704.987.2238​
[email protected]​
ABOUT US
Bill Pay
  • Products & Solutions
    • CloudSuite Portfolio
    • Badge Printer & Supplies >
      • ID Card Printers >
        • Fargo Printers
        • Evolis Printers
        • Zebra Printers
        • Magicard Printers
        • Swiftcolor Printer
        • Nisca Printers
        • Entrust Printers
        • RTAI Printers
        • Matica Printers
      • ID Printer Ribbons
    • Mobile ID >
      • ColorID Mobile Solution
    • Access Cards & Credentials >
      • Blank ID Cards
      • Proximity Cards
      • Contactless Smart Cards
      • UHF Cards & Tags
    • Software >
      • CardExchange® Cloud Suite
      • HID Fargo Connect Solution
      • RemotePhoto by CloudCard ID Photo Upload Software
      • CardExchange® Desktop ID Software
      • Asure ID Software
      • ID Works Software
      • Adaptive Issuance Instant ID
    • Visitor Management >
      • HID Visitor Manager
      • Identigy JRNY.Visitor
      • Easy Lobby SVM
      • Verkada VMS
    • ID Readers >
      • Contactless ID Card Readers >
        • HID® Signo™ Readers
        • iCLASS SE® Readers
        • multiCLASS SE® Readers
        • Biometric Readers
        • Proximity Readers
      • Desktop Readers
      • Electronic Signature Pads
      • Magstripe & Barcode Readers
    • Biometric Recognition Devices >
      • Facial Recognition
      • Iris Recognition
      • Fingerprint Recognition
      • Biometric Dining
    • ID Accessories >
      • Badge Holders
      • Badge Reels
      • ID Card Lanyards >
        • Design-A-Lanyard Tool
      • ID Card Strap Clips
    • ID Cameras
    • Tripods & Backdrops
    • Sports & Entertainment Venues
  • Services
    • Identity Roadmap
    • Modern Identity Management
    • Recarding Services
    • Card Migration
    • Government Contracts
    • Pre-Printed Carding
    • Partner Portal
  • Support
    • Learning Center >
      • e-binder
      • Spotlight Articles
      • Knowledge Library
    • Tech Services >
      • Remote Support
      • Warranty Info
      • File Upload
      • CHOICE Support Program
    • Drivers and Firmware
  • QuickQuote
  • Contact Us
Picture
Prox card, proxie card, keycard, hid card, smart card, access badge, corporate 1000 card, 26 bit card – whatever you call it, the 125 kHz radio frequency card is still the most widely used card for electronic access in North America. Unfortunately, few people are aware of recent developments that threaten the security status of these familiar cards.
 
The word “prox” is an abbreviation of “proximity,” which just means “near.” Proximity cards are a significant upgrade for users of mag stripe or Wiegand access cards, which have to be swiped through a reader. Prox cards only need to be held near a reader to open a door, and they work through a wallet, purse, pants pocket or whatever else they are in at the time. Cardholders have enjoyed the convenience of prox cards for nearly three decades. 

Picture
Cloning Prox is easy as 1-2-3

​Want to learn more?
If you curious how retransfer and or pigment based inks might help your id badging environment then feel free to contact us directly via the following contact form.  
​

Considering Custom Keys for Contactless Cards

by:
David Stallsmith

Director of Strategic Initiatives at ColorID

Since improved security is one of the main reasons for migrating to contactless cards, and that security is based on encryption, owning your encryption key should allow us to make all our card-based systems inter-operable, right?
​
Well, not exactly.  Let’s break it down. 
ENCRYPTION
Encryption keys are long numbers that act like passwords to lock and unlock contactless smart card data, such as the ID number used to allow door access.  Typically a manufacturer will program their cards and readers with data secured by their own secret key.  If the manufacturer’s key were to be publicly known, all their cards and readers would be subject to compromise.  Sometimes manufacturers use their own proprietary encryption algorithms, but these have not resisted hacking well, especially in the case of MIFARE Classic and HID iCLASS (legacy version).  

MIFARE DESFire EV1
DESFire EV1 by NXP uses AES 128, a standard encryption algorithm that is considered to be unbreakable for long term data storage.  HID, Schlage, Blackboard, Identiv and many other card and reader manufacturers provide EV1 solutions, some with an option for custom, user-owned keys.  Theoretically, an institution could share the custom key used to program its cards with any reader manufacturer of its choice.  However, there are a few more hurdles to clear on the path to interoperability. ​
Picture
Document for AES Background by NIST
MIFARE DESFire EV1 cards and readers share many parameters that require decisions and/or data, in addition to the encryption key.  In some cases, there could be additional keys, up to 14 per application.  Readers are secure, but not too intelligent.  NXP created a protocol called PACSA which can be used as a guide for EV1 programming, for access control.  Nonetheless, a card programmed for one reader won’t work on another reader that is configured to expect different parameter values.  Key diversification is a common example of one of these parameters.  The reader has to know if the key used to encrypt the data was diversified by scrambling with each chip’s Card Serial Number (or UID), or not.  Without alignment on the parameter, the reader cannot read the secret data from the card.
Picture
Picture
HID
HID Seos and iCLASS SE cards also use AES 128 and are available with custom keys through the Elite Key program.  This enhances card security for any institution; however, these cards can only be read by readers with HID technology, such as iCLASS SE and Omnikey readers, and ASSA ABLOY electronic locks.  Regarding interoperability, HID readers read many more card types than other readers and work with almost all access control and other card systems. 
 
ENCODING
Many ID issuance software products support custom key encoding of NXP chips, both inline and at the desktop.  MIFARE encoding configuration is fairly straightforward, but EV1 setup can require professional services.  Check for which printers are supported.  HID offers software for encoding NXP, iCLASS, Seos and other chips in HID printers and at a desktop encoder. 
 
THIRD PARTY
Encoding for third party applications can require the system provider to share their encoding parameters and encryption keys.  In some cases, such as biometrics, a system may provide its own encoding application. 
CONCLUSION
Custom encryption keys offer the promise of interoperability for all card systems.  However, there are many complications involved, some technical and some business, and not all can be resolved for every system.  ColorID has the experience to be able to help an institution find inter-operable card system solutions, both existing and planned.  ​

​WANT TO LEARN MORE?
Contact ColorID using the form below and we will be happy to discuss custom encryption key options available for your contactless credentials.
Picture

Submit

WE'RE HERE TO HELP.

ColorID has spent decades serving the ID Industry with top-level sales and support to build the ultimate trust with every customer.
REQUEST A QUICKQUOTE ➔

Picture CONNECT WITH COLORID


20480 Chartwell Center Dr. Cornelius, NC 28031
704.987.2238
[email protected]
Mon-Fri: 9am - 5pm (EST)

Picture CUSTOMER SUPPORT

➔ HOW TO PLACE AN ORDER
➔ BILL PAY
➔ CONTACT US

➔ SHIPPING & RETURNS
➔ CREDIT CARD POLICY
➔ FAQ

Picture ColorID e-Binder

ColorID's interactive e-Binder showcases the full line of products and services needed for your organization's ID needs.
VIEW e-BINDER➪
Picture

SITE MAP ・ TERMS & CONDITIONS ・ RETURN POLICY

 © ColorID, LLC - 2023  |  All Rights Reserved