The very primary reason for change is we need the 'combo' readers that accept a pin code as well as card.
So you need higher security (dual person identification - card + PIN).
like a bit of software is in the controller
Access control standards require system continues to work even when communication with server is interrupted.
Many access systems don't get their dedicated Ethernet connection that can't be interrupted by other communication. Imagine what will happen if attacker even not being able to take over access system communication will be able to load Ethernet enough to stop access working. In many ceses peoples first reaction to be able to move around the company will be to temporarily open all doors what may be what attacker wants.
I still do not understand how cards are "programmed".
I don't know details (it is done by my brother) but generally having empty card you are allowed to program into it a master key allowing you to add 'applications' to card. Than each application can be added with its own key needed to log to it. You need not to know the master key to log into your application, but you need it if you want to add new application to card. For example if you want to add your access system application into city card then someone who made these cards (and has the master key) have to add your application with your key.
If you need to use cards only in your system then you program into it only one application.
Seems there are other protocols like "mifare" that use a layer of encryption.
From my point of view there are two standards: 125kHz (Unique) and 13.56MHz (mifare), but what is popular can depend on country. I remember I have read something about TI 132kHz standard.
At 125kHz there were cards with ASK, FSK and PSK modulations (Unique uses ASK). Modulation is one subject, the protocol is the other.
Unique cards are not programmed and if powered just continuously send 64 bit data in which there are some synchronization bits (I think 9), and some parity control bits (1 in each 5, I think) so the true unique number is may be 44 bits (I'm just not sure).
There are mifare Classic cards. In the Ferguson and Schneier "Practical Cryptography" book written in 2003 I have read that authors are sure Classic cards will be broken and they say it only because Classic algorithm is secret and civilian cryptography does not know the case of a secret but good algorithm. Because of this we decided to not use these cards in our system few years before they were broken.
We use mifare DesFire and mifare Plus cards both giving comparable security level (they use public algorithms).
Generally cards are not programmed by the user/operator/admin, you purchase pre-programmed cards and "add" them to the list of locally authorised cards.
Many customers still choose this solution as the cheapest.
But nowadays for few $ you can buy a reader/programmer and 10 empty cards allowing you to copy any such pre-programmed card if you have it for few seconds in your hand or if you know its number. There probably are suitcase readers being able to read card number from 1m distance (so without needing to take it out of someone's pocket).
So such solution can be assumed being organization of people's movement around the facility but certainly not the true access control.
Actually have a card "reader" in the facility, but of course no docs on how to use it just yet.
First question - interface?
If it is Wiegand than it should be easy to read it.
If it is RS485 then there are the whole spectrum of possibilities from an openly transmitted card number to sending the contents of a file from the card in an encrypted session (established between the reader and the card), which the reader sends to the controller in an encrypted session established between the controller and the reader, and only then the controller decrypts the data from this file from the card. In this way, the most important keys are never (even in RAM) in system elements (readers) located outside the protected area.
Home
Help
Search
Login
Register
