Can a smart card be used securely for multiple applications (and among multiple manufacturers )? End users are demanding such interoperability, and they also want openness to switching out components of their access control systems in the future without being “locked in” to one vendor.

Those are the goals of the LEAF Identity consortium, a collection of companies that share and support end user-owned encryption keys stored securely in smart cards with MIFARE DESFire EV2 chips and are used to authenticate access control credentials and read the data required to access multiple applications secured by multiple vendor devices.

Smart card systems - more secure

Almost everyone in the industry now knows that low-frequency (125 kHz) “prox” cards are not secure; in fact, low-cost cloning equipment is readily and inexpensively available. As the industry transitions to encrypted cards, challenges of interoperability persist.

Keeping smart card systems more secure are AES 128 encryption keys encoded onto the card chips. Information is exchanged via radio frequency (RF) in a challenge-response interaction when a card is presented to a reader. The most recent LEAF EV2/EV3 cards allow up to 16 devices to be individually accessed using 16 unique keys, respectively that are stored in the smart cards (and among a variety of manufacturers).

LEAF Identity Consortium enables interoperability with encrypted Smart Cards

LEAF Memory Model specifies a standard EV2 (EV1 backward compatible) smart card data format and application access protocols that ensure each manufacturer’s devices can interface with a card chip in the same way. Specifically, each card has a “common data structure” based on the LEAF Memory Model, which means that the location of information is arranged on a card chip in a predictable and consistent manner.

Each end-user application (for door readers, secure printing, vending, etc.) stored in the card is secured with their own cryptographic key. Member companies adhere to that structure in order to be interoperable with a single credential. There are no license fees or intellectual property rights involved.

Keysets

The approach involves a LEAF Custom Cryptographic Keyset (LEAF Cc Keysets) owned by the end-user.

“When we present these concepts to integrators, they realize that, first, they need to get their clients to pay attention to the risks around proximity cards and to migrate to encrypted card technology,” says Laurie Aaron, Executive Vice President, WaveLynx Technologies Corp. “Then we explain the benefits of customer-owned keys and of the LEAF data structure. Then integrators can differentiate themselves by selling the value of the end-user staying in control and having unlimited interoperability.”

WaveLynx

Access control manufacturer WaveLynx is implementing the LEAF concept, which is the brainchild of CEO Hugo Wendling, who saw the advantages of leveraging the ability of an EV2 chip card to authenticate access to multiple applications by multiple manufacturer’s devices. WaveLynx set up the specification, maintains the website, and is involved when a manufacturer wants to become LEAF Enabled. They provide a key management service (for life) to end-users based on LEAF capabilities.

End-users “own” the keys and can submit a request to WaveLynx to have us securely share them with any other manufacturer. Sharing a key involves two key custodians from WaveLynx Technologies and the Vendor who is receiving the customer’s keys, each of whom only has access to half of the encrypted key in order to keep it secure.  Keys are shared via a “key ceremony”.

Combining capabilities

The LEAF consortium provides a way for manufacturers to work together to provide an ecosystem of devices that are compatible with a single encrypted smart card without the need to embed proprietary reader modules in their devices or license another manufacturer’s technology, thereby making it possible for them to increase their market share. Working together, independent manufacturers can assemble a group of devices to compete more effectively with larger manufacturers. In effect, they combine their capabilities in order to offer the end-user viable options and to compete.

LEAF Consortium partners include Allegion, ASSA ABLOY, Brivo, Eline by DIRAK, Linxens, RFIDeas, and Telaeris. Biometric partners include Idemia and IrisID. Biometric devices may either store their biometric on the card or on a central database and access it through the badge number. The LEAF standard continues to evolve.

Although the standard does not currently offer mobile credentials, a common mobile credential standard is currently being discussed and designed by the Consortium.  

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

How is AI Changing the Security Market?
How is AI Changing the Security Market?

Artificial intelligence is more than just the latest buzzword in the security marketplace. In some cases, smarter computer technologies like AI and machine learning (ML) are helping to transform how security operates. AI is also expanding the industry’s use cases, sometimes even beyond the historic province of the security realm. It turns out that AI is also a timely tool in the middle of a global pandemic. We asked this week’s Expert Panel Roundtable: How is artificial intelligence (AI) changing the security market?

