Blogs

Understanding HID Security Card Types

Posted on by Linzy Mueller

Which Credential Do You Use?

Older man in blue wizard hat and a long white beard surrounded by HID security cards

On the homepage of the Telaeris website, we make a bold claim: “We read any security badge!” This isn’t just marketing speak. We have unique technology and a sharp hardware team with a few credential wizards. With their insight and understanding, we can enable our handheld badge readers to read just about any security credential.

But to be able to read these badges, we first need to understand the type of credential they are using. For our customers, this is the first step in providing them with our handheld identification and accountability solution. But when we ask new customers what type of badge they have, here are some replies we’ve heard:

  • “Aren’t badges all the same?”
  • “I’m pretty sure it’s an RFID….”
  • “We just use ‘Prox’ cards.”
  • “It’s got a little ‘HID’ on the corner….”

We’ve seen hundreds of different badges from dozens of manufacturers with many technological variants. Unfortunately, each credential technology works in its own magical way – open transmit of badge number or UID, hashed, encrypted, secured in memory, and even custom modulations. Nevertheless, we’ve successfully read every type, from industry-standard credentials to legacy badges to previously unfamiliar and unique badges.

In this post, we’ll specifically dissect badges from the manufacturer HID® Global, which are widely used throughout the industry. In fact, at an event hosted by Telaeris, a non-scientific survey of the attending partners thought that 80% of their clients used HID cards!

This blog will cover:

Not sure what card type or format your company uses? Contact us and we can help you identify it!

What is inside your badge?

All credentials, including those from HID, contain at least one chip and one antenna. This is true whether you are using a card, fob, token, or paper tag. Security badge antennas are tuned to either Low Frequency (LF) at 125KHz or High Frequency (HF) at 13.56 MHz. If you were to look inside your badge, you would see chips and antennas that look something like one of the below images.

4 cards showing the different chips and coil orientations for HF, LF, and dual-frequency RFID cards

white security card being held up to a flashlight revealing the inner coil inside.
X-ray view of an RFID card

The LF badges usually have more coils of wire, whereas HF badges have fewer. HF coils can either be printed metal or copper wire, while LF will only be made with wire. This antenna absorbs power from a reader to power the chip. HID makes both LF and HF badges most frequently with wire antennas.

The chip is really the brain of the badge. It will store the security information as well as determine the modulation, security, and encryption needed for the badge data to be read. Today, LF badges most often use Atmel T5577 compatible chips, while HF badges use a wide variety of chips.

A quick and easy way to get an idea of what technology your badge is can be done by shining a phone flashlight through the card to visually see the coils inside the card, pictured to the right.

HID Card Frequencies and Technologies

Low Frequency (125 kHz) Cards

As mentioned previously, HID Low-frequency (LF) RFID cards operate at 125 kHz and usually have a range of 2-6 inches, but using a large reader can even be read up to 24 inches! HID has two different lines of LF proximity cards: their original HID Prox® family (commonly referred to as Prox or Prox II cards), and the Indala® family.

HID prox card

HID Prox:

  • Became the industry standard card technology in the 1990’s
  • Includes clamshells, cards, key fobs, tags
  • Works with almost all older readers
  • Card data (bit stream) is openly transmitted when powered
  • Five types of cards listed on HID’s website, including: DuoProx II, ISOProx II, Smart ISOProx II, Smart DuoProx II, ProxCard II Clamshell card

While HID specifies a variety of Prox card types on their website (view a full comparison chart here)  the main differences between these card types are features such as a contact chip or mag stripe. However, when we work with customers, we are only concerned with chip technology and format. If customers employ a unique format, such as Corporate 1000, that is also useful to know.

indala access card

Indala:

  • Originated in the late 1980’s and was acquired by HID in 2001
  • Includes clamshells, cards, key fobs, tags
  • Less common today, but still supported in many legacy systems
  • Allows for custom-configured card formats
  • Card data is sent using a challenge-response feature called FlexSecur.

While both operate at 125 kHz, Indala and HID Prox cards use different modulation protocols (FSK for HID Prox and PSK for Indala) to communicate back to the reader. 

