Access control enhancements in Security Center 5.11.3.0 - Security Center 5.11.3.0

Security Center Release Notes 5.11.3.0

Product
Security Center
Content type
Release notes
Version
5.11
Release
5.11.3.0
Language
English
Last updated
2023-08-01

Security Center 5.11.3.0 includes the following access control enhancements.

Axis Powered by Genetec

Axis Powered by Genetec is an all-in-one solution that combines Genetec™ access control software with Axis network door controllers. Synergis™ Softwire is preinstalled onto the Axis controllers and runs as an app on the AXIS OS platform. This simplifies their deployment, configuration, and maintenance in Security Center. Axis Powered by Genetec is sold exclusively through Genetec™ Certified channel partners.

Supported devices
As of Security Center 5.11.2.0, the AXIS A1210 and AXIS A1610 Powered by Genetec network door controllers are supported. For more information, see What is Axis Powered by Genetec?.
Centralized password management
You can now securely manage the passwords of all Axis Powered by Genetec units within Security Center. Password changes can be scheduled using a password rotation policy and can be customized to the needs of your organization. For more information, see Changing access control unit passwords in Config Tool.
NOTE: Axis Powered by Genetec unit passwords are limited to 64 characters.
Centralized firmware upgrade
You can now update the firmware (Synergis Softwire app) version and platform (AXIS OS) version of Axis Powered by Genetec units from Security Center. The procedure works the same as a platform upgrade for a Legacy Synergis Cloud Link unit. For more information, see Upgrading access control unit firmware and platform, and interface module firmware.

DESFire configuration enhancements

The MIFARE DESFire configuration task has received many enhancements.

General enhancements
The checkboxes used to enable or disable the configuration panels have been moved to the title bar of the panels they control.
  • In the Badge configuration section, the UID retrieval key checkbox has been moved to the UID retrieval key panel.
  • In the Application details section, the Update application master key checkbox has been moved to the Old application master key panel.
Random credential generator
You can now incorporate a random value in the credentials encoded on the DESFire cards. This is done by adding the following tag to the App.ConfigTool.config and App.SecurityDesk.config files on your system:
<CredentialEncoder ManualEntryCredentialBitLengthThreshold="value"
   UseSequenceGeneratorLikeRandomGeneratorForSTidEncoder="True" />

For this to work, you must first create a custom card format with a field designated as the sequence generator. For more information, see Custom card format editor tool.

Custom card format editor window showing the use of the Credential field as sequence generator.
To use the sequence generator as a random generator, the following conditions must be met:
  • You must create in the MIFARE DESFire configuration task, a configuration that includes a credential.
  • The Length (bits) of the credential must be equal to the Format length of the custom card format that you created.
  • The Length (bits) of the credential must be equal or greater than the value of ManualEntryCredentialBitLengthThreshold set in the .config files.
Third-party application support
If you have third-party applications that generate credentials independently of Security Center, you can configure applications without credentials in the MIFARE DESFire configuration task to be used as placeholders for credentials generated by the former.
An application without credentials can be blank, meaning without any file, or contain only an empty file. To create an empty file, select Empty as the file Type in the File details section of the MIFARE DESFire configuration task.
MIFARE DESFire configuration task, showing the 'File details' section with an empty file.
One potential use case for an empty file is to configure the access keys in Security Center, while credentials, such as biometrics, are generated by a third-party application.
IMPORTANT: When you encode credentials on a MIFARE DESFire card in Security Center, you must always select at least one configuration with a credential.
Re-using the same credential for different sites
If your company uses different access control applications at different sites, you can reuse the same credential generated for one application on other applications by re-encoding it on other applications.
A new panel has been added to the Badge configuration section of the MIFARE DESFire configuration task, allowing you to do just that.
MIFARE DESFire configuration task, showing the 'Re-encode existing credential' panel open under the 'Badge configuration' section.
Diversification modes for AN10922
You can now select the diversification mode for AN10922 directly from a drop-down list.
MIFARE DESFire configuration task, showing the 'Read key' panel with the 'Diversification mode' drop-down list expanded.
The available modes are:
Default value
(Also known as STid) The key number is automatically added in the diversification calculation, and the diversification input (the field beside AN10922) must have an even number of hexadecimal characters and must not exceed 40 characters. If you leave this field blank, the system automatically fills it for you.
Default value - Reverse application ID
(Also known as STid_RevAID) Same as Default value with the application ID bytes reversed (little endian).
NXP AV2
(Also known as Standard_BE) Non-transparent mode is not supported. The key number is not added in the diversification calculation. Encoding by Security Center is not supported. The diversification input must have an even number of hexadecimal characters and must be between 2 and 42 characters long.
NXP AV2 - Reverse application ID
(Also known as Standard_LE) Same as NPX AV2 with the application ID bytes reversed (little endian).

You can view the description of the diversification modes in a tooltip by clicking .

Free access and Application master key support for file keys
Two new types of file access keys have been added. They are:
  • Free access. The file is public. No key is needed.
  • Application master key. The same key used to access the application is used to access the file.

Previously, only the Preloaded and Inline keys were supported.