Your Access Control Options with DESFire
By using high encryption credential technology, like DESFire, you can ensure access to sites is robust and secure.
At ICT we like to think of credentials as ‘what you have, what you know, and who you are’. For now, we’re going to focus on ‘what you have’, specifically looking at proximity devices that support MIFARE’s DESFire technology: cards, key tags, and transmitters.
What You Have
An access card or tag.
What You Know
This could be a PIN or password.
Who You Are
A biometric credential like a fingerprint or facial scan.
Why Choose DESFire?
Because not all credentials are created equal.
Standard 125kHz proximity devices aren’t encrypted, so anyone within 3 feet (about 90cm) can steal the data and make a clone in under a minute. We know because we tested it - you can read about it here. There is also the potential for multiple locations to have the same site codes - so overall, a rather insecure solution.
On the other hand, MIFARE DESFire are encrypted using a cryptographic module, which uses algorithms to encrypt the data on the proximity device so it’s nearly impossible to decipher.
DESFire uses AES (advanced encryption standard) 128-bit encryption, so the data on the device has 2128 possible combinations. That would take a super-computer more than 2.6 trillion years to crack - you'd be able to listen to Running Up That Hill by Kate Bush for nearly 25 million years straight before it was cracked. This encryption ensures added protection against card cloning and data theft, providing the highest site security.
ICT’s DESFire Devices
DESFire credentials are available with 3 of our devices:
There are different versions of the DESFire credentials, all are secured using AES-128 but have different memory capacities. The cards are available in EV1 and EV2 and tags and transmitters are available in EV2 formats.
The memory can be thought of as a USB drive – the device can hold applications, like a folder on a computer, and each application can contain multiple files.
EV1 cards have a memory range of 256b-2k, with a limit of 28 applications, and Common Criteria EAL4+ certification. EV2 devices have a memory size range of 2-8kB, no limits on the number of applications that can be uploaded and is EAL5+ certified.
Each application is secured with its own AES key and are independent from one another. So, one device can hold multiple credentials, and can be recognized by multiple readers, including hardwired, wireless, third-party , and legacy readers.
For example, in a multi-use building, credentials for both a shared hardwired lock with ICT reader, and third-party wireless locks with readers for individual offices or tenancies can be added to the tag or card. Our cards also come in hybrid format with 125kHz and DESFire both encoded. This enables the device to work with legacy readers, allowing you to slowly migrate to a modern ICT solution, making access simple and seamless.
Let’s look at the available devices:
The DESFire credential is available with our ISO Graphic Printable card. There are a range of design options available including: external card numbering and contact smart chip module. No battery in the card means that it has a long-life span, and the cards are strong, flexible and resistant to damage.
Head over to our blog to get a basic rundown on card security, or to learn more about choosing the right card technology.
Cards available with DESFire technology:
- PRX-ISO-DF-EV1-2K: DESFire EV1 2K ISO CR80 Card
- PRX-ISO-DF-EV1-2K-LF: DESFire EV1 2K 125kHz ISO CR80 Card
- PRX-ISO-DF-EV1-LT: DESFire EV1 256B ISO CR80 Card
- PRX-ISO-DF-EV2-2K: DESFire EV2 2K ISO CR80 Card
- PRX-ISO-DF-EV2-2K-LF: DESFire EV2 2K 125kHz ISO CR80 Card
- PRX-ISO-DF-EV2-4K: DESFire EV2 4K ISO CR80 Card
- PRX-ISO-DF-EV2-8K: DESFire EV2 8K ISO CR80 Card
DESFire Key Tags
For something a bit more durable, we recommend key tags. They’re designed to withstand heat, pressure, and chemicals, making them perfect for harsh environments such as labs and factories. Key tags are designed to hook onto keyrings and lanyards, so the risk of loss is mitigated.
Tags available with DESFire technology:
- PRX-TAG-DF-EV2-2K-B: MIFARE DESFire EV2 Tag
- PRX-TAG-DF-EV2-4K-B: MIFARE DESFire EV2 Tag
Transmitters can be used as a long-range device to unlock garages and gates and can also be encoded with a DESFire credential to use at a card reader to unlock the building at short-range. They’re an ideal parking access solution for commercial warehouse environments, residential facilities, and more.
There are 2 styles of transmitters that can be encoded with a DESFire credential:
- RF-REM2-433-DF: Remote 2 Button (433MHz) DESfire EV2
- RF-REM4-433-DF: Remote 4 Button (433MHz) DESfire EV2
To learn more about ICT’s receiver and transmitter solutions, check out the article on our wireless 433MHz range.
Investing in a security system is a big commitment, that’s why we recommend the industry-leading security that DESFire credentials offer, to keep your site safe and secure.
We've created a handy resource for you to download to get a quick overview of the benefits, target applications, key features and credentials available for a robust DESFire solution.