Prox vs. iClass Explained

Author: Brian Rhodes, Published on Jul 12, 2013

The differences between 'contactless' proximity credential formats are significant, yet the details are not well understood. Most access designers and users are familiar with 'Prox', but replacing them with 'iClass' has no real benefit... or does it? In this note, we contrast Prox versus iClass formats, and examine the key differences between both. Should you upgrade you Prox system to iClass? We answer that question in this report.

Key Pros and Cons

*** *** ********** ** **** ***** ***: 

  • *** ****:*** **** ****** ** (**********) **** ***** ********** ** ***** prices ******** ** ******.
  • "**** ******" ********: ***** ********** ** "********", **** **** ** ********** ********* and **** ***** *** *********** **** ****'* "******** ******* *********".

** ********, *** *** ********** ** ****** ***:

  • ********* ********:****** ****, ****** **** * *** ** ***** ****** ********** of **** ****, *** **** * ****** ****** *** ****** the ******, ******* ** ** ****** * '*****-*****' **********.
  • **** ********: ****** ******** **** ****, *** ************ **** *******, **** Prox. ***** ** ****** **** ** ** ****** **** ** store **** *********** *** * ****** ** ********* ******* ***** from **** ***

Prox ** (*****) ****

******* ***** ********* ** ****** ** '**** ********** *********', *** majority ** *** ****** ******* ********* ********* ***** *** '**** II' ****** ***********. ** * ****** ***** ****** ************ **********, ~75% ** ********* ********* **** ***, ******, ** ******* *** systems **** *** *** *** **** ***********. ***** **** ********* *** end ***** *** ***** ** ***** '***********' ********** *******, **** are ******* ** *** ********** *********** ******* *** *** *** simply ******** ** *** *** **** ****** **** *** ******** with.

************

* **** **** ** ******'* **** ****** ** * ****** of *** ******* ** ********* **** ********** ** *** *** user *** ****** ***. **** ******* *** '***********' *********** ********* used ** ****** * ****, ***, ** ***** ** ***** proximity ** ** ******. ** **** *******, ** **** ** the *** ******* **** *** ****** ******* ****** *******:

  • **** ******
  • **** *****

**** ******:* **** **** *** ** ****** **** '****' ********* ** ** ****** control ******. ***** *** **** ******* ** *** ********** ** formatted *********** ** *** ****, *** ****** ****** *** **** Wiegand ** ***** *** **** ****** ** *** ****** ******* head ***. 

**** *****:**** * ********* ***********, ****** ******* ******* ********* **** ****, however ** ******* *** ****** *** **** ***** ** ****. Because ** **** '***********' *********** *** ********* ******* ** *** reader, *** ***** **** ** ***** ** *** ****** ** order ** ****. **** *********** ****** **** **** ****** *** typically ******* *.**" - *.*", ******* ********* ******* **.*" - 24.0" *** ******** **** ****** (******* *******) ***********. 

***********

*******, ******* *** ******* *** ******* ** ***-*****, ***** *** many ********* *********** ******* *** ******* *********:  

  • *********
  • **********
  • *******
  • ****

*********: *** ****** ******* ********** ******* *** *** *********** ** ************ radio *********, ***** **** ** * *** ********* *** *** and ****** ** **** ********* ** **.** ***. *** ****** frequency ****** ****** ************ ****** *** ******* *********, **** '****' of *********** *** **** ** ** ********* ******* **** *** reader ** * ********* ******* ****** ** ****.

**** *********** ***********, * ***** ** **** ********** ***********. *** kHz ** ******* **** ***** ** ************* **.** ***, *** *** ********* ** **** *** * credential ** **** ** * **** **** ** *******. ******** longer ******* ** * **** ***** ** ********** ** *****, ** Prox *********** *** ******* ** *** **** ****** ** *********** they ********. ** * ******, *** ******* ****** ** **** for **** **  ********* ** *** ******** ** ****, **** beneath *** *** ***, *** *** ** ******* *********** ******** by *** ****** ********.

*** ****** ********* **** ******** * **** '*****' ***** ****. In **** ************, ********** **********,******* **** ******* ******** ********** ************ ** ******* *** *** ******* **** ***** ********. Higher ********* ****** ********* ******* ***** ********. 

**********: **** *** ************ ** ********* *** *****, ****** ****** ********** against '***-**-***-******' ******* ******* ***** ** ******** *********** *** *** ***********. HID ****** **** *********** ** *********** ******* *******:

"*** ************* ******* ** ****** ****** *** **** ** ********* using ** *********. *** *********** ******* *** **** *** ****** cannot ** “*******” *** ******** ** * ******. *** ********** protocol **** ****** **-*** **** ****** ******* *** ****** **** and ****** **************. (**, **** **** ***** ** *** ****/******)"

* ********** ******** ******* *** *** ******* ** ***** *****. With ****, *** ************ ** ***********. *******, **** ******, *** transmission ** ********* *** **** *** ** ********* ** *** reader **** * ******** '***' ** ****** ** *** **********: 

****, **** ***** ***** ******'* *************** *** '***********' ******* ****** ********** *** ******:

*** ********** ******* "****" (**** ** *** "*********" ** *** chart *****) ** * ******* *** ******** **** ****. ****** therefore ******** ** ******** *** '******** ****' ******** ******* ************ ** **** ********* *********** ******** ******** *******.

