very helpful.
Any example code or recommended patterns you can share will accelerate our integration and help ensure we implement a secure, maintainable solution.
jimmychan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We do not have any support for external SAMs in TapLinx yet, so unfortunately, we do not have a recommended way on how to do this.
