HID's SE Readers ExaminedBy Brian Rhodes, Published on Oct 13, 2014
The HID card readers you may have used in the past are changing. As old stocks of standards like R10 and R40 readers dwindle, new part numbers and a new series takes their place: iClass SE. In practical terms, what does this change mean, and more importantly, is it a benefit?
In this note, we examine HID's iClass SE readers, survey what has changed, and how it may impact your designs.
What is SE?
HID frequently obscures the practical difference between device generation with marketing buzzwords and vague claims of improvement, leaving many just scratching their heads as to what is actually different, ie:
Cutting through all the vagueness, the biggest technological difference SE offers is OSDP compliance, while older reader models do not. As discussed in our Wiegand vs OSDP post, this protocol offers bigger throughput and bi-directional communication between reader and controller/interface. OSDP supports larger amounts of credential data, and allows tighter security monitoring of the access device most vulnerable to tampering.
In addition, SE supports HID's SIO (Secure Identy Object) data structure that layers and encrypts credential data for many different systems and combines them in encrypted groups. SIO readers support this 'layer encryption' which makes quick, brute-force style snooping of credential data more difficult.
Physically the updated readers are the same size and have very similar performance characteristics of previous models. The only noticeable difference is the LED status bar adds amber and blue illumination to the red/green indicator. Otherwise, previous reader sizes and options are the same with SE units:
HID keeps the same 'R10/R15/R30/R40' model designations and 'K' for 'Keypad option' in the SE line.
Other important notes about the line include:
- Backward Compatible: While advanced features many not be supported, SE readers are designed for use with any access system that previously supports 13.56 MHz credentials.
- 13.56 MHz: While designated 'iClass SE' readers, the most common 13.56 MHz formats are supported, including MIFARE, DESFire, and EV1 variants. iClass SE 'Multiclass' readers also support 125 kHz credentials, but cost ~15% more than non multiclass models.
- Gesture Support: HID's mobile Twist & Go credentialing require SE series readers to recognize gesture movements.
- NFC Ready: The SE series also includes an NFC antenna, for potential application of 'NFC smartphone credentials'.
- Environmentally Rated: All SE readers have a standard IP55 rating that can be improved to IP65 when installed with optional gasket kit.
- Same Read Ranges: Companion contactless credentials are detected and energized at the same physical distance as non-SE models.
- Limited Lifetime Warranty: HID extends a standard lifetime warranty period for SE units again breakage or failure during 'normal' use, although keypad models only carry 2 years on the button input components.
As previous reader model stocks dry up, designers and end-users specifying HID should expect to replace them with SE series units. Pricing between the options is usually within 5% of equal, and very often priced the same between generations. For example, street pricing for popular models:
- R10: Both SE and previous units pricing for the 'mini-mullion' model is ~$75.
- R40: The larger wall mount, longer reads range single gang sized reader is commonly ~$150.
- RK40: The keypad enabled R40 sized reader costs ~$275
Generally multiclass options or rarer communication formats like 'clock & data' modestly increase price.
The crux of much debate surrounding access system security surrounds the reader. While SE reader offer 'security improvements' like OSDP and SIO, they must be applied as a system, with both the upstream controller and/or downstream credential also supporting those features.
By themselves, SE readers will do little to increase system security, but as a 'link in the chain', they can protect both credential data and access systems from direct attacks.