Configuring DESFire keys settings in Space
Overview
You can configure the settings for DESFire technology from the SAM and issuing data tab.
This process involves:
- Entering the data for issuing DESFire keys using the Issuing data tabs.
- Entering the SAM card data using the Read SAM card button. Note that this step adds the SAM keys to Space.
This section assumes that you are familiar with the technologies and associated terms mentioned.
Note that the key issuing functionality is license-dependent. See Registering and licensing Space for more information or contact your Salto representative.
Configuring DESFire keys settings
Issuing data
Select System > SAM & Issuing options.
Click on the DESFire pencil in the Active keys panel on the left of the screen. The screen is updated to show the configuration fields for this option.
You should only activate the technology you are going to use in your installation.
In the Issuing data section, select either the 3DES or AES option in the Emission type field. The AES option uses a more complex form of bits encryption.
Type the required value in the DESFire PMK (PICC Master Key) field.
Select the Updatable through NFC checkbox if required.
Select the appropriate value in the Memory size field by using the up and down arrows. This value defines the amount of memory space that is reserved for Salto data in DESFire keys.
Select an option from the PMK Diversification type drop-down list if required. The default option is None. Diversification types are only available for specific Salto projects.
Type the required key in the Transport key field. The transport key might be required if the credential was already issued and protected by another application: the key will allow to access the memory, and to create the Salto application.
SAM data
- In the SAM data section, the Salto format is selected by default.
This option uses the application identifier (AID). However, you can select the GAT Net format when using Gantner keys with GAT Net lockers or one of the institutional options that have been integrated with Space, if required. Institutional options are applicable if you are using keys provided by government institutions that can be used with various applications. This is relevant only for certain countries.
Institutional keys are predefined SAM keys that are included in Space by default and embedded in Space. A certain amount of memory space is reserved for Salto data on institutional keys. Note that a custom format can be used if you want to include the AMK key in institutional keys. This functionality is license-dependent. See Registering, licensing and downloading Space for more information.
Credential data
In the UID Retrieval (Random ID credentials) panel, select the Enable random ID credentials to enable the use of credentials that show a different UID when read by a reader. Salto can verify the identity of the user related to the credential because a 'secret' is shared with the credential to show the real UID of the credential. This allows users not to be tracked by the UID of their credentials and keep their privacy.
Type the AID field. This is the identifier of the application.
Select the Key number. This is the key to be used.
Type the Key.
Select the authorization type to define the encryption type.
Read SAM card
Click Read SAM card. A pop-up is displayed asking you to place the key on the encoder.
Place the appropriate SAM card on the encoder when the LED light begins to flash. The corresponding format configuration panel fields are populated. Once the SAM card is read, the keys are saved in the system database. They have to be transferred to:
- The encoder by clicking the Supported keys button (see below).
- The access points by initializing them using a PPD or via online.
By clicking Supported keys on the Encoder settings panel in the Settings screen, the keys are transferred to the encoder. The Supported keys dialog box displays showing the encoder's active reading technologies.
- Click Save. The SAM & Issuing options is updated.
Consult with your Salto technical support team for more detailed information on any of the DESFire fields and options.