Moving to Sophisticated Electric Locking
Moving to Sophisticated Electric Locking

In part one of this feature, we introduced the shotbolt – a solenoid actuator – as the workhorse at the heart of most straightforward electric locking systems. Shotbolts remain at the core of most sophisticated electric locking solutions as well. But they are supplemented by materials and technologies that provide characteristics suited to specialist security applications. Here we look at some more demanding electric locking applications and contemporary solutions. Preventing forced entry Where the end of the shotbolt is accessible, the electric holding force can be overcome by physical force. That’s why anti-jacking technology is now a frequent feature of contemporary electric solenoid lock actuators. Anti-jacking, dead-locking or ‘bloc’ technology (the latter patented by MSL) is inherent to the way the locking assembly is designed to suit the requirements of the end application. The patented bloc anti-jacking system is highly effective and incorporated into many MSL shotbolts deployed in electric locking applications. The bloc technology uses a ring of steel balls in a shaped internal housing to physically jam the actuated bolt in place. A range of marine locks is widely used on Superyachts for rapid lockdown security from the helm Real life applications for MSL anti-jacking and bloc-equipped shotbolts include installation in the back of supermarket trucks to secure the roller shutter. Once locked from the cab, or remotely using radio technology, these shutters cannot be forced open by anyone with ‘undesirable intentions’ armed with a jemmy. A range of marine locks is widely used on Superyachts for rapid lockdown security from the helm. While anti-jacking features are an option on these shotbolts, consideration was given to the construction materials to provide durability in saltwater environments. Marine locks use corrosion-proof stainless steel, which is also highly polished to be aesthetically pleasing to suit the prestigious nature of the vessel while hiding the innovative technology that prevents the lock being forced open by intruders who may board the craft. Rotary and proportional solenoids sound unlikely but are now common A less obvious example of integrated technology to prevent forced override is a floor lock. This lock assembly is mounted beneath the floor with round-top stainless-steel bolts that project upwards when actuated. They are designed to lock all-glass doors and are arguably the only discreet and attractive way to lock glass doors securely. In a prestigious installation at a historic entranceway in Edinburgh University, the floor locks are remotely controlled from an emergency button behind the reception desk. They act on twin sets of glass doors to quickly allow the doors to close and then lock them closed with another set of subfloor locks. No amount of stamping on or hitting the 15mm protruding bolt pin will cause it to yield, thus preventing intruders from entering. Or leaving! Explosion proofing In many environments, electric locking technology must be ATEX certified to mitigate any risk of explosion. For example, remote electric locking is used widely on oil and gas rigs for stringent access control, general security and for emergency shutter release in the event of fire. It’s also used across many industrial sectors where explosion risks exist, including flour milling, In many environments, electric locking technology must be ATEX certified to mitigate any risk of explosionpowder producers, paint manufacture, etc. This adds a new dimension to the actuator design, demanding not only intrinsically safe electrical circuits and solenoid coils, but the careful selection of metals and materials to eliminate the chance of sparks arising from moving parts. Resilience under pressure The technology boundaries of solenoids are always being pushed. Rotary and proportional solenoids sound unlikely but are now common. More recently, while not directly related to security in the traditional sense, proportional solenoid valves for accurately controlling the flow of hydrogen and gases now exist. Magnet Schultz has an extensive and somewhat innovative new range of hydrogen valves proving popular in the energy and automotive sectors (Fig. 2-6). There’s a different kind of security risk at play here when dealing with hydrogen under pressures of up to 1050 bar. Bio security Less an issue for the complexity of locking technology but more an imperative for the effectiveness of an electric lock is the frequent use of shotbolts in the bio research sector. Remote electric locking is commonplace in many bioreactor applications. Cultures being grown inside bioreactors can be undesirable agents, making 100% dependable locking of bioreactor lids essential to prevent untimely access or the unwanted escape of organisms. Again, that has proven to be topical in the current climate of recurring coronavirus outbreaks around the world. More than meets the eye In part one, I started by headlining that there’s more to electric lock actuation in all manner of security applications than meets the eye and pointed out that while electric locking is among the most ubiquitous examples of everyday security, the complexity often involved and the advanced technologies deployed typically go unnoticed.Integrating the simplest linear actuator into a complex system is rarely simple For end users, that’s a very good thing. But for electro-mechanical engineers designing a system, it can present a challenge. Our goal at Magnet Schultz is to provide a clearer insight into today’s electric locking industry sector and the wide range of locking solutions available – from the straightforward to the specialized and sophisticated. Integrating the simplest linear actuator into a complex system is rarely simple. There’s no substitute for expertise and experience, and that’s what MSL offers as an outsource service to designers. One benefit afforded to those of us in the actuator industry with a very narrow but intense focus is not just understanding the advantages and limitations of solenoid technology, but the visibility of, and participation in, emerging developments in the science of electric locking. Knowing what’s achievable is invaluable in every project development phase.

