Anti-Copying Access Control Solution

NGÀY ĐĂNG 06/02/2026

📑 Mục lục

As smart buildings, industrial zones, and high-security infrastructures increasingly rely on Access Control Systems (ACS), the risk of RF card cloning has become a serious security threat.

Once an unauthorized individual gains access, the consequences may include:

Bypassing physical security layers
Accessing sensitive or restricted areas
Threatening assets, data, and operational safety

In reality, many security incidents do not originate from sophisticated cyberattacks, but rather from outdated card technologies and unprotected communication protocols.

Common Card Technologies & Their Security Vulnerabilities

Proximity 125 kHz Technology

125 kHz proximity cards were once widely adopted due to:

Low cost
High durability
Ease of deployment

However, from a security perspective, this technology provides no encryption. The card only transmits a fixed UID (Unique Identifier) in plaintext and lacks:

Mutual authentication
Data encryption
Protection against eavesdropping or replay attacks

With inexpensive cloning devices, attackers can:

Read the UID remotely
Write it onto blank cards
Create indistinguishable clones for the system

MIFARE Classic 13.56 MHz

MIFARE Classic was once considered a smart card due to:

Sector-based memory architecture
Sector-level access keys
Authentication mechanisms

However, today MIFARE Classic is no longer regarded as a true smart card, because:

Crypto-1 was fully cracked in 2008
Full card data can be dumped and cloned 1:1
Many systems still use default keys (FFFFFFFFFFFF)

Next-Generation Anti-Cloning Smart Card Technologies

MIFARE DESFire EV1 / EV2 / EV3

The MIFARE DESFire family features:

AES-128 / AES-256 encryption
Dedicated hardware security modules
Mutual authentication

In particular, DESFire EV3 introduces advanced anti-cloning mechanisms:

SUN (Secure Unique NFC): dynamic transaction codes to prevent replay attacks
Proximity Check: protection against relay attacks
Multi-Application & Key Separation: multiple applications with independent key sets

HID Seos

HID Seos is based on the Secure Identity Object (SIO) architecture:

Encrypted and encapsulated identity data
Mutual authentication
EAL5+ certified security

Key advantages:

Practically unclonable
Supports Mobile Access (NFC / BLE)
Centralized management, ideal for large enterprises and multinational organizations

Communication Protocols – Why OSDP Is as Critical as the Card

In an Access Control System, even if the card itself is secure, the system can still be compromised if communication between the reader and the controller is not protected. This is the fundamental weakness of Wiegand and the reason OSDP (Open Supervised Device Protocol) has become the new standard.

Wiegand

Plaintext data transmission
Vulnerable to sniffing and replay attacks
One-way communication with no reader supervision

Attackers can record card data and simulate door-open signals without a physical card.

OSDP Secure Channel

AES-128 encryption for all communications
Bidirectional reader ↔ controller communication
Detection of reader tampering or replacement
Remote reader management and configuration

OSDP is a mandatory protection layer for modern anti-cloning Access Control Systems.

Key Diversification & Secure Modules

Key Diversification - One Unique Key per Card

Each card is assigned a unique derived key based on:

Master Key
Card UID
AES algorithms

Even if one card is compromised, the rest of the system remains secure.

SAM (Secure Access Module)

SAM is a dedicated hardware security component that:

Stores Master Keys securely
Performs cryptographic operations internally
Prevents keys from being exposed

This effectively mitigates the risk of extracting keys by stealing or tampering with readers.

Mobile Access - The Future of Access Control

Mobile Access leverages NFC or BLE on smartphones, combined with:

Secure Enclave / Trusted Execution Environment (TEE)
Biometric authentication (Face ID, fingerprint)
Dynamic tokens

Key benefits:

Impossible to clone
Instant credential revocation
Reduced long-term operational costs

KPS – Integrated Security Solutions Ecosystem

KPS delivers comprehensive Security & Access Control solutions for projects with high security requirements, including smart buildings, industrial zones, data centers, airports, and critical infrastructure.

Core solution portfolio:

Access Control Systems (ACS): Bosch, Genetec, HID, CNB
Security Gates & High-Security Doors: MAG, Kumahira
Access Control Locking Devices: electromagnetic locks, bolt locks, electric strikes… (CNB, Tycon)
Intrusion Detection Systems: Bosch, Optex

In addition, KPS collaborates with multiple other security technology partners to build an integrated security ecosystem, ensuring: