Raising the Standard of Physical Security with Open Source Software 21. September 2017
By Anja Anja

Identiv strives to raise the standard of physical security and secure identification every day. So what are we up to this time?

We have released the code used to program and personalize our uTrust TS Card line and have published the Open Access Card Format (OACF) that describes the data written to the cards.

Identiv’s uTrust TS Cards are secure credentials for physical access control, based on NXP®’s MIFARE DESFire EV1 and MIFARE DESFire EV2 high frequency (HF) 13.56 MHz product technology, and are compatible with 125 kHz low frequency (LF) proximity card systems.

The use of proprietary encryption schemes and measures — or “security through obscurity” — has proven to be inadequate against modern attack methods. By publishing and sharing our Open Access Card Format, Identiv raises the standard of physical access security by encouraging others to use, review, or extend its implementation. This tool will allow users to program and encode their own physical access cards with secure MIFARE DESFire EV1 and MIFARE DESFire EV2 encryption keys and credential identification data. Customers get the benefit of Common Criteria-certified security without being locked into a single card source. Initially, we’ve released the OACF specification publicly while the source code will available on request. The code will include a simple tool for reading and writing uTrust TS-compatible cards. All code will be shared via GitHub.

“Identiv believes an open ecosystem benefits everyone from customers to vendors. We’re releasing the OACF specification and uTrust TS Card source code under the Apache License,” said Matthew Herscovitch, Identiv General Manager, Access Readers and Credentials. “We’re really excited about this release and we welcome contributions ― if you develop applications with our code, we’d love to see what you do.”

Visit identiv.com/products/credentials/ts-cards to find out more about Identiv’s uTrust TS Cards or to place an order. The OACF specification is available on GitHub at github.com/identiv/ts-cards. To access the source code, send a request to oss@identiv.com referencing your GitHub account. Identiv’s code library can be used to interact and program MIFARE DESFire EV1 and MIFARE DESFire EV2 cards. Though we’ve implemented a subset of the commands available on MIFARE DESFire cards, the code may be easily extended to support additional commands and Identiv will accept pull requests.