Prox vs. iClass Explained

By: Brian Rhodes, Published on Jul 12, 2013

The differences between 'contactless' proximity credential formats are significant, yet the details are not well understood. Most access designers and users are familiar with 'Prox', but replacing them with 'iClass' has no real benefit... or does it? In this note, we contrast Prox versus iClass formats, and examine the key differences between both. Should you upgrade you Prox system to iClass? We answer that question in this report.

Key Pros and Cons

The key advantages of Prox cards are: 

  • Low Cost: The huge number of (persistent) Prox users contribute to lower prices compared to iClass.
  • "Good Enough" Security: While vulnerable to "snooping", that risk is uncommonly exploited and most users are comfortable with Prox's "security through obscurity".

By contrast, the key advantages of iClass are:

  • Encrypted Security: Unlike Prox, iClass uses a two or three factor encryption of card data, and only a iClass reader can decode the string, meaning it is nearly a 'snoop-proof' credential.
  • More Capacity: iClass features more bits, and subsequently more storage, than Prox. There is enough room in an iClass card to store user information for a number of different systems aside from only EAC

Prox is (still) King

Despite heavy marketing of iClass as 'next generation proximity', the majority of all access control platforms worldwide still use 'Prox II' format credentials. In a recent IPVMU Access Fundamentals discussion, ~75% of attendees explained they use, design, or install EAC systems that use 125 kHz Prox credentials. While many designers and end users are aware of other 'contactless' credential options, many are unclear of the functional differences between the two and simply continue to use the Prox format they are familiar with.

Similarities

A good part of iClass's slow uptake is a result of how closely it resembles Prox technology to the end user and casual eye. Both formats are 'contactless' credentials typically used by waving a card, fob, or token in close proximity to an reader. In this section, we look at the two aspects that are common between either formats:

  • Data Format
  • Read Range

Data Format: A Prox card and an iCLASS card 'look' identical to an access control system. While the data written to the credential is formatted differently on the card, the reader pushes the same Wiegand or clock and data format to the access control head end. 

Read Range: From a technical perspective, iClass carries further distances than Prox, however in reality the ranges are very close to same. Because so many 'contactless' credentials are passively powered by the reader, the cards must be close to the reader in order to work. This requirement limits data read ranges are typically between 0.25" - 6.0", however distances between 18.0" - 24.0" are possible with active (battery powered) credentials. 

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Differences

However, despite the similar use pattern to end-users, there are many technical differences between the formats including:  

  • Frequency
  • Encryption
  • Readers
  • Cost

Frequency: The single biggest difference between the two credentials is transmissive radio frequency, where Prox is a low frequency 125 kHz and iClass is high frequency at 13.56 MHz. The higher frequency offers faster transmission speeds and greater bandwidth, more 'bits' of information are able to be exchanged between card and reader in a nominally quicker period of time.

With contactless credentials, a lower RF band constrains performance. 125 kHz is roughly 100X lower in frequency than 13.56 MHz, and the tolerance to wait for a credential to scan at a lock door is seconds. Anything longer results in a high level of impatience by users, so Prox credentials are limited in the data volume of information they exchange. As a result, the maximum number of bits for Prox is  typically 64 and commonly 26 bits, well beneath the 128 bit, 256 bit or greater encryptions afforded by the iClass category.

The higher frequency also occupies a less 'noisy' radio band. In some environments, especially industrial, sources like VFDs can generate sufficient interference to prevent 125 kHz readers from being reliable. Higher frequency iClass typically resolve these problems. 

Encryption: With the improvements in bandwidth and speed, iClass offers encryption against 'man-in-the-middle' attacks brought about by snooping unencrypted 125 kHz credentials. HID offers this explanation in their iClass product catalog:

"The communication between an iClass reader and card is encrypted using an algorithm. The transaction between the card and reader cannot be “sniffed” and replayed to a reader. The encryption protocol uses unique 64-bit card serial numbers and mutual card and reader authentication. (or, keys only known to the card/reader)"

A simplified overview between the two formats is shown below. With Prox, all transmission is unencrypted. However, with iClass, all transmission is encrypted and only can be decrypted in the reader once a specific 'key' is shared by the credential: 

Also, this image from a hacker's conference shows the 'handshaking' between iClass credential and reader:

The comparison between "keys" (part of the "signature" in the chart above) is a process not possible with Prox. iClass therefore attempts to mitigate the 'snooping risk' although several sources claim to have exploited iClass using modified snooping methods.

Readers: The readers must match the frequency of the credential; in other words, iClass cards cannot be read on Prox readers and vice versa. A user cannot simply migrate from Prox to iClass credentials without also replacing every reader. The cost of an iClass reader is generally more expensive that an Prox reader, the average price being about 15% higher.

However, the power and data utilities are the same for both formats, and switchovers typically are a quick process of installing the iClass reader in the same place as the removed Prox. All the reader form factors for Prox are available in iClass versions, and therefore changes can even be 'bolthole-to-bolthole' matches.

Certain readers are designed to handle both frequencies simultaneously. No only does this potentially simplify designs and inventory, but allows credential migrations to happen over time - rather than forcing everyone to be issued a new card at once, the normal attrition process of card reissue when expired can be followed.

Cost: Despite a lower credential manufacturing cost than Prox, iClass typically costs more. Because of the frequency difference, 125 kHz credentials need more wire coil loops than 13.56 MHz to achieve the right resonance level. iClass credentials use less expensive components than Prox, and despite higher prices, the cost of manufacture is lower. In previous years, HID offered pricing for either formats at near the same prices, although in recent years iClass is typically priced higher.   The chart below lists typical internet pricing of standard parts: 

Average Component Cost Comparison

          Prox II         iClass
 Cards          $2.75         $4.75
 Readers      $110.00     $135.00

Should I Upgrade?

Many answer the question of "Prox or iClass?" simply, and stick with the less expensive and familiar Prox format. Undoubtedly, millions of electronic access control systems use the format every day with satisfactory result, despite claims of being a security risk. The persistence of Prox, aside from its widespread market share, is due to the relative satisfaction with its use.

However, if Prox is the stubborn 'status quo', then iClass has true operational advantages not possible otherwise. For high-security deployments, or where there might be a high volume of other identity details carried in the credential (for logical or multi-system use) the higher bit capacity and encryption level of iClass is ideal.

 

 

 

5 reports cite this report:

Designing Access Control Guide on Jan 30, 2019
Designing an access control solution requires decisions on 8 fundamental questions. This in-depth guide helps you understand the options and...
Contactless Access Credentials Guide on Oct 29, 2018
Contactless credentials are the most common component used in an access control system and while many look alike externally, important differences...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Axis Releases Access Credentials - Insecure But Convenient on Nov 02, 2016
Axis continues to build out their own end-to-end 'solution'. The company recently announced a series of credential cards, but instead of a...
Average Access Control Job Size 2014 on Jun 30, 2014
Unique IPVM statistics reveal what is the average access control job size, how size varies across integrators, what brands they typically use for...
Comments (9) : PRO Members only. Login. or Join.

Related Reports

Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
Nortek Blue Pass Mobile Access Reader Tested on Jul 11, 2019
Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and...
How To Troubleshoot Wiegand Reader Problems - Inverted Wiring on Jul 16, 2019
Wiegand is the dominant method of connecting access readers, but problems can arise for installers. In fact, one of the most difficult reader...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

'Severe Impact' Mercury Security 2020 Leap Year Firmware Issue on Jan 17, 2020
One of the largest access controller manufacturers has a big problem: February 29th. Mercury Security, owned by HID, is alerting partners of the...
Apple Acquires XNOR.ai, Loss For The Industry on Jan 16, 2020
Apple has acquired XNOR.ai for $200 million, reports GeekWire. This is a loss for the video surveillance industry. XNOR.ai stunned the industry...
Installation Course January 2020 - Last Chance on Jan 16, 2020
Thursday, January 16th is your last chance to register for the Winter 2020 Video Surveillance Installation Course. This is a unique installation...
Halo Smart Vape Detector Tested on Jan 16, 2020
The Halo Smart Sensor claims to detect vaping, including popular brand Juul and even THC vapes. But how well does it work in real world...
PRC Government Entity Now Controlling Shareholder of Infinova / March Networks on Jan 16, 2020
A PRC government entity is now the controlling shareholder of US security manufacturer Infinova as well as its wholly-owned subsidiary March...
Network Cabling for Video Surveillance on Jan 15, 2020
In this guide, we explain the fundamentals of network cabling for video surveillance networks, how they should be installed, and the differences in...
ONVIF Trashed Statement, Confirms Dahua and Hikvision Still Suspended on Jan 15, 2020
ONVIF has 'trashed' the suspension statement for Dahua, Hikvision, Huawei, etc. but confirms to IPVM that those companies are all still...
Wyze Smart Door Lock Test on Jan 14, 2020
Wyze's inexpensive cameras have grabbed the attention of many in the consumer market, but can the company's new smart lock get similar...
Wesco Wins Anixter on Jan 13, 2020
Despite Anixter earlier arguing that Wesco's bid was inferior to CD&R's by nearly 10%, Anixter confirmed that they are taking Wesco's 3.1%...
Anixter Resisting Takeover From Competitor, Bidding War Emerges, Wesco Wins on Jan 13, 2020
Mega distributor Anixter is going to be acquired but by whom? Initially, Anixter planned to go private, being bought by a private equity firm....