Manuals+

MIFARE DESFire Custom Key Credentials Q&A

March 19, 2021

Authentication and Encryption

Q. Would you explain the concept of authentication and encryption and why this creates a more secure transaction?

A. Authentication is the process ensuring the credential and the reader can communicate. The credential and reader engage in rapid transactions. Once authentication occurs, data is harvested, encrypted, and sent to the reader, where it is decrypted and sent to the control panel for the access decision.

MIFARE DESFire Adoption in North America

Q. Why has MIFARE DESFire not been more readily accepted in North America?

A. MIFARE by NXP was initially focused on transit applications. Innovations led to MIFARE Classic, Plus, and DESFire EV1/2, expanding utility to electronic access control. While NXP has greater share in Europe, awareness and adoption of EV1 and EV2 are growing in North America.

LEAF Consortium

Q. What is LEAF?

A. LEAF is a consortium of NXP aligned credential and hardware manufacturers driving an open, interoperability standard. It enables the use of a single credential across multiple manufacturer hardware platforms. Visit the LEAF website for more information: https://leafidentity.com/.

Key Sharing Ceremonies

Q. What is a key sharing ceremony?

A. When the owner of a custom encryption key decides to share it, the key is optimally shared via a secure key exchange ceremony. Multiple key sharing options exist, with standards focused on transparent and secret sharing. Key sharing also involves considering the risk associated with sharing, how the key is stored, and liability for secure storage.

Proprietary vs. Open Solutions

Q. If I think I'm in a proprietary credential relationship, but prefer a more open solution like MIFARE DESFire, what are my options?

A. Contact Allegion at InsideSales@allegion.com or Paul.Iverson@allegion.com at 303.882.7539, or your local Allegion Sales Representative.

Q. What if I want to own my key, but don't want to secure it. Is there an option where Allegion can still safely hold it even though I as the end user own it?

A. Yes. Allegion can develop a key for you and provide secure storage. As the owner, you will assign Allegion the rights to securely store the key.

Q. Why would I want a proprietary model (as an end user)?

A. If you are comfortable with the manufacturer's portfolio, roadmap, channel fulfillment, and pricing strategy, a proprietary model may be a good option.

Card Duplication and Theft

Q. Have you run into any situations where a low frequency prox card was duplicated for theft purposes?

A. While not directly witnessed for theft, card cloning can occur without the end user's awareness. If a card copy is used at one location and another copy at a different location within a timeframe impossible for the user to be in both places, it may indicate cloning. For demonstration purposes, a customer's card was cloned to show how easily replication can occur.

User Licenses and Custom Keys

Q. Is there a user license for an end user owned encryption key? What is the cost? What is the cost if I stay with the proprietary version?

A. There is no user license for a custom key; it is a one-time cost. The part number is SCEKS, and pricing is available through the channel.

Allegion and HID Compatibility

Q. Are Allegion and HID compatible?

A. Yes, on a limited basis. Allegion's AD 300 and 400 hardware offer an option to support iClass and SEOS encryption keys. Allegion collaborates with competitors to address shared market challenges.

Q. So, an Allegion Card Reader can read any MIFARE Classic, MIFARE DESFire, etc.?

A. Yes, Allegion's portfolio of Schlage readers and electronic locks supports various DESFire technologies, including MIFARE Classic, MIFARE Plus, and MIFARE DESFire.

Q. Other than just standard 26 bit format, what other bit formats are acceptable with Schlage Control locks?

A. Allegion's portfolio of Schlage readers and electronic locks supports various bit formats, including 26A, 35C, 37X, 40X, and 48X. Schlage readers and locks support smart credential bit formats up to 63 bits.

Q. How does NXP technology interact with the iClass technology from HID?

A. NXP MIFARE and HID iClass are different high-frequency technology platforms and do not transact directly. To support NXP or HID technology, a manufacturer must have the corresponding technology and the correct symmetric key on their reader.

MIFARE DESFire EV3 and HID Signo Readers

Q. What is the status of EV3 cards and readers? Mass production, limited production or will be available soon?

A. NXP announced MIFARE DESFire EV3 in June 2020. Allegion is transitioning all DESFire EV1 and EV2 smart credential technologies to DESFire EV3 by the end of 2021, contingent on EV3 chip availability.

Q. Will this work with then new HID Signo Readers?

A. It is recommended to check with the manufacturer. HID's publicly available documentation indicates support for NXP technology on their Signo readers with the correct configuration.

MIFARE DESFire Memory Options

Q. I understand the benefits of MIFARE DESFire encryption. I do not understand all of the option pertaining to memory? (1K, 2K, 8K, etc.) Can you explain?

