This menu item can be used to configure security settings for access control and between wired Kentix devices.
General
To increase the security of communication between wired Kentix devices, a communication key can be entered. This means that communication between the devices is additionally protected by Kentix-specific encryption. The key must be the same on all communicating Kentix devices (main device and satellite devices).
Each user can be assigned their own PIN under the USER MANAGEMENT menu item. This allows bookings to be made on SmartAccess components with an integrated keypad with the user’s corresponding authorizations. Greater security can be achieved by using a longer PIN. This can be set under this menu item from PIN length 4 to PIN length 10.
The DoorLock-RA4 rack lock only supports the digits 1 to 4.
RFID settings
The Kentix SmartAccess components use RFID tokens (Radio-Frequency Identification) for contactless access control. Each token is characterized by a globally unique UID (Unique Identifier) and encryption technology. The standard technology used is MIFARE®DESFire®.
Under KentixONE, you can now specify for each user whether and which RFID encryption should be used. If no encryption is used, the UID can be read and copied with any MIFARE®DESFire® reader. The UID then easily serves as the basis for cloning identification media, giving people access to areas they would not normally be allowed to enter. If you do not want to use encryption, this must be selected accordingly in the menu.
All SmartAccess components are supplied with Kentix-specific encryption as standard.
Only tokens delivered after 06/2018 contain the Kentix-specific encryption.
You can also use your own encryption. To do this, a JSON configuration file (JavaScript Object Notation) must be uploaded to KentixONE. A template for the configuration file can be downloaded after selecting “Custom encryption”.
{
"mifare_desfire": {
"app_id": "0xb2c3d4",
"file_number": 0,
"file_offset": 0,
"file_length": 32,
"file_type": 1,
"auth_method": 2,
"des_key": "0xa1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
"key_number": 1,
"card": {
"data": [
{
"name": "OEM Code",
"position_start": 1,
"position_end": 64,
"encoding": "hexadecimal"
},
{
"name": "Card Number",
"position_start": 65,
"position_end": 128,
"encoding": "hexadecimal"
}
]
}
}
}MIFARE DESFire App ID
"app_id"The MIFARE DESFire App ID is a unique 3-byte identifier used to identify and separate different applications on a MIFARE DESFire card. It allows multiple applications to exist and operate independently on the same card, with each application having its own security settings and files.
File number
"file_number"The file number is used to uniquely assign the different files on the MIFARE DESFire card. The corresponding file number must be stored in the configuration file for KentixONE so that a separate encryption can be implemented. The file number is a 1-byte number in the range from 0 to 31.
Offset
"file_offset"The offset specifies the byte from which the file is read.
File size
"file_length"The file size specifies the length of the file to be read in bytes.
Encryption
"file_type"The data can be stored encrypted or unencrypted in the file. The variable can therefore have the following values:
0 = Data is stored unencrypted
1 = Data is stored in encrypted form
Authentication method
"auth_method"Authentication is required to protect the file from unauthorized reading or writing. KentixONE supports two different encryption methods that can be set in the configuration file.
0 = Authentication is switched off
1 = This is a stronger but more complex form of DES (Data Encryption Standard) authentication. Two 56-bit keys are used, which are combined to form a 112-bit key. This offers a higher level of security than simple DES.
2 = AES (Advanced Encryption Standard) is an even stronger encryption method that uses a 128-bit key. AES is known for its strength and efficiency, making it an ideal choice for high-security applications. This option is used according to the current state of the art.
DESFire key
"des_key"The key is required for authentication. The key is valid for both authentication method 1 and authentication method 2.
Key number
"key_number"As a rule, several keys with different authorizations are created. In order for KentixONE to be able to read the file with the corresponding user data, the key and the key number with the corresponding authorizations must be specified in the configuration file.
Data
"card": {
"data": [
{},
...,
{}
]
}The interpretation of the read data is described in the data block of the configuration file. The data block can consist of several parts (sectors). Each sector contains an identifier, the start and end of the sector and how the data is to be converted. In addition, a static value can be specified which is always checked against, e.g. a company name.
Identifier
"name"Each sector requires an identifier, which is stored as a character string.
Start of the sector
"position_start"The sector to be read is defined by specifying the start and stop bits.
End of the sector
"position_end"Conversion of the data
"encoding"KentixONE offers four different conversions, which are listed below.
| Description | |
|---|---|
| binary | Each byte can only have the value 0 or 1. |
| ascii | The data sector contains an ascii character string. |
| bcd | BCD stands for “Binary-Coded Decimal”. This is a system in which each digit of a decimal number (0-9) is represented by a four-digit binary code. |
| hexadecimal | Data is interpreted as an unsigned integer and can be used up to a size of 64 bits. |
Static test value
"test_value"The static test value is a character string and is always checked when the card is read out. The data is only processed further in KentixONE once the test value on the card has been successfully compared with the test value in the configuration file.
Tokens with a Kentix-specific encryption cannot be used in conjunction with your own encryption.