Key Considerations for Robust Residential Security
Key Considerations for Robust Residential Security

In the UK, one burglary occurs every 106 seconds. This means by the time you've finished reading this article, at least three will have taken place. Selecting robust physical security options to protect property boundaries and homes is essential to limit crime rates and deter opportunistic intruders. With 58% of burglaries said to take place while the homeowner is in, it seems that even the second wave of lockdowns, and an increased number of people confined to their homes, won't do much to eliminate the risk of burglary. Prioritise security for peace of mind Security is paramount, and in the case of new build projects, should be considered from the very beginning of the design process, not as an afterthought. When it comes to securing pre-existing buildings, there are countless security options which will ensure the perimeter is robust enough to withstand opportunistic attacks. It's also worth noting that security features don't have to be complicated. There are plenty of high-tech digital systems flooding the market, which can go a long way to reduce the risk of burglary and will provide peace of mind to the end user. However, this article will demonstrate how traditional security measures, such as high-quality perimeter fencing, can ensure practical safeguarding of properties for years to come.  Selecting robust physical security options to protect property boundaries and homes is essential to limit crime rates Timber! There are a number of different materials which can be specified to create a strong boundary. From metal railings, to timber fence panels, they will each help deter criminals somewhat. Wooden fence panels are a popular choice for their appearance, and the right product and installation can help to increase security.Our timber acoustic fencing can also reduce noise by up to 32dB and has a solid face with no hand or footholds, while still retaining the attractive natural timber aesthetic of a typical garden fence. However, maintenance is key, and one of the first thing burglars will notice is the condition a fence is in, rather than a particular style. Therefore, old, broken or rotten fence panels are a green light for opportunistic thieves. These can be easily broken or bypassed with minimal effort. When specifying fences as part of a new build housing development, we would suggest opting for high-quality timber, as this will ensure that it is protected against rot. Look for products with an extended guarantee or those that don't need additional treatment over the years. The condition of the fence should still be regularly inspected, and simple methods such as clearing piles of leaves away from the base of the boundary can help to prevent rot which weakens the timber.  Securing fence panels The recent rising cost of timber has led to a dramatic increase in fence panel theft, and panels that can be lifted from the posts are an easy target. Mitigate this risk by screwing the fence panels into the posts. This makes it much harder for the panels to be removed from the posts and creates a more secure barrier.  Concrete posts do offer benefits, but we always advise on timber posts for any fencing. They're strong, just like concrete, but they continue the same natural theme as the rest of the fence. Moreover, if you screwed the panels to concrete posts, they would most likely crack and become damaged, and then be at risk to the elements.  Astute design Design is also important. Installing fence rails on the inside of properties to prevent them from being used as climbing aids is highly recommended. Even better, using panels without rails on high-end developments is a clever tip if you want a secure fence with a high-spec look. Security features don't have to be complicated High fences with solid panels and no gaps in between make it considerably harder for potential burglars to climb over. They also offer better privacy to conceal rear garden areas from intruders, and are much sturdier than other alternative panels.  One common mistake is designing in features such as trees or children's climbing frames too close to the boundary. These can be used by burglars as climbing aids when attempting to scale the fence, making access easy. Investigate the surrounding area, which flanks the outside of the property boundary, as an unfortunately placed bin or bench can also help criminals gain entry. If the removal of these items is not possible, designing in a spiky bush can help deter intruders. It's also worth noting that gardens with numerous large features such as bushes or sheds can also negatively impact the level of security. A clear line of sight across the entire garden is highly recommended where possible. If this view is blocked, it's considerably easy for intruders to hide undetected. Front gardens  While tall, solid fence panels are recommended for rear gardens to prevent intruders from being able to see in and climb over, the opposite is true for front gardens. For street-facing gardens, a low fence or hedge is recommended to provide a clear view from the house. It also makes it much harder for intruders to hide from passers-by or neighbours, who can raise the alarm during a burglary. Another useful security technique to consider is a gravel drive. These create noise, which means the homeowner will know when it is in use. Pair this with a strong boundary fence, the likelihood of burglary dramatically decreases. This article only scratches the surface in unveiling the sheer volume of effective home security options on offer to protect homes and gardens. These investments can help minimize the risk of traumatic break-ins, while also simultaneously boosting the aesthetic of the property and its surroundings.