Prox vs. iClass Explained

By: Brian Rhodes, Published on Jul 12, 2013

The differences between 'contactless' proximity credential formats are significant, yet the details are not well understood. Most access designers and users are familiar with 'Prox', but replacing them with 'iClass' has no real benefit... or does it? In this note, we contrast Prox versus iClass formats, and examine the key differences between both. Should you upgrade you Prox system to iClass? We answer that question in this report.

Key Pros and Cons

The key advantages of Prox cards are: 

  • Low Cost: The huge number of (persistent) Prox users contribute to lower prices compared to iClass.
  • "Good Enough" Security: While vulnerable to "snooping", that risk is uncommonly exploited and most users are comfortable with Prox's "security through obscurity".

By contrast, the key advantages of iClass are:

  • Encrypted Security: Unlike Prox, iClass uses a two or three factor encryption of card data, and only a iClass reader can decode the string, meaning it is nearly a 'snoop-proof' credential.
  • More Capacity: iClass features more bits, and subsequently more storage, than Prox. There is enough room in an iClass card to store user information for a number of different systems aside from only EAC

Prox is (still) King

Despite heavy marketing of iClass as 'next generation proximity', the majority of all access control platforms worldwide still use 'Prox II' format credentials. In a recent IPVMU Access Fundamentals discussion, ~75% of attendees explained they use, design, or install EAC systems that use 125 kHz Prox credentials. While many designers and end users are aware of other 'contactless' credential options, many are unclear of the functional differences between the two and simply continue to use the Prox format they are familiar with.

Similarities

A good part of iClass's slow uptake is a result of how closely it resembles Prox technology to the end user and casual eye. Both formats are 'contactless' credentials typically used by waving a card, fob, or token in close proximity to an reader. In this section, we look at the two aspects that are common between either formats:

  • Data Format
  • Read Range

Data Format: A Prox card and an iCLASS card 'look' identical to an access control system. While the data written to the credential is formatted differently on the card, the reader pushes the same Wiegand or clock and data format to the access control head end. 

Read Range: From a technical perspective, iClass carries further distances than Prox, however in reality the ranges are very close to same. Because so many 'contactless' credentials are passively powered by the reader, the cards must be close to the reader in order to work. This requirement limits data read ranges are typically between 0.25" - 6.0", however distances between 18.0" - 24.0" are possible with active (battery powered) credentials. 

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Differences

However, despite the similar use pattern to end-users, there are many technical differences between the formats including:  

  • Frequency
  • Encryption
  • Readers
  • Cost

Frequency: The single biggest difference between the two credentials is transmissive radio frequency, where Prox is a low frequency 125 kHz and iClass is high frequency at 13.56 MHz. The higher frequency offers faster transmission speeds and greater bandwidth, more 'bits' of information are able to be exchanged between card and reader in a nominally quicker period of time.

With contactless credentials, a lower RF band constrains performance. 125 kHz is roughly 100X lower in frequency than 13.56 MHz, and the tolerance to wait for a credential to scan at a lock door is seconds. Anything longer results in a high level of impatience by users, so Prox credentials are limited in the data volume of information they exchange. As a result, the maximum number of bits for Prox is  typically 64 and commonly 26 bits, well beneath the 128 bit, 256 bit or greater encryptions afforded by the iClass category.

The higher frequency also occupies a less 'noisy' radio band. In some environments, especially industrial, sources like VFDs can generate sufficient interference to prevent 125 kHz readers from being reliable. Higher frequency iClass typically resolve these problems. 

Encryption: With the improvements in bandwidth and speed, iClass offers encryption against 'man-in-the-middle' attacks brought about by snooping unencrypted 125 kHz credentials. HID offers this explanation in their iClass product catalog:

"The communication between an iClass reader and card is encrypted using an algorithm. The transaction between the card and reader cannot be “sniffed” and replayed to a reader. The encryption protocol uses unique 64-bit card serial numbers and mutual card and reader authentication. (or, keys only known to the card/reader)"

A simplified overview between the two formats is shown below. With Prox, all transmission is unencrypted. However, with iClass, all transmission is encrypted and only can be decrypted in the reader once a specific 'key' is shared by the credential: 

Also, this image from a hacker's conference shows the 'handshaking' between iClass credential and reader:

The comparison between "keys" (part of the "signature" in the chart above) is a process not possible with Prox. iClass therefore attempts to mitigate the 'snooping risk' although several sources claim to have exploited iClass using modified snooping methods.

