Page 1-4 Overview
PLT-01067, Version: A.7 July 2017
to perform both encryption and signing of the SO credential. This key is called the SO encryption
key.
Note: It is called an encryption key but it also performs signature verification.
The SO encryption key could be managed by HID as a standard key and/or an Elite key, which is
similar to the management of Media keys described earlier. We also provide the support to create a
customer managed SO encryption key, however a SO credential that is protected using such a key is
not managed via HID and also has an additional signature using HID Global’s license key.
Additional information about secure objects can be requested from HID Global.
1.1.5 Secure Channel Key
The messages that are exchanged between a host application and the encoder device are
transferred over a mandatory secure channel
5
. The secure channel ensures the confidentiality and
authenticity of the messages between the host application and the encoder device.
The encoder comes with a default value for the secure channel key, and very much like the OEM
Admin keys, the host application prompts you to provide a new value for the secure channel key.
This secure channel key is stored on a per user basis.
The secure channel mechanism is based on a slightly modified Global platform SCP secure channel
protocol. You can request more information about the secure channel from HID Global.
1.1.6 Credential Credit Management
All transactions with credentials are enabled by credential credits. These are discrete tokens that are
consumed with each transaction until none remain or until additional credits are ordered and
applied to the encoder.
The term Credential Credit, refers to the tokens purchased from HID that enable all credential write
transactions. The iCLASS SE Encoder is enabled until the authorized credits have been exhausted,
then you must request additional credits from HID Global.
The management of credits can be understood as a type of counter. When a customer orders “X”
credits, the counter is increased by “X” and the encoder is enabled until the counter is decremented
to 0, or until more credits are ordered.
The following attributes, are the building blocks to define a transaction which is enabled by a
Credential Credit Token.
For example: To encode iCLASS with HID Access Control application and Standard keys, this
transaction would require a different credential credit token than the same transaction using Elite
keys.
Technology Application Security Media
iCLASS HID Standard Genuine HID
MIFARE Classic SIO Elite Third Party
MIFARE DESFire EV1 Custom Custom Third Party
Prox HID Standard Genuine HID
Seos SIO Elite Genuine HID
To Next Page
Loading...