A. NXP offers various memory sizes for their technologies, functioning like mini-computers. These sizes allow customers to choose how much memory is needed for specific functions. Higher memory allows for more data storage. For basic access control, 1K or 2K memory is sufficient. For uses like dining or transit, 4K or 8K might be needed.

ISONAS Readers and Custom Keys

Q. Do you know if the ISONAS readers read the custom credentials you're talking about today?

A. ISONAS readers are based on NXP technology and can support custom keys.

OSDP and Mobile Formats

Q. If the MT15 reader is wired in OSDP, can the command to turn off the 125 kHZ range and just leave EV2 on be sent via the OSDP/Access Control software, and not use config cards?

A. Allegion follows the SIA OSDP specification for configuration updates via OSDP. Ensure the product has RS-485 capability. The Schlage MTB series includes RS-485 standard; the Schlage MT Series -485 must be specified. The software and panel providers must also support OSDP for configuration updates.

Q. What mobile formats do you use?

A. Allegion mobile solutions support various bit formats, with ongoing additions. The Student ID NFC solution supports 35C and 40X, while the Schlage Mobile Access Credential supports 26A and 48X.

Key Creation and PKI

Q. Does Allegion have any tools to assist customer in creating their own keys and transfer those securely to Allegion? Is there a tool that demystifies this complex subject?

A. Allegion does not currently have a tool for customers to create their own keys, but Allegion can securely create a custom key for the end user. Allegion is developing tools to securely receive custom keys created by others in a “zero trust” manner.

Q. Is Allegion looking at PKI for future encryption or are they planning to stick with symmetric keys?

A. Allegion is considering PKI models, particularly for mobile credentials.

Lead Times for MIFARE DESFire EV1 and EV2

Q. Any concerns with long lead times of MIFARE DESFire EV1 and EV2?

A. A global chip shortage is causing long lead times for smart credential chips. Allegion has a dedicated team working to mitigate this risk and minimize impact to partners. Standard lead times are currently available for the MIFARE DESFire credential portfolio.

PDF preview unavailable. Download the PDF instead.

MIFARE DESFire Custom Key Credentials Q&A Power PDF Create

Related Documents

Preview MTB Firmware 60.49.01 Release Notes - Allegion
Release notes for Allegion's MTB firmware version 60.49.01, detailing new features, recent changes, and supported credential technologies for access control systems.
Preview Allegion AD400 Configuration Guide for Brivo Onair
This guide provides detailed instructions for configuring Allegion AD400 wireless locks with a Brivo access control system using a Panel Interface Module (PIM). Learn about required components, preparation steps, configuration processes for PIM and locks, and associating them with the Brivo Onair account.
Preview Allegion AD-Series Firmware ONR AD.A.144.1 Release Notes
Release notes for Allegion's AD-Series Over-Network-Reprogramming (ONR) Firmware Package AD.A.144.1, detailing updates, recent changes, and version compatibility for access control systems.
Preview Zentra Hardware Overview: Access Control for Multifamily Properties
A comprehensive overview of Allegion's access control hardware powered by the Zentra platform, designed to simplify access for multifamily properties. Details include Schlage Control Smart Lock, Schlage XE360 Wireless Lock, Schlage NDE Series Wireless Cylindrical Locks, Schlage LE Series Wireless Mortise Locks, PureIP IP-Bridge 2.0, Schlage CTE Single Door Controller, and Schlage RC Series Reader Controller.
Preview XE360 Firmware 01.01.01 Release Notes - Allegion
Release notes for Allegion's XE360 firmware version 01.01.01, detailing new features, recent changes, installation instructions, and component versions.
Preview Allegion Schlage Wireless Access Control Solutions Guide
A comprehensive guide to Allegion's Schlage wireless access control solutions, detailing real-time and offline options, connectivity technologies (Wi-Fi, Bluetooth, 900 MHz), various lock types (LE, NDE, AD-400, Control), Von Duprin integration, and smart credential technology. Learn about benefits like enhanced security, efficiency, and simplified key management.
Preview Allegion Reader Controller Firmware 01.07.05 Release Notes
Release notes for Allegion Reader Controller firmware version 01.07.05, detailing installation, new features, and recent changes for RC11, RC15, and RCK15 models. Includes system component version compatibility.
Preview NDE Firmware 02.21.01 Release Notes | Allegion
Official release notes for Allegion's NDE device firmware version 02.21.01, detailing feature updates, bug fixes, and system component compatibility for access control systems.