Readers: The readers must match the frequency of the credential; in other words, iClass cards cannot be read on Prox readers and vice versa. A user cannot simply migrate from Prox to iClass credentials without also replacing every reader. The cost of an iClass reader is generally more expensive that an Prox reader, the average price being about 15% higher.

However, the power and data utilities are the same for both formats, and switchovers typically are a quick process of installing the iClass reader in the same place as the removed Prox. All the reader form factors for Prox are available in iClass versions, and therefore changes can even be 'bolthole-to-bolthole' matches.

Certain readers are designed to handle both frequencies simultaneously. No only does this potentially simplify designs and inventory, but allows credential migrations to happen over time - rather than forcing everyone to be issued a new card at once, the normal attrition process of card reissue when expired can be followed.

Cost: Despite a lower credential manufacturing cost than Prox, iClass typically costs more. Because of the frequency difference, 125 kHz credentials need more wire coil loops than 13.56 MHz to achieve the right resonance level. iClass credentials use less expensive components than Prox, and despite higher prices, the cost of manufacture is lower. In previous years, HID offered pricing for either formats at near the same prices, although in recent years iClass is typically priced higher.   The chart below lists typical internet pricing of standard parts: 

Average Component Cost Comparison

          Prox II         iClass
 Cards          $2.75         $4.75
 Readers      $110.00     $135.00

Should I Upgrade?

Many answer the question of "Prox or iClass?" simply, and stick with the less expensive and familiar Prox format. Undoubtedly, millions of electronic access control systems use the format every day with satisfactory result, despite claims of being a security risk. The persistence of Prox, aside from its widespread market share, is due to the relative satisfaction with its use.

However, if Prox is the stubborn 'status quo', then iClass has true operational advantages not possible otherwise. For high-security deployments, or where there might be a high volume of other identity details carried in the credential (for logical or multi-system use) the higher bit capacity and encryption level of iClass is ideal.

 

 

 

5 reports cite this report:

Designing Access Control Guide on Jan 30, 2019
Designing an access control solution requires decisions on 8 fundamental questions. This in-depth guide helps you understand the options and...
Contactless Access Credentials Guide on Oct 29, 2018
Contactless credentials are the most common component used in an access control system and while many look alike externally, important differences...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Axis Releases Access Credentials - Insecure But Convenient on Nov 02, 2016
Axis continues to build out their own end-to-end 'solution'. The company recently announced a series of credential cards, but instead of a...
Average Access Control Job Size 2014 on Jun 30, 2014
Unique IPVM statistics reveal what is the average access control job size, how size varies across integrators, what brands they typically use for...
Comments (9) : PRO Members only. Login. or Join.

Related Reports

ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
ProdataKey (PDK) Access Company Profile on Aug 09, 2019
 Utah based ProdataKey touts low cost cloud access, wireless controllers, and no dealer required national distribution availability.  But how does...
Axis Door Station A8207-VE Tested on Aug 07, 2019
Axis newest door station, the A8207-VE, claims to deliver "video surveillance, two-way communication, and access control" in a single device. But...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...
How To Troubleshoot Wiegand Reader Problems - Inverted Wiring on Jul 16, 2019
Wiegand is the dominant method of connecting access readers, but problems can arise for installers. In fact, one of the most difficult reader...
Nortek Blue Pass Mobile Access Reader Tested on Jul 11, 2019
Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and...

Most Recent Industry Reports

TMA Apologizes to Amazon / Ring on Aug 23, 2019
Not only is Amazon / Ring making major incursions into the residential security market, the organization representing the biggest incumbents, The...
China Dahua Replaces Their Software With US Pepper on Aug 22, 2019
What does a US government banned company do to improve its security positioning in the US? Well, Dahua is unveiling a novel solution, partnering...
Security Integrators Outlook On Remaining Integrators In 2025 on Aug 22, 2019
The industry has changed substantially in the last decade, with the rise of IP cameras and the race to the bottom. Indeed, more changes may be...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
JCI Sues Wyze on Aug 21, 2019
The mega manufacturer / integrator JCI has sued the fast-growing $20 camera Seattle startup Wyze. Inside this note: Share the court...
Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact