What makes a format 'high security' or 'registered'?
On a 125 kHz proximity credential, 'high security' rarely means cryptography. It usually means a wider, less common bit format combined with a registered or restricted facility code, so that ordinary 26-bit blanks cannot collide with it and casual suppliers cannot determine the layout. HID Corporate 1000, for example, is a managed program: the 35-bit C1000 uses a 12-bit company/facility ID plus a 20-bit card number, and the 48-bit C1000 widens the company code and uses a roughly 23-bit card number for millions of unique credentials. The protection is administrative, the company code and card-number range are controlled by HID for the enrolled organization, not mathematical.
Indala FlexSecur adds a different twist. It scrambles or obfuscates the Wiegand payload before it is encoded, so a reader provisioned with the matching FlexSecur key resolves the real facility code and card number while a plain reader sees noise. Custom OEM layouts, such as a DMP 31-bit or 33-bit internal prox, a Lenel 42-bit, or a Software House CCOTZ 37-bit, simply rearrange the facility-code, card-number and parity fields in a vendor-specific way at an unusual bit length. None of these are encrypted in the smart-card sense; they are private bit structures riding the same open, industry-standard low-frequency carrier.
- Registered: numbering managed by the OEM program (e.g. HID Corporate 1000)
- Scrambled: payload obfuscated before encoding (e.g. Indala FlexSecur)
- Custom OEM layout: unusual bit length and field order (DMP, Lenel, Software House)
- Still 125 kHz Wiegand data, not smart-card encryption
Are these formats encrypted, or just hard to find?
They are hard to find, not encrypted. A secured smart credential, MIFARE DESFire with AES, HID Seos, or iCLASS SE and Elite, performs a cryptographic challenge-response that depends entirely on secret keys held inside a 13.56 MHz secure element. The registered and custom low-frequency formats discussed here are different: the data is present in the clear (or, for FlexSecur, lightly scrambled with a documented transform), and a reader recovers a plain facility code and card number from it.
That distinction is the whole reason these formats are sourceable at all. Because the structure is deterministic, a programmable blank can be loaded with the identical format, facility code and card number, and the original reader treats it as a valid credential. What stops most suppliers is not a cipher; it is that they do not know the bit layout, do not have a sample to read, or are unwilling to handle anything outside the common open formats. We treat the format as an engineering problem: identify the structure, confirm it against your sample, and encode a matching compatible card.
How HID Corporate 1000 and registered numbering actually work
Corporate 1000 is a registered program. When an organization enrolls, HID assigns it a company code (the 12-bit field on 35-bit C1000, a wider field on 48-bit) and manages the card-number ranges issued under it. The point of the program is that the company code is unique to that customer, so cards from one Corporate 1000 site will not validate at another, and additional cards in a given range are coordinated through the organization's own HID enrollment. That is what 'registered' means in practice: a managed namespace, not an encrypted card.
We are clear about the limits of that. We are an independent manufacturer and supplier of compatible cards. We are not affiliated with, authorized by, or endorsed by HID, and we do not hold or sell anyone's Corporate 1000 company-code allocation. What we can do is encode a compatible blank to the 35-bit or 48-bit C1000 structure with the company code and card number you already own and are entitled to use, exactly as printed on or read from your existing credentials. The numbering authority stays with your organization and HID; we supply the physical card that carries it.
What we need from you to supply a compatible custom-format card
Because these formats are private, we cannot guess them, and that is the single biggest reason a custom-format order stalls. To encode a matching compatible credential we need the documented format and a way to confirm it, which almost always means a physical sample we can read or the precise specification from your access-control administrator. With a known structure, the rest is straightforward bit encoding onto a programmable blank.
A working sample card matters even more on scrambled or proprietary layouts like FlexSecur or a DMP custom prox, where the field positions and any transform are not published. Reading one of your good cards lets us document the exact format, facility/company code and card number, verify parity, and produce blanks that read identically on your existing readers. If you only have the numbers and not a card, send the documented format name, the facility or company code, and the card number or range, and we will tell you whether that is enough to encode a clean compatible match.
- The format name or family (e.g. Corporate 1000 48-bit, FlexSecur, DMP 33-bit)
- The facility / site / company code
- The card number or the range you need encoded
- Ideally a physical sample card we can read to confirm the structure
Why we will supply these when others will not
Most card suppliers stop at open 26-bit and a handful of common wider formats because anything registered or proprietary takes effort: identifying the layout, sourcing the right programmable chip, and encoding a non-standard parity scheme correctly. Registered programs also deter suppliers who assume 'registered' means 'encrypted.' It does not, and we are comfortable working at this end of the market. When the structure is documented and you have the right to the credentials, we encode the compatible card.
There are real limits we are honest about. For credentials whose security is genuinely cryptographic, MIFARE DESFire with AES, HID Seos, iCLASS SE or Elite, we do not attempt to reproduce the secret keys; instead we supply compatible blank credentials on the correct chip platform that your own system enrols with its keys, exactly as it would credentials ordered through the OEM channel. And for registered low-frequency programs we supply the physical compatible card carrying numbering you already own, without claiming any affiliation with or authorization from the manufacturer. Within those honest boundaries, a custom or registered 125 kHz format is something we can match when almost no one else will.