Security settings

Owned by BAS-IP (Unlicensed)
Last updated: Nov 24, 2023
4 min read

In this section, you can configure the following parameters: 

  • available identifier formats for the reader to work with: 

    • ASK: enabling signal transmission in amplitude-shift keying that is used in EM-Marin Classic cards and keychains; 

    • FSK: enabling signal transmission in frequency-shift keying that is commonly used in Temic cards and paired with ASK keying;

    • Mifare: enabling signal transmission for working with Mifare cards;

    • Bluetooth: enabling signal transmission for working with Bluetooth identifiers (UKEY);  

    • Inner Range: enabling the operation with specialized IR cards. 

  • type of output interface for data transfer to the panel: Wiegand Automatic, Wiegand-26, 32, 34, 37, 40, 42, 56, 58, 64. Selected Wiegand type must coincide with the indicated in the panel settings one; 

  • encryption password for UKEY identifiers; 

  • Mifare profiles (depending on Mifare cards types that are used).

    For all available profiles (Mifare Classic, Mifare Plus, Mifare profile 3, Mifare profile 4, Mifare profile 5) you can set the following parameters: 

    • security: card encryption enabling/disabling;

Available security levels (depending on profile type):

  • none: there is no need to encrypt cards. Only UID and chip manufacturer information will be sent to the controller; 

  • SL1 6 bytes;

  • SL1 diversifying;

  • SL3 diversifying: used for authentication, data exchange, and encryption, for working with memory, as well as for detecting remote attacks by radio channel. AES crypto-algorithm is used; 

  • SL3 16 bytes: more secure applied encryption algorithm. The principle of the algorithm is that each identifier has its own individual encryption key.

  • key (available if the cards are encrypted): the encryption key for Mifare identifiers (12 hexadecimal characters);

    • read sectors (available if the cards are encrypted): sector values that are obligatory to be read;

    • read (available if the cards are encrypted): conditions for card reading;

Available options: 

  • if the card code option is selected and the encryption key (of the recorded cell) in the card matches the encryption key in the reader, then the card code (UID) will be sent to the controller;

  • if the by address option is selected, the information recorded in a certain memory block of the card will be sent from the reader to the controller.

  • use address (available if the cards are encrypted and the read by address is selected): a bid-endian or little-endian way of reading;

    • card code byte order.

Mifare Plus chips (in cards, keychains, bracelets, etc.) are at the SL0 security level by default. It is impossible to use cards at the SL0 level in the application system, the Mifare Plus chip must be upgraded to SL1, SL2, or SL3. When initializing the Mifare Plus chip, the object owner must generate the key values and store this information securely.