What are iCLASS, iCLASS SE, and Seos?
These are three security tiers in HID's 13.56 MHz credential family, and they are very different under the hood even though they can look almost identical on the outside. They all operate at the same high frequency, but the chip platform and the credential architecture behind each one changed dramatically over the years, which is exactly why the right compatible product is different for each tier.
Legacy iCLASS is the original platform, built on the picopass chip and introduced as HID's first contactless smart-card line. iCLASS SE (Secure Identity Object) is the later, hardened generation that wraps credential data in a managed key architecture. Seos is HID's highest tier: an open, standards-based smart credential using strong, modern cryptography and the one HID positions for mobile and the most security-conscious deployments.
- Legacy iCLASS (picopass, standard configuration) — the oldest tier; we supply ready-encoded compatible 13.56 MHz credentials.
- iCLASS SE / iCLASS Elite — modern, managed-key platform; we supply compatible blanks your system enrols.
- Seos — highest tier, strong modern cryptography; we supply compatible blanks your system enrols.
What compatible options exist for HID iCLASS and Seos?
It depends entirely on which tier you have, and being clear about that is the whole point of this page. For legacy iCLASS running the standard, non-proprietary configuration, we encode a compatible 13.56 MHz credential that presents the exact data your readers already accept — same platform, same stored credential data — so it is recognised at the door like any authorised card. That is the tier most people are actually holding when they ask about a replacement or spare for their iCLASS card.
iCLASS SE, iCLASS Elite, and Seos are a different story. These use modern key management and strong cryptography, and they are secured by design. For these tiers the correct, superior path is not a ready-encoded credential but a compatible blank that your own system enrols, which we cover below. This is exactly how HID intends these platforms to be provisioned, and it keeps your keys and your site security in your hands.
Why is legacy iCLASS open but SE and Seos are secured?
Legacy iCLASS shipped with a standard configuration that was common across a very large installed base. Because of that shared baseline, the credential data is in effect an open format, similar in spirit to how 125 kHz proximity formats are open. For sites still running legacy iCLASS in that standard configuration, we can encode a compatible credential directly to a programmable 13.56 MHz blank that your readers already accept.
iCLASS SE and Elite were designed specifically to close that openness. Elite uses a site-specific custom key rather than the shared standard one, and SE adds a managed Secure Identity Object layer so the meaningful data is protected by keys that stay inside the system. Seos goes further still with strong, modern cryptography and a credential model built around per-site diversified keys. For all three, the right compatible product is a blank your own system enrols, which is precisely why these tiers are marketed as high security.
What do you supply for SE, Elite, and Seos?
For the secured tiers we supply compatible blank credentials on the matching chip platform. A compatible blank is a card or fob built on the same technology your reader expects, shipped unprogrammed, so your access-control system or credential-management platform enrols it with its own keys exactly as it would a card ordered through the OEM channel. The keys, and your site security, stay in your hands throughout.
In practice that means your administrator (or your integrator) adds the new compatible card to the system, assigns it to a user, and the reader accepts it because the system itself wrote the keys. You get usable spare, replacement, and additional credentials as a cost-effective alternative to OEM credentials. We are an independent manufacturer and supplier of compatible access-control credentials and are not affiliated with, authorized by, sponsored by, or endorsed by HID Global.
- Legacy iCLASS (standard configuration): we supply a ready-encoded compatible credential.
- iCLASS SE / Elite: a compatible blank your system enrols with its own keys.
- Seos: a compatible blank your system enrols with its own keys.
- Every tier keeps the keys and site security in your hands.
How do I tell which iCLASS tier I have?
Start with the markings and the reader, because the tiers look alike by eye. Legacy iCLASS cards are often printed simply as iCLASS, frequently with a 2K or 16K capacity reference tied to the picopass chip. SE-generation credentials are usually marked iCLASS SE or Seos, and the reader by the door commonly carries matching branding such as an HID multiCLASS SE or Signo reader. The credential part number on a purchase record is the most reliable single clue if you can find it.
If the markings are ambiguous, the safest assumption for a card you cannot positively confirm is the secured path: order a compatible blank and let your system enrol it. That route works regardless of tier, whereas a ready-encoded credential is only appropriate for genuinely legacy, standard-configuration iCLASS. When in doubt, send us a clear photo of both sides of the card and of the reader, plus any part number, and we will help you identify the tier and point you to the correct compatible product.
Is an enrolled compatible card as good as the original?
Functionally, yes. Because your own system writes the keys during enrolment, a compatible blank that has been enrolled is treated by your readers exactly like any other authorized credential on the platform. It opens the same doors, follows the same access rules, and can be revoked the same way if it is ever lost.
The enrolment route is also the more secure choice, not a compromise. A credential whose keys come from your live system inherits your site's security posture rather than depending on whatever was on the card before. For SE, Elite, and Seos sites, this is simply how the technology is meant to work, and it is why we supply compatible blanks your system enrols rather than pre-encoded cards for these tiers.