Written by Catherine Carducci | Product Manager, Aliro | Safetrust

In almost every access control system deployed today, there’s a secret being kept, and it’s not yours.

Proprietary systems rely on shared symmetric keys managed under vendor terms. This model creates operational complexity and fails modern enterprise security reviews. It runs a separate, weaker model alongside your Zero Trust architecture rather than integrating with it.

Whether you are running MIFARE® Classic, HID® iCLASS®, SEOS®, or MIFARE® DESFire®, the underlying security model is the same — and in practice, it does not stay secret well enough, especially not across the multi-vendor, multi-tenant, multi-site environments that large enterprises actually operate.

Aliro eliminates shared secrets

A unique key pair is generated for each credential. The private key stays securely on the credential and never leaves it. The public key is signed by the issuer and included in the certificate. Readers validate against the issuer’s public certificate. No secrets are exchanged. No symmetric keys to manage across vendors or sites. The model uses public-key cryptography. This is the same foundation your IT team already trusts for enterprise systems.

Certificate management changes the game

Aliro’s use of public certificates means that credentials and readers trust each other based on the certificates they contain. Enabling a reader to trust a new source of credentials is performed by securely loading the credential issuer’s certificate. Likewise, if a set of credentials should no longer be trusted by a reader, the certificate can be removed. The Safetrust platform makes managing the certificates easy and the connected readers can be updated remotely OTA by the push of a button.

In multi-tenant environments, this delivers clear control. A building operator provisions reader group certificates defining exactly which tenants’ credentials are authorized in which areas. Tenant credentials actively participate in the trust model. When a tenant moves out, their certificate is removed from the readers which prevents the cards from being trusted and read immediately.

End users own the policy

Your organization controls the certificate authority. You decide which vendors and other organizations to trust and delegate accordingly. When a vendor relationship ends, there is no rekeying of shared secrets; your security posture remains intact because no private material was ever shared. You can source credentials from multiple suppliers while maintaining unified trust across the same readers.

Safetrust makes it seamless

Safetrust readers have four ways to connect (WiFi, Ethernet, LTE, DECT NR+) ensuring that, policy updates, certificate rotations, and revocations propagate automatically.

For special environments with disconnected readers, mobile credentials act as a transport mechanism. When a mobile credential refreshes against your backend, it receives updated reader certificates, revocation lists, and policy changes. The credential then delivers those updates during normal access events. The network does not need to reach every reader.

Performance in practice

Early interoperability testing showed authentication times around 900–1,000 ms. After optimization, Safetrust achieved full mutual authentication with GCM encryption under 500 ms. With an 800-byte AccessDoc payload and full GCM, times reach 763 ms (competitive with current mobile implementations while delivering stronger privacy and mutual authentication).

Cryptographic agility for the future

Aliro operates at the protocol layer. It supports evolving cryptographic methods over time, including post-quantum standards as they mature. This enables updates through software and policy rather than hardware replacement. Google’s March 2026 research on ECC vulnerabilities highlights why this flexibility matters.

Safetrust’s foundation

Our team has contributed to the U.S. Government CAC and PIV programs, the ISO 24727 standards, the PLAID architecture, and OPACITY authentication. As a Connectivity Standards Alliance member, we participate in interoperability testing and real-world certificate exchanges with Aliro.

The certificate is the credential

In Aliro, security lives in certificates that your organization owns and controls. Physical access can now align with the same standards as the rest of your enterprise identity, delivering stronger Zero Trust outcomes, eliminating vendor lock-in, and providing long-term resilience.

Go deeper this month

At Aliro Decoded on June 10 (11:00 AM PT / 2:00 PM ET), Jason Hart and Will Holderness will go deep on exactly these topics: certificate-based identity in practice, what post-quantum readiness actually requires, and where Aliro sits relative to MIFARE® DESFire®, HID® iCLASS®, SEOS®, PKOC, and LEAF® Verified.
You’ll walk away with the technical vocabulary to evaluate every vendor claim you’ll hear between now and your next refresh cycle.
[Register for Aliro Decoded →]

On Tuesday, June 17 at 3:45 PM, Jason Hart will be speaking at CSAUnify on “Commercial Aliro: Why Now, What It Unlocks, and What Has to Be Done” alongside Allegion, dormakaba Americas, Last Lock, and The Access Control Collective. This is a practitioner-level conversation about the commercial sector’s hardest credentialing challenges: multi-badge, multi-vendor, multi-tenant environments, and the growing collision between digital and physical identity.
As a member of the Connectivity Standards Alliance, Safetrust is one of the voices helping frame where the standard goes next.
[Register for Unify →]

Safetrust is a proud member of the Connectivity Standards Alliance.

Catherine Carducci is Product Manager for Aliro at Safetrust.