*******: *** ******* **** ***** *** ********* ** *** **********; ** other *****, ****** ***** ****** ** **** ** **** ******* and **** *****. * **** ****** ****** ******* **** **** to ****** *********** ******* **** ********* ***** ******. *** **** of ** ****** ****** ** ********* **** ********* **** ** Prox ******, *** ******* ***** ***** ***** **% ******.

*******, *** ***** *** **** ********* *** *** **** *** both *******, *** *********** ********* *** * ***** ******* ** installing *** ****** ****** ** *** **** ***** ** *** removed ****. *** *** ****** **** ******* *** **** *** available ** ****** ********, *** ********* ******* *** **** ** '********-**-********' *******.

******* ******* *** ******** ** ********** *********** **************. ** **** **** **** *********** ******** ******* *** *********, but ****** ********** ********** ** ****** **** **** - ****** than ******* ******** ** ** ****** * *** **** ** once, *** ****** ********* ******* ** **** ******* **** ******* can ** ********.

****: ******* * ***** ********** ************* **** **** ****, ****** ********* costs ****. ******* ** *** ********* **********, *** *** *********** **** more **** **** ***** **** **.** *** ** ******* *** right ********* *****. ****** *********** *** **** ********* ********** **** Prox, *** ******* ****** ******, *** **** ** *********** ** lower. ** ******** *****, *** ******* ******* *** ****** ******* at **** *** **** ******, ******** ** ****** ***** ****** ** typically ****** ******.   *** ***** ***** ***** ******* ******** pricing ** ******** *****: 

Average ********* **** **********

         **** **        ******
 *****         $*.**        $*.**
 *******     $***.**    $***.**

Should * *******?

**** ****** *** ******** ** "**** ** ******?" ******, *** stick **** *** **** ********* *** ******** **** ******. ***********, millions ** ********** ****** ******* ******* *** *** ****** ***** day **** ************ ******, ******* ****** ** ***** * ******** risk. *** *********** ** ****, ***** **** *** ********** ****** share, ** *** ** *** ******** ************ **** *** ***.

*******, ** **** ** *** ******** '****** ***', **** ****** has **** *********** ********** *** ******** *********. *** ****-******** ***********, or ***** ***** ***** ** * **** ****** ** ***** identity ******* ******* ** *** ********** (*** ******* ** *****-****** use) *** ****** *** ******** *** ********** ***** ** ****** is *****.

 

 

 

Comments (9)

Excellent article. I can't remember the last time I sold a new EAC system using prox cards or readers. We've been selling iClass for several years for new installs. Our clientele is generally more security concious than most and we don't do a lot of low bid type work.

We have customers that use the memory storage blocks built into the iClass card for biometrics and other functions such as logging into their PC's using an USB reader instead of manually typing a password.

As mentioned, the "MultiClass" readers are handy for helping customers migrate technology.

In the picture "Encrypted v.s. Unencrypted transmission methods", I am curious as to what this person is holding against the door/wall. In this picture, what is this snooping technique?

Great article Brian Thank you.

This is a subject I debate with people on a regular basis. If you are not set up for, monitoring and enforcing door forced open and door propped open alarms, prox cards are really a non factor in how secure you are. It is far easier to tailgate than it is to "snoop". Seems people want to make a big deal out of prox cards but don't bother with DFO or DPO.

Hello, Wassim:

The picture shows a 'generic' homemade RFID antenna. The web is full of DIY RFID snoop gear, and it's more than just antennas. However, we did not want to provide a blueprint for snoop gear with this post, but rather illustrate the purpose of credential encryption.

Thanks for reading!

I have some comments I'd like to provide on this topic. Though will have to get into more detail later.

The snooping process and the iClass authentication, etc is slightly different than explained. (though my quick comments will probably provide additional confusion)

The prox cards were not actually compromised, just the lack of two way authentication method with the reader made it easily copied, even the clock signal can be slighly off. They can not be cloned to a new physical card (or from the last I remember they couldn't). The old MiFare classic was hacked/broken and can be easily cloned to new cards.

Prox cards are duplicated by copying the RF field that is outputted from the card and doesn't require you to do it during a card read process with a legit reader as shown in the snooping example. You also have greater distance with the RF field off a 125khz card than a 13.56MHz card allowing you to electrocinally copy the prox card at greater distances. The electronic cloner would then be used to replay the RF signal to the reader.

Most iClass card based installations typically use a standard Card Serial Number (35bit/37bit) method when used with wiegand readers as this is a one way communications method and typically doesn't allow access to the application areas. You can easily read the same card serial number from the iClass as from a prox card. (If you wish to use application areas and other key based techniques you can make it impossible to duplicate a card number though in those instances you will probably be using a RS-485 bidirectional reader with an encrypted communications that prevents the physical access). iClass is secure from cloning or spoofing in the sense of the prox.

