Chip Card Security

RFID cards are the standard for ski lift access since almost 20 years. As the market-leading company, Axess has always placed the highest demands on the security of these cards. 

Thus, at the end of 1999, a sophisticated encryption and coding process was developed to protect the access information written on the card's chip from being manipulated by third parties. A key aspect of the encryption is the unique chip ID, which as part of the coding ensures that the permission written in one chip cannot simply be copied to another chip. Additionally, the chips used were selected based on the highest performance and security standards. As a result, it is still impossible today to manipulate or unauthorizedly duplicate RFID cards and permissions from our company.

This combination of secure permission coding and card security mechanisms is predominantly used in Europe today. The advantage of this system, besides its inherent security, is the operational safety. Even if the access reader is offline, full access validation is guaranteed. In the American market, however, Central-Validation-Systems have become predominantly established since the end of the 2000s. In these systems, permissions are not managed on the card but centrally in the data center. The unique chip ID of the RFID card is read, which then refers to a permission in the data center and is ultimately used for central validation. In this scenario, Axess typically provides the reader hardware as well as the cards. Our security mechanisms ensure that original Axess cards can be distinguished from any clones.

Both solutions from our company have been operating smoothly and without security issues for decades. The verification of individual security features is almost imperceptible and takes 50ms.

However, new technical possibilities have emerged in the past two years, prompting us to validate and further develop the already existing security concepts.

Through relatively simple tools (USB-based read and write devices for RFID cards for less than €300, including software) and so-called "Magic Cards," it would be possible to create 1:1 card copies in some particular cases.

In reality, such tools are currently only usable by specialists.
However, even in this case, misuse would only be possible if chip cards from other manufacturers were used in our system. These do not have the security mechanisms present and tested in our cards.
This means that creating a functioning clone of a card produced by us has always been impossible. However, for foreign cards, such tools pose a security risk.

With the latest generation of our reader firmware, we now offer an enhanced security mechanism that resolves this security risk for the most common cards and chips. Together with Skidata, Axess has developed a security concept that protects the jointly used cards against cloning in both directions.
This means that cards from both manufacturers can be used in both systems without any restrictions.

Additionally, with this latest Axess firmware, discovered clones are reported to the underlying system to enable subsequent review and processing if necessary.