Configuring MIFARE DESFire on the Synergis unit - Synergis Softwire 11.4.3

Synergis™ Appliance Configuration Guide 11.4.3

Product
Synergis™ Softwire
Content type
Guides > Administrator guides
Version
11.4
Release
11.4.3
Language
English
Last updated
2024-04-16

To enable MIFARE DESFire on your Synergis™ unit, you must load the configuration file, then associate the configuration with your STid SSCP or OSDP transparent readers.

Before you begin

Configure STid or OSDP readers.

Procedure

  1. Log on to the Synergis unit.
  2. Click Configuration > MIFARE DESFire.
  3. Click Select smart cards sites file, and browse to either your custom configuration file (SmartCardsSites.xml) or the default file that came with your Security Center installation.
    For more information about the SmartCardsSites.xml, see Configuring MIFARE DESFire in Security Center.
  4. If you are using DESFire EV2 secure messaging, enable this feature in your system.
  5. Click Upload.
    The following message is displayed: Upload successful.
  6. Associate the readers and MIFARE DESFire configurations:
    1. For each reader, select a site from the Available configurations list.
    2. Click Add.
    MIFARE DESFire configuration page in the Synergis Appliance Portal.
  7. (Optional) Configure your readers to prevent relay attacks.
    When attackers attempt to hack your reader using the relay attack technique, the time it takes for the system to authenticate a badge is necessarily longer than normal as the attackers must relay messages to each other in the middle. For this reason, relay attacks can be effectively prevented by setting a Maximum badge authentication delay in milliseconds. If the authentication of a badge takes longer than the set maximum time, the access is denied and the event is logged in smartcard.log on the Synergis unit. You can view this log file from the Download support logs page.
    Tip: The prevention of relay attack is activated individually on each reader. Since each reader's timing is different, determine the average time it takes for the reader to authenticate a legitimate badge, add a small margin of error (about 40 ms), and set this time as the maximum for badge authentication.
  8. If your system uses key versioning, select the Use key version checkbox.
    Two scenarios must be considered:
    Keys are stored in the Synergis™ key store
    When the checkbox is selected, the system asks the card, which key version it is using and tries to find it in the key store. If the checkbox is cleared, then system always uses the last version. For more information, see About the Synergis key store.
    Keys are stored on the SAM card
    When the checkbox is selected, the system asks the card which key version it is using and try to find it on the SAM card. If the checkbox is cleared, then system always uses the key version 0. For more information, see Enabling key versioning for SAM cards.
  9. Click Save.