The security of a wiegand based system relies on the ability to keep the wiegand circuit secure. I could take any iClass card using a wiegand system and copy the CSN and then take a device that can output that same CSN over a weigand device. This of course requires physical access to the data 0 and data 1 cables to push this number down the line. So use of tamper monitoring should be used on all readers that have a wiegand interface if there is a chance it could be physically accessed by a person.

Great points Andrew. When people go on about prox not being secure and needing to go to IClass I point out what Andrew mentioned about down stream devices. For areas needing real security IClass and OSDP are in order.

Would like to see a similar comparison between iClass and DesFire

In the 13.56 MHz realm there are different competing standard. In NA we mainly see the HID iCLASS and its new vesion iCLASS SE, in Europe it is the Philips Mifare and the more advanced version Desfire EV1 that is popular and in Japan it is the Sony Felica. When we look at the ISO 14443, iCLASS is ISO 14443B and Philips Desfire is ISO 14443A so although both are "compliant" with the same ISO standard the are not fully interoperable. Typically the HID iCLASS reader will only read the CSN (Card Serial Number) of a Mifare or Desfire card not being able to read the actual sector storing the credential information

This is well documented article, in an environment of regulatory requirement of financial institution for example where a customer can use his/her bank debit card to enter banking hall during the closing hours to carry out transaction. The PCI regulation requires encryption of personal information it would be a risk to use Prox for door entry system.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Higher Power PoE 802.3bt Ratified, Impact on Security Products Examined on Oct 12, 2018
Power over Ethernet has become one of the most popular features of many video, access, and other security products. See our PoE for IP Video...
Door Hinges Guide on Oct 10, 2018
Some of the trickiest access control problems are caused by bad door hinges. From doors not closing right, to locks not locking, worn or warped...
Security System Health Monitoring Usage Statistics 2018 on Oct 09, 2018
How well and quickly do integrators know if devices are offline or broken? New IPVM statistics show that typically no health monitoring is...
UTC Merges Lenel and S2, Creates LenelS2 on Oct 03, 2018
UTC has completed the acquisition of S2, launching literally Lenel's2 LenelS2 with UTC declaring that "LenelS2 unites two world-class teams with...
Anti-Tailgating Startup: Spyfloor on Oct 03, 2018
A Canadian startup, Spyfloor, is using a different approach to warn against tailgating, a common access control problem. By counting feet,...
VMS Mobile App Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone on Oct 01, 2018
Mobile VMS apps are a critical interface for the modern surveillance user. But who does it best and worst? We tested 6 manufacturers - Avigilon,...
Favorite Power Supply Manufacturer 2018 on Sep 28, 2018
While power supplies are becoming less important as PoE matures, they remain vital to access control systems, where increased power for locks,...
AHJ / Authority Having Jurisdiction Tutorial on Sep 27, 2018
One of the most powerful yet often underappreciated characters in all of physical security is the Authority Having Jurisdiction (AHJ). Often,...
Access Control Lock Guide on Sep 26, 2018
In this guide, we examine locks; critical elements of any security system and fundamental parts of every access control system. Two fundamental...
Favorite Access Control Reader Manufacturer 2018 on Sep 25, 2018
Favorite reader votes are in, and it is not close. A global access giant ran away with the votes in a one-sided contest. But for many, the...

Most Recent Industry Reports

Hanwha Dual Imager Dome Camera Tested (PNM-7000VD) on Oct 18, 2018
Hanwha has introduced their first dual-imager model, the PNM-7000VD, a twin 1080p model featuring independently positionable sensors and a snap-in...
Camera Height / Blind Spot Added to IPVM Camera Calculator on Oct 18, 2018
IPVM has added camera height and blind spot estimation to the Camera Calculator. This is especially helpful for those who need to mount cameras up...
Axis Strong US Growth, Flat EMEA - Q3 2018 Financials on Oct 18, 2018
This spring, Axis had its best financials in many years (see Axis Strong Q2 2018 Results). However, over the summer, Axis had many products sold...
Best Alternatives to Banned Dahua and Hikvision on Oct 17, 2018
With the US government ban and a growing number of users banning Dahua and Hikvision, one key question is what to use for low cost? While Dahua and...
Video Quality / Compression Tutorial on Oct 17, 2018
While CODECs, like H.264, H.265, and MJPEG, get a lot of attention, a camera's 'quality' or compression setting has a big impact on overall...
Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...
ADI's Financials Revealed + W-Box Growth Priority on Oct 15, 2018
  ADI is one of the most powerful distributors in the security industry but how big are they? How much profit do they make? How much do they sell...
Dahua Face Recognition Camera Tested on Oct 15, 2018
Dahua has been one of the industry's most vocal proponents of the value that AI creates: As part of this, Dahua has released a facial...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact