190 likes | 316 Views
T-700 Series Readers Secure Sector Readers. Contents. History of Card Technology Trends Card Technology Trade Offs Customer Profiles Fixed Sector Keys and how they work Diversified Sector Keys and how they work T-7XX Reader Series Information. “What it reads” Card and Reader Technology
E N D
Contents • History of Card Technology • Trends • Card Technology Trade Offs • Customer Profiles • Fixed Sector Keys and how they work • Diversified Sector Keys and how they work • T-7XX Reader Series Information
“What it reads” Card and Reader Technology Barium Ferrite Bar Code Magstripe Wiegand 125 kHz Proximity Mixed technologies “How it talks” Reader Communications Output 20ma Current Loop Proprietary Strobed Clock & Data F2F Wiegand Supervised F2F RS-485 RS-232 Long History of Card / Reader Technologies Historically there have been two key considerations when choosing a reader: 1) What cards it reads, and 2) how it talks to the controller.
HSPD-12 FIPS 201 TWIC Convergence of Logical & Physical Access Federated Identity PKI Certificates Strong Passwords Secure Sectors Mifare ISO 14443 Vicinity ISO 15693 DESFIRE Biometrics Hacking Smart Cards News & Trends in the Market Newer influencers affecting choice of reader & card technology
Mifare ISO 14443 Developed by Philips, now NXP Wide install base Public Transit, IDs Up to 4K Bytes storage Vicinity ISO 15693 my-d chips from Infineon Used for the the development of Smart Labels Longer read range Typically storage - 2K Bits HID iClass – Inside Contactless Major 13.56 MHz TechnologiesTwo major ISO standards for Smart Cards Different Std’s, However, T-Readers Read Both
Card/Tech Tradeoffs Card Type Tech
Mapping Options Out Limited sources, Customer is locked to source due to complexity of manufacturing and encoding processes Hybrid Dual interface PKI Manufacturer controls Key, Credentials from reader manufacturer Higher Cost Mifare DESFIRE EV-1 Diversified Key Manufacturer controls Key, Credentials from reader manufacturer Mifare DESFIRE EV-1 Fixed Key T-7XX Series Wiegand Mifare / Vicinity Diversified Key Mifare Fixed Key Customer controls Key, generally selects paired card and reader source 125 kHz Prox Mifare / Vicinity UID Customer controls Key, generally selects paired card and reader source MagStripe Customer can have multiple sources Lower Cost BarCode Lower Security Higher Security
Typical Customer Profile for Secure Sector Smart Cards • Ideal customers for Smart Cards • Customers Seeking Multi-purse Capabilities • Cashless Environments • Library / Lending • Tool Crib • Cashless Vending • Copying With Usage Tracking / Billing • Environments Requiring More Secure Controls • To Prevent Credential “Sniffing” and • To Prevent Counterfeiting. • Corporate or Educational Campus • Any Environment Desiring Ability To Tie The Existing Identity Infrastructure to Any Other Task or Function
What are Fixed Sector Keys? 1 Non-encoded Smart Card Credentials 2 Credential Encoder BID Data Data-1 Data-2 Data-3 . . Data - n Sector Secret Key* Encoded Smart Card Credentials 3 *Secret Key is up to 128 bits • Step 1: GE provides encoded cards utilizing customer’s Fixed Key. (Note: A fixed key credential encoder is planned for Facility Commander Wnx 7.6 and Picture Perfect 4.1 allowing customer more choice in card providers.) • Step 2: Encoding Cards -- Blank Smart Cards are presented to Credential Encoder. The encoder writes a secret key to the specified sector and writes the badge ID data to the user field for that sector. • Step 3: The output is an encoded credential with both a secret key and the badge data stored on the credential. Other sectors are available for other data—vending, library, etc. These steps are repeated for each subsequent card.
Fixed Sector Key Use Transaction Data sent to Controller 4 3 1 2 • Step 1: Card approaches the reader • Step 2: Conversation between the reader and the card ensues. Reader starts by transmitting the secret key for a particular sector on the card. • Step 3: The card compares the secret key provided by the reader to the secret key on the card. If they match, then and only then, does the card release the user data for that particular sector. • Step 4: The reader reads the user data and transmits the information to the controller, in this case, to be used in the access control decision. This process is repeated every time a card approaches the reader. • Note: In the case of FIXED keys, every card uses the same secret key
What are Diversified Sector Keys? 1 Non-encoded Smart Card Credentials 2 Credential Encoder BID Data Data-1 Data-2 Data-3 . . Data - n Secret Key* Algorithm Encoded Smart Card Credentials 3 *Secret Key is up to 128 bits • Step 1: GE provides encoded cards utilizing GE’s Diversified Key. (Note: A Diversified Key is only available directly from GE. There is no field encoding of Diversified Keys.) • Step 2: Encoding Cards -- Blank Smart Cards are presented to Credential Encoder. The encoder contains an algorithm that • requires two data inputs—1) a secret key and 2) a card serial number. The algorithm outputs a unique number or key for each credential and writes a unique secret key to the specified sector and then writes the badge ID data to the user data field for that sector. • Step 3: The output is an encoded credential with a unique secret key and the user badge data stored on the credential. Other sectors are available for other data—vending, library, etc. These steps are repeated for each subsequent card.
Diversified Sector Key Use Transaction Data sent to Controller 5 4 1 2 3 • Step 1: Card approaches the reader. The reader has both the algorithm and the GE secret key stored in it. Therefore, it can • calculate the result key for each card. Conversation between the reader and the card ensues. Reader starts by transmitting the card serial number for a particular sector on the card. • Step 2: The reader runs the algorithm • Step 3: The reader transmits a unique result key for each card & sector. • Step 4: The card compares the result key provided by the reader to the sector key on the card. If they match, then and only then, does the card release the user data for that particular sector. • Step 5: The reader reads the user data and transmits the information to the controller, in this case, to be used in the access control decision. This process is repeated every time a card approaches the reader. • Note: In the case of DIVERSIFIED keys, a UNIQUE result key is calculated for each card. In the unlikely event that a card is compromised, only that particular card is subject to counterfeiting. All others remain secure.
New T-7xx Series Readers • 13.56 MHz Readers – Secure Sector • Wiegand Output • RS-485 Output • GE Diversified Key or Fixed Key • T-700 - Mullion • T-720 - Mid-Range • T-725 - Mid Range with Keypad
Stocked Smart CardsCompatible with T-7XX Series to Read Encoded ID • All GE Stock Smart Cards Have • GE Diversified Sector Key • ISO Thickness • Composite Material • Front: White Glossy • Back: White Glossy • Size: CR-80 • No External ID • No Slot Punch (dots are visible for where slot punch is permitted) • No Magnetic Stripe
Custom Smart Card Ordering • Custom Smart Card Attributes • External ID • External ID Print Type • External ID Print Position • Tab Run • Sector Encoding Options • Badge ID Formatting Options • Slot Punch Options • Custom Artwork Printing
Who To Call For Assistance If you have additional questions or needassistance answering technical questions for customers, please contact PreSalesEngineering to speak with a specifically trained representative on this subject