To enable MIFARE DESFire on your Synergis™ unit, you must load the configuration file, then associate the configuration with your STid SSCP or OSDP transparent readers.
Before you begin
Procedure
- Log on to the Synergis unit.
- Click Configuration > MIFARE DESFire.
-
Click Select smart cards sites file, and browse to either
your custom configuration file (SmartCardsSites.xml) or the
default file that came with your Security Center installation.
For more information about the SmartCardsSites.xml, see Configuring MIFARE DESFire in Security Center.
- If you are using DESFire EV2 secure messaging, enable this feature in your system.
-
Click Upload.
The following message is displayed: Upload successful.
-
Associate the readers and MIFARE DESFire configurations:
- For each reader, select a site from the Available configurations list.
- Click Add.
-
(Optional) Configure your readers to prevent relay attacks.
When attackers attempt to hack your reader using the relay attack technique, the time it takes for the system to authenticate a badge is necessarily longer than normal as the attackers must relay messages to each other in the middle. For this reason, relay attacks can be effectively prevented by setting a Maximum badge authentication delay in milliseconds. If the authentication of a badge takes longer than the set maximum time, the access is denied and the event is logged in smartcard.log on the Synergis unit. You can view this log file from the Download support logs page.Tip: The prevention of relay attack is activated individually on each reader. Since each reader's timing is different, determine the average time it takes for the reader to authenticate a legitimate badge, add a small margin of error (about 40 ms), and set this time as the maximum for badge authentication.
-
If your system uses key versioning, select the Use key
version checkbox.
Two scenarios must be considered:
- Keys are stored in the Synergis™ key store
- When the checkbox is selected, the system asks the card, which key version it is using and tries to find it in the key store. If the checkbox is cleared, then system always uses the last version. For more information, see About the Synergis key store.
- Keys are stored on the SAM card
- When the checkbox is selected, the system asks the card which key version it is using and try to find it on the SAM card. If the checkbox is cleared, then system always uses the key version 0. For more information, see Enabling key versioning for SAM cards.
- Click Save.