While low-frequency and prox cards are widely used in the industry, they offer the lowest level of security and often can be easily duplicated. LF cards offer weak to no encryption and limited memory. It is a little like broadcasting your password in the clear – any eavesdropper can listen in. In practice, this means that LF cards are easy to hack and clone with very simple tools. Here’s a great overview of the technology and more on how it works: https://blog.flipper.net/rfid/ 

Unfortunately, even with the knowledge that most LF standards are easily hackable, many companies keep using these old technology cards due to the high cost and effort needed to replace readers in the field and the existing card population.

High-Frequency (13.56 MHz) Cards

HID’s high-frequency (HF) badges offer stronger security than traditional low-frequency Prox cards. These credentials comply with either the ISO15693 or ISO14443 standards for contactless smart cards. Both of these standards operate at 13.56 MHz. ISO15693 credentials typically have slightly longer read ranges, from a few inches up to about one foot, while the ISO14443 type badges are specified to read up to 10 cm, or 4 inches.

The HID HF cards we encounter include iCLASS® (legacy), iCLASS SE®, Seos®, MIFARE, and various versions of DESFire®. Here’s an overview of HID’s iClass line:

Credential Generation Year Released Reader Compatibility Capabilities 
iClass 1 2002 HID Signo, iClass, and iClass SE readers (with Legacy iClass turned on) Encryption cracked in 2010
iClass SE 2 2011 HID Signo and
iClass SE Readers (not compatible with legacy iClass)		 Increased Security
iClass SEOS 3 2014 HID Signo and
 iClass SE Readers (not compatible with legacy iClass)		 Enhanced security, data confidentiality, stronger authentication, used in HID Mobile Access credentials

 

hid mifare desfire cards

MIFARE / DESFire

  • HID also issues credentials from NXP, including MIFARE Classic and DESFire EV1/EV2/EV3
  • Mifare was used for transit in the late 90’s, then evolved for access control in the early 2000’s. The original Mifare encryption was broken in 2008.
  • More secure than Prox/iCLASS:
    • MIFARE Classic offers medium security
    • DESFire EV1/EV2/EV3 offer high security using AES encryption*

* Global standard for secure data encryption. Commonly used for banking and government data, cards with this type of encryption are tough to copy or hack.

Multi-Technology Cards

HID also offers cards that combine two (or more) technologies. These cards are useful when organizations are transitioning or upgrading systems, enabling a single badge to provide a transition period when both old and newer readers might be deployed. Examples can mix and match Prox, iClass, Seos, and Mifare.

Multi technology cards in a row from left to right: Seos + iclass, Seos +iclass + prox, and seos + prox

Mobile Access Credentials

HID mobile credentials being read with an xpid handheld reader
Telaeris handheld badge readers support mobile credentials, including HID Mobile Access.

HID Mobile Access uses the same secure Seos card technology, but delivered to a smartphone via the HID Mobile app or directly into the phone’s wallet. The phone then uses NFC or BLE to transmit badge data to a reader. HID provides the standard in mobile credentials that all other issuers try to meet. Customers love it because it means no more digging for your badge – your phone is your badge!

Since the HID Wallet credentials are based on Seos, our XPID200 handheld readers are fully compatible. Telaeris was the first company to certify a handheld device to read HID® Mobile Access® credentials.

Corporate 1000

Oftentimes, large companies come to us saying that they have a specific HID Corporate 1000 badge format. Corporate 1000 is a program that HID developed for customers who want their own custom cards. HID’s FAQ page states that “within this program, HID can provide the end-users with over 8,000,000 individual card numbers”. These customers are guaranteed to have their own unique, HID-managed card format and badge numbers. The Corporate 1000 format can be applied across all card technologies and frequencies, including Prox, Seos, iCLASS, Desfire, and mobile credentials. The program initially supported 35-bit badge formats, but was later expanded to additionally support 48-bit formats. 

It is important to note that Corporate 1000 doesn’t encrypt cards or add another level to the card technology. It simply ensures that the card ID will be unique on a global scale for large companies.

