Setting up smart card encoding stations - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

If you have a STid USB encoding reader, you can set up a smart card encoding station to generate, encode, and enroll MIFARE DESFire credentials, all from one place.

Before you begin

  • Make sure your software license supports both USB enrollment reader and Smart card encoding options.
  • Select a Security Desk workstation as your encoding station.
  • Attach the USB encoding reader to your encoding station (see Supported STid readers in Synergis™ Softwire 5.8).
  • Have a MIFARE DESFire card at your disposal and a workstation equipped with the SECard software from STid to configure the MIFARE DESFire card as the Secure Key Bundle (SKB) card.

What you should know

The SKB card contains a set of indexed keys as a shared secret between the encoding reader and the readers at the doors. Three keys are needed for the smart card encoding solution to work: the Card master key, the Application master key, and the Application read key. The Security Center applications and the Synergis™ units only need to know where these three keys are stored (location index) on the smart cards, not the values of the keys. This information is saved to a configuration file called SmartCardSites.xml, which is found in the Security Center installation folder.

This configuration file comes with the following ready-for-use default settings:

  • Application ID = 1
  • File communication = AES
  • File ID = 1
  • File offset = 0
  • File credential length = 16 bytes (128 bits)
  • Key communication mode = Crypted (encrypted)
  • Card master key location index = 1 (on the smart card)
  • Application master key location index = 2 (on the smart card)
  • Application read key location index = 3 (on the smart card)
  • Application master keyhole number = 0
  • Application read keyhole number = 1

Procedure

  1. Configure your SKB card using the SECard software from STid.
    Do one of the following:
    • If it is a new installation, configure the blank MIFARE DESFire card as an SKB card. Use SECard to generate random keys, and the default key configuration settings found in the SmartCardSites.xml file.
    • If you have an existing SKB card that you want to use, contact your representative of Genetec Inc. to help you configure the SmartCardSites.xml file to match your existing SKB card.
  2. Open Security Desk, and enable the STid USB reader.
  3. Transfer the keys from the SKB card to the USB reader at your encoding station.
    1. Open the Credential management task and click Create new credential > Automatic entry.
    2. Select STid USB reader and set the Encode before enrollment to OFF.

      The reader LED turns green (ready to read).
    3. Present the SKB card at the reader for approximately 3 seconds.
      The reader LED turns yellow and then green when the keys are transferred. If you hear a long beep, try again.
    4. Click Cancel.
  4. If it is not a new installation, and if you are not using STid readers at your doors, end here.
  5. Upload the SmartCardsSites.xml file found on your encoding station to the Synergis™ units that control the STid smart card readers.
    For more details on this procedure, see Updating the STid configuration on your Synergis™ unit.
  6. Transfer the keys from the SKB card to the smart card readers at the doors.
    Go to each door in your facility, and present the SKB card at each door reader for approximately 3 seconds to enable the reader to read the MIFARE DESFire credentials generated by your encoding reader.

Example

Watch this video to learn more. Click the Captions icon (CC) to turn on video captions in one of the available languages. If using Internet Explorer, the video might not display. To fix this, open the Compatibility View Settings and clear Display intranet sites in Compatibility View.