ARIOS-2 – The security concept for MIFARE system solutions
The ARIOS-2 security concept ensures consistently secure RFID applications throughout the entire lifecycle of your access and time recording solutions. dormakaba offers additional sophisticated mechanisms that make your access control and time recording even more secure compared to common MIFARE solutions.
With ARIOS-2, there is no longer a need for complex security measures to keep site keys secret, as the system works with non-readable keys. This helps to store your data keys safely and easily, thus preventing unnoticed disclosure or manipulation.
You can protect your entire system from the system components to individual ID cards, from commissioning and ongoing operation to maintenance and card ordering processes.
- The security concept is essentially based on a secure key store in which all keys are stored as if in a safe. From the outside, it is not possible to access those keys directly. This key store is contained in a security card (site key) and in each system component such as readers, standalone components and so on.
- Secure commissioning: Concealed site key, randomly generated by the system, which is stored by dormakaba in a protected location. This prevents misuse or theft.
- Secure ID card ordering: The ID card supplier only receives a temporary production key. Only when the new ID cards are delivered is this code converted into the concealed site key using a secure ARIOS-2 process. This process is logged in the system and means that no illegally produced ID cards can be used undetected.
- Secure ID cards: Each ID card is individually protected by a unique access key. No conclusions about other ID cards or data theft are possible.
- Secure operation: Security modules in all components protect the data key by recognised encryption mechanisms. In addition, the data exchange between the reader and the ID card is encrypted using the recognised AES or 3DES procedures. This protects against current common attack scenarios such as the so-called reverse engineering process or man-in-the-middle attack.