LEGIC Prime vs LEGIC Advant: What's Copyable

LEGIC and Its European Footprint

LEGIC Identsystems — now part of the dormakaba group — developed its 13.56 MHz contactless credential platform in Switzerland starting in the early 1990s. The technology spread across European corporate campuses, ski-lift systems, university ID programmes, and mass-transit ticketing as building managers sought a proprietary alternative to the open ISO 14443 standards common elsewhere. Today it appears in installations from Scandinavia to the Mediterranean, and in a growing number of sites across the Middle East and Asia-Pacific where European systems integrators have been active.

Unlike commodity 13.56 MHz HF smart cards, LEGIC credentials run on chips that handle the LEGIC application-layer protocol in hardware. The two generations — Prime and Advant — use the same radio frequency and the same card form factor, but differ substantially in how credential data is protected and how new cards are introduced into a running installation. Facilities managers upgrading an older Prime installation to Advant often discover they are dealing with two entirely separate credential ecosystems despite the shared brand name.

LEGIC Prime (MIM256 / MIM1024) Decoded

LEGIC Prime credentials rely on a proprietary chip architecture rather than an open cryptographic standard. The two main variants are the MIM256 (product code M030, 256-byte memory) and the MIM1024 (product code M071, 1024-byte memory). The reader authenticates a Prime card using a master application area and a system master that is burned into the chip at manufacture — a design philosophy that pre-dates the wide availability of AES-class microcontrollers in card-sized packages. Because the protection model is based on proprietary encoding rather than publicly audited cryptographic algorithms, it is classified as an obscurity-based format in the same broad tier as original HID 26-bit or early MIFARE Classic deployments.

For facilities teams, the practical implication is that a LEGIC Prime compatible card built on matching Prime silicon can be produced by independent credential manufacturers and programmed to match an existing site configuration. The card presents the correct application-layer credentials to the reader, which authenticates it as it would any other enrolled card. This makes Prime the generation where a compatible supply chain is commercially viable — a useful option when the original card supplier has long lead times, has been discontinued, or simply prices replacement cards at a premium the procurement team will not approve.

The MIM256 is the more common variant in older European corporate and ski-lift systems, while the MIM1024 is found in multi-application sites that store several logical credential segments on a single card — a canteen-account plus a door-access segment, for example. Both variants operate at 13.56 MHz and are physically ISO CR80 unless issued in a key-fob body.

LEGIC Advant: The AES Generation

LEGIC Advant replaced Prime as the current production line once AES-grade cryptography became practical in contactless smart-card silicon. Advant credentials use modern symmetric-key cryptography — the system's door controller holds the application keys, and those keys are written to the card's secure memory during an enrolment transaction at a designated master reader or encoder. From the reader's perspective, every Advant card in the installation is genuine because it carries session-derived tokens that the reader verifies in real time against keys it already holds.

The LEGIC Advant compatible card supply model is therefore different from Prime: Security ID Systems supplies factory-blank Advant credentials built on genuine LEGIC Advant silicon. The installation's own enrolment station writes the site-specific application structure and access keys onto each blank card exactly as it would with cards sourced directly from LEGIC. The credential is not pre-programmed; it becomes a valid site credential the moment the system enrols it. This is identical in principle to how compatible vs genuine access credentials work across other AES-secured platforms — the cryptographic security remains intact because the system, not the card manufacturer, controls the keys.

Advant also supports multi-segment operation, NFC-compatible communication modes in some variants, and LEGIC's own application management layer (SAM-based). For enterprises running office building and commercial tenant access across a large estate, Advant's key-management model means the security architecture is centrally controlled even when the physical card stock comes from a third-party supplier.

What Has a Compatible Path vs What Needs a Compatible Blank

The practical distinction between the two generations maps directly onto procurement decisions. LEGIC Prime — both MIM256 and MIM1024 — has a compatible path: a card built on matching Prime chip silicon can be programmed to operate in an existing Prime installation. Procurement teams at ski resorts, universities, and older corporate sites running dormakaba or ASSA systems based on Prime can order LEGIC Prime compatible credentials as drop-in replacements without touching the access-control software or re-enrolling existing cardholders.

LEGIC Advant, and similarly secured platforms such as Salto LEGIC Advant key cards, follow the compatible-blank model: you order blank Advant credentials from Security ID Systems, then enrol them through your own system. No pre-programming is required from the card supplier — and none is possible, because the application keys live only inside your site's SAM module or controller. This is a feature, not a limitation: it means an independent supplier can provide the physical card substrate and the system's cryptographic integrity remains under the site operator's exclusive control.

Other enterprise proprietary formats follow similar generational splits. SimonsVoss System 3060 compatible credentials and Gallagher compatible proximity cards each have their own compatible-path and compatible-blank tiers. Comparing the LEGIC family against those platforms is covered in our proximity card frequencies and standards glossary, which maps the full landscape of format generations and compatible-supply options.

Ordering Compatible LEGIC Credentials

For LEGIC Prime installations, the ordering process is straightforward. Provide the format variant (MIM256/M030 or MIM1024/M071), the quantity, and — if your system uses a custom system-master segment — the configuration details that define how new cards are accepted at enrolment. Security ID Systems' technical team works through that configuration during the enquiry stage so the cards arrive ready to enrol directly into your system. Minimum order quantities are available for both variants and standard card bodies as well as key-fob housings. Refer to our MIFARE family guide as a parallel reference: many sites running hybrid LEGIC/MIFARE estates find both guides useful when auditing what credential types are actually in circulation across their buildings.

For LEGIC Advant, the process is simpler at the procurement end: order the blank Advant credentials, receive them, and run them through your site's standard enrolment workflow. If your installation includes LEGIC Identsystems-branded readers and you are unsure whether they run Prime or Advant firmware, the reader model number will confirm the generation — and Security ID Systems' enquiry team can advise based on the lock model if you do not have access to the controller documentation.

Quantities range from small top-up orders for a single site to bulk runs for property managers overseeing dozens of buildings on a single access platform. Cards are supplied in ISO CR80 PVC as standard; custom printing, encoding, and laminate finishes are available. Security ID Systems is an independent manufacturer and supplier of compatible access-control credentials and is not affiliated with, authorized by, or endorsed by LEGIC Identsystems, dormakaba, or ASSA ABLOY.