Can a smart card be used securely for multiple applications (and among multiple manufacturers )? End users are demanding such interoperability, and they also want openness to switching out components of their access control systems in the future without being “locked in” to one vendor.

Those are the goals of the LEAF Identity consortium, a collection of companies that share and support end user-owned encryption keys stored securely in smart cards with MIFARE DESFire EV2 chips and are used to authenticate access control credentials and read the data required to access multiple applications secured by multiple vendor devices.

Smart card systems - more secure

Almost everyone in the industry now knows that low-frequency (125 kHz) “prox” cards are not secure; in fact, low-cost cloning equipment is readily and inexpensively available. As the industry transitions to encrypted cards, challenges of interoperability persist.

Keeping smart card systems more secure are AES 128 encryption keys encoded onto the card chips. Information is exchanged via radio frequency (RF) in a challenge-response interaction when a card is presented to a reader. The most recent LEAF EV2/EV3 cards allow up to 16 devices to be individually accessed using 16 unique keys, respectively that are stored in the smart cards (and among a variety of manufacturers).

LEAF Identity Consortium enables interoperability with encrypted Smart Cards

LEAF Memory Model specifies a standard EV2 (EV1 backward compatible) smart card data format and application access protocols that ensure each manufacturer’s devices can interface with a card chip in the same way. Specifically, each card has a “common data structure” based on the LEAF Memory Model, which means that the location of information is arranged on a card chip in a predictable and consistent manner.

Each end-user application (for door readers, secure printing, vending, etc.) stored in the card is secured with their own cryptographic key. Member companies adhere to that structure in order to be interoperable with a single credential. There are no license fees or intellectual property rights involved.


The approach involves a LEAF Custom Cryptographic Keyset (LEAF Cc Keysets) owned by the end-user.

“When we present these concepts to integrators, they realize that, first, they need to get their clients to pay attention to the risks around proximity cards and to migrate to encrypted card technology,” says Laurie Aaron, Executive Vice President, WaveLynx Technologies Corp. “Then we explain the benefits of customer-owned keys and of the LEAF data structure. Then integrators can differentiate themselves by selling the value of the end-user staying in control and having unlimited interoperability.”


Access control manufacturer WaveLynx is implementing the LEAF concept, which is the brainchild of CEO Hugo Wendling, who saw the advantages of leveraging the ability of an EV2 chip card to authenticate access to multiple applications by multiple manufacturer’s devices. WaveLynx set up the specification, maintains the website, and is involved when a manufacturer wants to become LEAF Enabled. They provide a key management service (for life) to end-users based on LEAF capabilities.

End-users “own” the keys and can submit a request to WaveLynx to have us securely share them with any other manufacturer. Sharing a key involves two key custodians from WaveLynx Technologies and the Vendor who is receiving the customer’s keys, each of whom only has access to half of the encrypted key in order to keep it secure.  Keys are shared via a “key ceremony”.

Combining capabilities

The LEAF consortium provides a way for manufacturers to work together to provide an ecosystem of devices that are compatible with a single encrypted smart card without the need to embed proprietary reader modules in their devices or license another manufacturer’s technology, thereby making it possible for them to increase their market share. Working together, independent manufacturers can assemble a group of devices to compete more effectively with larger manufacturers. In effect, they combine their capabilities in order to offer the end-user viable options and to compete.

LEAF Consortium partners include Allegion, ASSA ABLOY, Brivo, Eline by DIRAK, Linxens, RFIDeas, and Telaeris. Biometric partners include Idemia and IrisID. Biometric devices may either store their biometric on the card or on a central database and access it through the badge number. The LEAF standard continues to evolve.

Although the standard does not currently offer mobile credentials, a common mobile credential standard is currently being discussed and designed by the Consortium.  

