What does "compatible" actually mean here?
Compatible means built by specification, not by brand. We are an independent manufacturer and are not affiliated with, authorized by, sponsored by, or endorsed by HID, ASSA ABLOY, NXP, or any other access-control manufacturer. Our credentials are described as compatible with a given system, never as genuine, OEM, or original product. The goal is simple: a credential your existing readers accept, delivered as a cost-effective alternative to OEM list pricing, with your format kept on file for fast reorders.
There are two honest ways we make a credential work with your readers. The first is to encode a compatible credential that presents the exact data your readers already accept — same frequency, bit format, facility code and card number. The second is to supply a compatible blank credential on the matching chip platform and let your own access-control system enrol it under its own keys, the same way it would enrol a credential ordered through the OEM channel. Which path applies depends entirely on whether the format is open or cryptographically secured.
Why we supply some credentials ready-encoded and others as blanks
It comes down to whether the credential presents its identity with a static, openly readable number or with a secret key that never leaves the chip. Open low-frequency proximity formats and legacy 13.56 MHz formats present a fixed ID and bit pattern in the clear. A reader simply listens for that pattern, so encoding the same pattern onto a compatible credential produces a card your readers accept as readily as the original — exactly what you want for spare, replacement and additional credentials on an open system.
Secured smart credentials work differently by design. MIFARE DESFire (AES), MIFARE Plus in its secured level, HID iCLASS SE, iCLASS Elite, and HID Seos run a mutual-authentication exchange using a diversified key held in protected memory. That key is engineered never to leave the chip and is not readable from a card by anyone, including us. For these tiers we supply a compatible blank credential on the correct chip platform, and your own system enrols it under its own keys during normal provisioning. The keys, and your site security, stay in your hands — exactly the model you would follow ordering blanks through the OEM channel.
Which formats we encode ready-to-use
These formats carry a static identifier with no proprietary cryptographic layer, so a correctly encoded compatible credential presents the exact data your readers already accept. If your site runs one of these, we can typically encode from a working sample or program to a facility code and card number you supply, then keep that format on file for fast reorders.
- 125 kHz EM formats (EM4100 / EM4102 / EM4200) — read-only LF tags, encoded onto a T5577 or EM4305 compatible blank
- HID Prox (the open H10301 26-bit, H10304 37-bit, and similar Wiegand formats) on 125 kHz — an open, non-proprietary industry standard
- Indala (Motorola / HID) 125 kHz proximity, including FlexSecur scrambled formats when a sample is available
- AWID 125 kHz proximity formats
- Legacy HID iCLASS (Picopass) standard credentials configured in the publicly documented standard mode
Which credentials we supply as compatible blanks your system enrols
For these families we supply a compatible blank on the matching chip platform rather than an encoded credential. The chip runs real cryptography, so the correct and secure path is for your own access-control or property-management system to enrol the blank under its own keys, exactly as it would a credential ordered through the OEM channel. This keeps your security model fully intact while still giving you a cost-effective alternative to OEM list pricing.
- MIFARE DESFire EV1 / EV2 / EV3 with AES (or 3DES) authentication — built on genuine NXP silicon
- MIFARE Plus running in a secured security level — genuine NXP MIFARE Plus
- HID iCLASS SE and iCLASS Elite (custom-key) credentials
- HID Seos — the highest-assurance HID smart credential
- MIFARE Ultralight C and other 3DES-authenticated tags used in hospitality
How do I know which path my system needs?
Start with the frequency and the chip. A 125 kHz low-frequency credential is almost always an open, industry-standard format we encode directly to a compatible credential. A 13.56 MHz card may be open (legacy iCLASS standard configuration, MIFARE Classic in some non-secured deployments) or fully secured (DESFire AES, Seos, iCLASS SE / Elite) — the chip and how your reader is configured decide that.
If you are unsure, send us a clear photo of both faces of the card, any printed part numbers, and a description of your reader or panel. We identify the format and tell you plainly whether we encode a compatible credential ready to use or supply a compatible blank for your system to enrol. We never overpromise: if a format calls for the blank-and-enrol path, we say so up front rather than shipping a credential that will not open the door.
Is using a compatible card legal and safe for my system?
Sourcing a compatible credential for a system you own and administer is a routine, legitimate way to manage cost — the same way third-party ink, tires, or batteries work alongside the original equipment. You are entitled to populate your own access-control system with credentials of your choosing, and brand and format names appear here only to identify the systems our products are compatible with.
For secured formats the blank-and-enrol path is also the most secure: because your system writes its own keys, you keep full control of who is in the database and you can revoke any credential at any time. We only ask that you order credentials for systems you are authorized to administer, and that you treat any spare the way you would a spare original. MIFARE and DESFire are registered trademarks of NXP B.V.
How we supply each credential family: ready-encoded compatible credentials vs compatible blanks your system enrols
| Credential / family | How we supply it | Notes |
|---|---|---|
| 125 kHz EM4100 / EM4102 / EM4200 | Ready-encoded compatible credential | Encoded from your sample, or to a facility code + card number you supply, onto a T5577 or EM4305 compatible blank |
| HID Prox (26-bit H10301, 37-bit, etc.) | Ready-encoded compatible credential | Open Wiegand standard — encoded from sample, or programmed to your facility code + card number |
| Indala / FlexSecur 125 kHz | Ready-encoded compatible credential | Scrambled format encoded onto a compatible LF credential when a working sample is provided |
| AWID 125 kHz proximity | Ready-encoded compatible credential | Open format — encoded onto a compatible 125 kHz credential to match |
| HID Corporate 1000 (35-bit / 48-bit) | Encoded to your registered code set, or blanks for your integrator | OEM-managed program — encoded to your assigned numbers, or supplied as compatible blanks for your integrator to encode |
| Legacy HID iCLASS (Picopass) standard config | Ready-encoded compatible credential | Encoded onto a compatible 13.56 MHz iCLASS-family credential in the documented standard mode |
| MIFARE Classic 1K (non-secured use) | Ready-encoded where accessible, otherwise compatible blank to enrol | Genuine NXP MIFARE Classic 1K — encoded when sectors are open; otherwise supplied blank for your system to enrol |
| MIFARE DESFire EV1 / EV2 / EV3 (AES) | Compatible blank your system enrols | Genuine NXP DESFire blank your system provisions under its own keys |
| MIFARE Plus (secured level) | Compatible blank your system enrols | Genuine NXP MIFARE Plus blank for your system to enrol |
| HID iCLASS SE / Elite | Compatible blank your system enrols | Compatible SE-family blank your system provisions with its diversified keys |
| HID Seos | Compatible blank your system enrols | Compatible Seos-family blank for your system to provision |