How to Visually Identify HID Credentials

Several indicators can help determine specific information about what HID card a potential customer has. In general, most HID cards display the following info:

HID card with magstripe and boxes showing (1) logo in bottom left corner (2) string of numbers in bottom right corner (3) four dots in a line on the center right side and (4) string of letters on the top right corner

  1. HID brick logo – includes card technology (iCLASS, Seos, MIFARE, etc.)
  2. Dynamic Marking – includes the card’s ID number and the sales order number
  3. Slot punch markings – this is a safe location to punch a hole in the badge
  4. Contact chip UID/model number (if card contains a contact chip)

Let’s dig into numbers 1 and 2 further.

HID logo and card type

This displays the card technology being used and if it’s a multi-tech card.

6 different cards zoomed into the bottom corner showing HID logo and card types

Here are a variety of printings you might see next to the HID logo and what they mean:

  • XT – Composite Material 
  • Seos 13.56MHz Seos 
  • iCLASS – 13.56MHz iCLASS / iCLASS SE 
  • 000 – 125kHz HID, Indala or EM Prox (single tech)
  • Px 125kHz HID, Indala or EM Prox (multi tech)
  • DESFire or DF – 13.56MHz DESFire
  • MIFARE or MF – 13.56MHz MIFARE Classic

The extra suffix of letters and numbers following the card type denotes the chip type and memory. For example, “M1” next to MIFARE indicates a 1k EV1 type card, and “D8” next to DESFire indicates an 8k EV1 card. Any extra characters after that are for internal use only. Here’s the complete list of chip type/memory indicators.

If you see any of the following next to the HID logo, similar to the image on the right, then you likely have a prox card:zoomed in corner of an HID security prox card showing the HID logo and "0009P"

  • HID Proximity
  • HID 0009p
  • HID 0006L
  • HID 0008L
  • HID 0007L
  • HID 0007d
  • HID 0003d

Dynamic Marking

The Dynamic Marking is the longer string located in the corner opposite of the logo. It can be broken down into these groups:

Personalization Identifier, Memory Size, Programming Type, Prefix, External ID Number, Suffix, SO Number, SR Marker

  1. Personalization Identifier 
    • M –  Internal HID use only
    • ER –  SE Encoder Ready (SO number not printed) 
  2. Memory Size (iCLASS & Seos only)
    • 1 – iCLASS 16k/2
    • 2 – iCLASS 16k/16
    • 3 – iCLASS (16K/2 + 16K)
    • 4 – iCLASS 32K (16K/16 + 16K)
    • 5 – Seos 8K
    • 6 – Seos 16K
  3. Programming Type (iCLASS & Seos only)
    • “-” – Configured, iCLASS/Genuine HID Seos
    • “=” –  Configured, iCLASS (non-ISO14443B)
    • “*” – Programmed, iCLASS/Seos
    • “+” – Programmed, iCLASS (non-ISO14443B)
    • “/” – Custom Programmed, Seos
    • “A” – Seos multi ADF ES profile (1)
  4. Card ID Number (Ext. Number) – minimum 5 digits and can include a customer-defined suffix/prefix
  5. Sales Order Number – the last 12 digits, can be used by HID to look up further details about the original card order, including card format and programming info
  6. SR Marker – either “SR” or blank, indicates a dual iClass Legacy and modern SIO payload.

Putting all that together, below is an example of the dynamic marking and its translation:

HID card number printed with descriptions of what each number means

More examples and an extensive list of marking references can be found at this link.

man in a suit holding badge reader device and an umbrella, surrounded by HID security badges raining down

Conclusion

The great thing about working with HID-manufactured credentials is that they provide thorough documentation on their credentials, allowing us to work with any badge they produce. And most importantly, as technology advances, HID stays ahead of the curve with both their readers and badges to ensure their latest products remain secure.

So, whether you’re using legacy cards or transitioning to a new system, Telaeris handheld, desktop, kiosk, or tablet badge readers can read your HID credential. Got a non-HID badge? We’re definitely able to help you out as well.  Click here to see the technologies we read.

As always, if you need handheld identification solutions for safety, security, and access control, or need help identifying a credential type, contact us!

Email Subscription

Get the latest updates sent directly to your inbox!

By signing up, I understand and agree to the email marketing terms and conditions