Download PDF version Download PDF version

Author profile

Larry Anderson Editor, &

An experienced journalist and long-time presence in the US security industry, Larry is's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Security & Safety Things Becomes Azena, Underscores Advances In Smart Camera Platform Development
Security & Safety Things Becomes Azena, Underscores Advances In Smart Camera Platform Development

Security & Safety Things is announcing that it has rebranded to Azena, a new brand name that underscores the company’s corporate growth and leading-edge smart camera platform and positions it for the next chapter in its ambitious plans for redefining video analytics. With a growing slate of global customer and partner collaborations and expanding geographic coverage, Azena will continue to increase the value of its platform for systems integrators and end customers. More than 100 AI-enabled video analytics apps Since its market introduction in 2018, Azena has grown to more than 120 employees spread across its headquarters in Munich, its technology Innovation Accelerator facility in Pittsburgh, and another development hub in Eindhoven, The Netherlands, all supporting the Azena open platform for smart cameras.Integrators can flexibly add or change apps on one or multiple cameras as needed for their customers The Azena platform is comprised of an open operating system for cameras and an Application Store with nearly 100 Artificial Intelligence (AI)-enabled video analytics apps. It enables smart cameras to simultaneously run multiple apps directly on the device. Integrators can flexibly add or change apps on one or multiple cameras as needed for their customers and use any of the 15 cameras from six different manufacturer partners in a variety of form factors.“Systems integrators play a crucial role in connecting the video analytic edge devices on our platform into the larger system landscape for a truly data-driven approach to security, operational intelligence and automation,” said Hartmut Schaper, chief executive officer, Azena. “Our new identity as Azena positions us for improved name recognition and market presence as we continue to add functionality and the potential for expansion into new markets for our systems integrator partners.” More than 40 use cases in 25+ verticals The Azena Application Store features apps that address more than 40 different use cases in at least 25 different vertical markets, ranging from traditional perimeter security, retail loss prevention and occupancy management to stadium security and even the unique needs of aquaculture. Some examples of use cases include: One U.S. professional hockey team, the Pittsburgh Penguins, is using the Azena platform to monitor crowding at its stadium entrances, license plate recognition for more efficient stadium parking and heat mapping for improved layouts of its fan merchandise retail outlets. An oil drilling company is deploying smart cameras running the Azena OS so operations staff can remotely monitor any pumping disruptions in the oil fields. A chemical plant is monitoring its locations for the presence of smoke to enhance  workplace safety measures Collaboration with Proseguy Systems integrator Prosegur, one of the world’s largest security companies, has announced its collaboration with Azena to use analytics on the edge as part of its Security Operations Center as a service offering. By deploying more sophisticated analytics to measure activity or automatically verify alarms, incoming alarm traffic from customer sites can be prefiltered, reducing the number of alarms needing to be handled by human operators in the SOC, enabling a more appropriate response.Integrators will find a host of other new features in the Azena platformIntegrators will find a host of other new features in the Azena platform designed to leverage device management capabilities and remote access for diagnosis and maintenance to cameras on a customer site, using Azena’s digital twin architecture. Other benefits include: Ability to run all the analytics apps from the Azena Application Store on the video stream of existing IP cameras by means of a small appliance from one of the camera manufacturer partners, bringing AI to already installed video systems Wide range of integration options to connect VMS systems, dashboard software, access systems, other apps or other cameras to support the creation of sophisticated end-to-end solutions Option for integrators to build and deploy custom solutions with apps available only to them and their customers via the Azena Application Store Ability to securely and remotely connect to a customer camera without a VPN A new integration assistant that quickly builds middleware for custom integrations between Azena components and third-party software and hardware Opportunity to negotiate directly with app developers on bulk pricing Standardized terms of use that can be adopted by all applications in the Application Store

What Are New Trends In Residential Security?
What Are New Trends In Residential Security?

Residential security and smart homes are rapidly changing facets of the larger physical security marketplace, driven by advances in consumer technology and concerns about rising crime rates. During the COVID-19 pandemic, many people spent more time at home and became more aware of the need for greater security. As workplaces opened back up, returning workers turned to technology to help them keep watch over their homes from afar. We asked this week’s Expert Panel Roundtable: What are the trends in residential security in 2021?

How Businesses Can Protect Their People In The New Age Of Work
How Businesses Can Protect Their People In The New Age Of Work

Ensuring employee health and safety remains a key priority for organizations this year, especially as we see COVID-19 cases continue to rise in different areas of the world. As an ongoing challenge, COVID-19 has shifted the priorities of many organizations. In fact, “improving health and safety for employees” is the top strategic goal this year of manufacturing and logistics organizations in the U.S. and U.K., according to research conducted by Forrester on behalf of STANLEY Security. But as we think about reopening and as hybrid workforce models and “workspace-on-demand” approaches rise in popularity, leaders need to consider implementing the right technologies to help ensure a safe return to the office. This means investing in health, safety, and security solutions that can help leaders protect their people. The intersection of security technology and health and safety There’s no doubt that the scope of security has expanded in the wake of the global pandemic. What was once an area governed by a select few security or IT professionals within a business has now become a crucial company investment involving many key stakeholders. The role of security has expanded to encompass a broader range of health and safety challenges for businesses Additionally, the role of security has expanded to encompass a broader range of health and safety challenges for businesses. Fortunately, security technologies have made significant strides and many solutions, both existing and new, have been thrust forward to address today’s biggest business challenges. Investment in security technology It’s important to note that businesses are eager to adopt tech that can help them protect their people. Nearly half (46%) of organizations surveyed by Forrester report that they’re considering an increasing investment in technology solutions that ensure employee safety. Technologies like touchless access control, visitor management systems, occupancy monitoring, and installed/wearable proximity sensors are among some of the many security technologies these organizations have implemented or are planning to implement yet this year. Facilitating a safe return to work But what does the future look like? When it comes to the post-pandemic workplace, organizations are taking a hard look at their return-to-work strategy. Flexible or hybrid workforce models require a suite of security solutions to help ensure a safer, healthier environment More than half (53%) of organizations surveyed by Forrester are looking to introduce a flexible work schedule for their employees as they make decisions about returning to work and keeping employees safe post-pandemic. Such flexible – or hybrid – workforce models require a suite of security solutions to help ensure a safer, healthier environment for all who traverse a facility or work on-site. One of the central safety and security challenges raised by these hybrid models is tracking who is present in the building at any one time – and where or how they interact. Leveraging security technology With staggered schedules and what may seem like a steady stream of people passing through, it can be difficult to know who’s an employee and who’s a visitor. Access control will be key to monitoring and managing the flow of people on-site and preventing unauthorized access. When access control systems are properly integrated with visitor management solutions, businesses can unlock further benefits and efficiencies. For instance, integrated visitor management systems can allow for pre-registration of visitors and employees – granting cellphone credentials before people arrive on-site – and automated health screening surveys can be sent out in advance to help mitigate risk. Once someone reaches the premises, these systems can also be used to detect the person’s temperature and scan for a face mask, if needed.  We will likely see these types of visitor management and advanced screening solutions continue to rise in popularity, as 47% of organizations surveyed by Forrester report that they’re considering requiring employee health screening post-pandemic. Defining the office of the future A modern, dynamic workforce model will require an agile approach to office management. It’s imperative to strike the right balance between making people feel welcome and reassuring Businesses want to create an environment in which people feel comfortable and confident – a space where employees can collaborate and be creative. It’s imperative to strike the right balance between making people feel welcome and reassuring them that the necessary security measures are in place to ensure not only their safety but also their health. In many cases, this balancing act has created an unintended consequence: Everyone now feels like a visitor to a building. Protocols and processes With employees required to undergo the same screening processes and protocols as a guest, we’ve seen a transformation in the on-site experience. This further underscores the need for seamless, automated, and tightly integrated security solutions that can improve the employee and visitor experience, while helping to ensure health and safety. Ultimately, the future of the office is not about what a space looks like, but how people feel in it. This means adopting a “safety-always” culture, underpinned by the right technology, to ensure people that their safety remains a business’ top priority.