How secure are RFID applications? The guideline issued by Germany’s Federal Office for Information Security (BSI) for such applications sets the standard at the European level. Kaba is currently the only access management solutions business that complies with the technical guideline for RFID security.
With such a wide variety of RFID applications available, many operators find it difficult to assess how secure they are. Often these companies just have to trust whatever their suppliers tell them. This is why the BSI’s standard is so important, providing a neutral assessment of the level of security provided. Technical Guideline BSI TR RFID 03126-5 provides a guide to RFID system solutions and describes ways to achieve the required level of security.
Clearly secure solution
Kaba’s exos 9300 access management system is used all over the world. In conjunction with Kaba ARIOS it provides a sophisticated security concept for RFID applications. Kaba has comprehensively reviewed this solution on the basis of the BSI’s standard and declared it compliant with TR RFID. On 3 November 2011, Dr. Andreas Häberli, Chief Technology Officer at Kaba, handed over the compliance declaration to Bernd Kowalski, Head of Certification at the BSI. “Kaba is the first and only company so far that has officially fulfilled our guideline with a compliance declaration,” Kowalski confirmed on receiving the document.
Significant increase in the security of RFID applications
It was clear from the moment development work on Kaba ARIOS began that this project would mark a breakthrough in the security of Kaba’s RFID solutions. “We broke new ground with Kaba ARIOS, and developed additional security mechanisms for RFID solutions,” says Häberli. In Kaba’s new solution, the whole process of generating, distributing and storing the RFID media key was designed to be more secure. This was made possible by the integrated “secure element”: all online and stand-alone system components are fitted with a dedicated security chip. “The RFID data is never left unencrypted in our solution; it’s always as secure as if it were in a safe,” Dr. Häberli explains. The system includes further groundbreaking mechanisms that simplify process handling and greatly increase the level of security provided. “Thanks to these features, we have already been able to win several customers, including a very security-sensitive major company (DAX) in Germany,” says Mike Segmüller, who is in charge of Kaba’s distribution and service companies in Europe.
Security mechanisms also available to other manufacturers
In future, LEGIC will be supplying the central components of this Mifare-based security concept, including the security element and other hard and software components, to its global network of partners. LEGIC will market these components and develop them further to create a wide range of products that can be used in applications other than pure access control. Klaus U. Klosa, Managing Director of LEGIC Identsystems AG: “The integration of our security elements into the Mifare world opens up a whole range of new opportunities for our customers. We are very happy to be able to transfer our extensive expertise in master token concepts to the Mifare world. We are creating a new level of security and user-friendliness also in Mifare-based systems.”