What is the difference between HID iCLASS and Prox?

Detailed breakdown of the differences:

1. Operating Frequency

• HID Prox (Proximity Cards): These are low-frequency (LF) cards, operating at 125 kHz. This is older RFID technology.
• HID iCLASS Cards: These are high-frequency (HF) cards, operating at 13.56 MHz. This aligns with the NFC (Near Field Communication) standard and allows for more complex data exchange.

2. Security

• HID Prox:
  • Basic Security: Prox cards offer very limited security. They primarily transmit a fixed, unencrypted identification number (UID) to the reader.
  • Vulnerability to Cloning/Skimming: Because the data is unencrypted and static, Prox cards are relatively easy to clone or skim using inexpensive and readily available equipment. This is a significant security risk for any sensitive application, and a reason why many organizations are moving away from them.
  • No Mutual Authentication: The card simply broadcasts its ID; there’s no cryptographic verification between the card and the reader. The reader doesn’t verify the card’s authenticity, and the card doesn’t verify the reader’s.
• HID iCLASS:
  • Enhanced Security: iCLASS cards provide significantly higher security. They incorporate:
    • Strong Encryption: Data transmitted between the card and reader is encrypted (e.g., using secure algorithms like 3DES, and later AES in newer iCLASS SE/Seos versions).⁷ This makes it very difficult for unauthorized parties to intercept or understand the data.
    • Mutual Authentication: This is a crucial security feature. Both the card and the reader cryptographically verify each other’s authenticity before any data is exchanged. This prevents unauthorized readers from accessing card data and provides strong protection against card cloning and “man-in-the-middle” attacks.
    • Secure Key Storage: Encryption keys are stored securely within the card’s tamper-resistant microchip, making them extremely difficult to extract.
  • Layered Security (iCLASS SE and Seos): HID has further evolved iCLASS with iCLASS SE and Seos technologies. These introduce the Secure Identity Object (SIO) data model, which adds an extra layer of security by securely binding identity data to the credential, making it even more robust against tampering and unauthorized use.

3. Functionality and Data Storage

• HID Prox:
  • Limited Functionality: Primarily used for basic physical access control. They store only a unique identifier (UID) and a facility code.
  • Read-Only: Typically, the data on a Prox card is read-only and cannot be easily changed or updated.
  • Small Memory: Has very limited data storage capacity, just enough for the ID.
• HID iCLASS:
  • Multi-Application Capability (Smart Card): iCLASS cards are true smart cards with an embedded microchip that allows for significantly larger memory capacity (e.g., 2K bit, 16K bit, 32K bit). This enables them to securely store data for multiple, independent applications on a single credential.
  • Diverse Applications: Beyond just physical access control, iCLASS cards can be used for a wide range of applications:
    • Network login (logical access, e.g., for computer logon)
    • Cashless vending or cafeteria payments
    • Time and attendance tracking
    • Secure printing
    • Biometric verification data storage
    • Public transportation ticketing
    • And more, all integrated into a single card.
  • Read/Write Capability: Data can be securely read from and written to the card, allowing for updates and more dynamic applications (e.g., deducting value for payments).

4. Cost

• HID Prox: Generally more cost-effective due to their simpler technology, less complex manufacturing process, and basic features.
• HID iCLASS: More expensive due to the advanced microchip, cryptographic capabilities, and multi-application support. However, the higher cost is often offset by the increased security, functionality, and the ability to consolidate multiple cards into one.