About LEGIC

LEGIC stands for LEG = Legitimation + integrated Circuit (IC). It is pronounced "LE" as in the start of "Legitimation", and "GIC" as in the second syllable of "maGIC",

LEGIC Identsystems AG is headquartered in Wetzikon, Switzerland, approximately 25 kilometers outside of Zürich. The company has sales offices in the USA, UK, Germany and China.

LEGIC has been a trusted supplier of authentication and secure credential management platforms consisting of software services and semiconductor components to leading corporations worldwide for more than 30 years. LEGIC introduced the world's first commercially available contactless identification solution based on 13.56 MHz in 1992.

There are over 100 thousand installations of LEGIC’s security platforms running worldwide. 

LEGIC’s advant and neon technology for smartcard / smartphone authentication and credential management have never been compromised.

LEGIC’s security platform is ideal for enabling applications that require secure, contactless management of the interaction between people and things. Customer applications enabled by the LEGIC Security Platform include: 

• Access control to buildings, rooms and IT equipment such as terminals and printers.
• Applications where many users share high-value resources such as car or IT resource sharing
• Applications requiring managed access to machines and sensitive information such as healthcare or financial data terminals
• Smart city applications that enable autonomous permissioned control of a building’s operations in response to specific occupant requirements
• Closed-loop ePayment applications such as corporate canteen or vending services

All credential data stored on a smartcard is encrypted via AES (128/256 Bit), 3DES, DES, or LEGIC encryption. LEGIC Security Modules are pre-programmed with corresponding decryption keys stored in an integrated secure element, meaning they never leave secure environments in an unencrypted form. Keys are also modified after each session eliminating so-called replay attacks.

Smartcards are extremely robust with long lifetime (e.g. can survive in the washing machine). They need no power supply, or software updates. Smartcards support short-range contactless communication, typically 20 cm but can be customized to meet application requirements. This is ideal for high-security apps requiring close-proximity such as e-payment and access control. Smartcards are also low-cost and double as visual identification (photo ID badge).

Smartphones support long-range contactless communications based on Bluetooth Low Energy (10+ m), which is well suited for longer distance applications such as remote control of lighting, heating, etc. or opening garage doors. Android smartphones also support NFC, which also gives them the benefits of close-range communication. Smartphone-based apps can also be instantly downloaded and used which is ideal, as an example, for real-time granting of building or room access and employee onboarding. Smartphone apps can also be integrated with LEGIC’s authentication and credential management software to create graphical-rich 3rd party applications. Smartphones also allow Instant, remotely updatable/revocable permissioning, and have multifactor authentication hardware/software built-in to support fingerprint and facial recognition.

Apple iOS and Android are supported.

The platform also supports bi-directional encrypted messaging between LEGIC Connect, mobile app and edge devices. This may include any binary data such as text, files, code, etc. It also supports Firmware Update Over the Air (FOTA), and secure hosting of application software in hardware secure element (in addition to encryption key storage).

Between cloud & smartphone; HTTPS over TLS, up to version 1.3. Between smartphone and IIoT edge devices (via a LEGIC Security Module); mutual authentication with AES-128 session keys. Between the Security Module and the host controller of the IIoT device, communication is encrypted via AES-128/256 or 3DES. Credential data passing over all these links are further encrypted using symmetrical encryption keys based on AES-128 that are stored in a Hardware Security Module of LEGIC’s Trusted Service. 

V5.1 Bluetooth Low Energy, RFID and Near Field Communication (NFC) standards ISO 14443 A, ISO 14443 B, ISO 15693, LEGIC RF standard, Inside Secure, Sony Felica, and ST SR series, Apple ECP 2.0

Credentials are data uniquely associated with an individual user. Credentials may include data defining a person’s unique identity, when and where and for how long a user may use a device, which applications are available to the user, e-money balance for e-payment applications, data access privileges, etc. In the simplist case, a Credential could just be a random token issued to a user allowing the them to use a resource, for example a printer. Credentials are provisioned by an (optional) cloud management system and securely stored on a users’ smartcard or smartphone to give them managed access to devices, data, services and infrastructure.

127 for 4k advant smartcards, for smartphones you are only limited by the memory size of the smartphone.

Security can be scaled up with smartphones by using mobile OS security features like fingerprint/facial recognition, or with an ID solution provider defined PIN that is entered via the smartphone.  For smartcard based applications, measures can be implemented on the reader terminal (biometrical sensors, PIN pad, etc.). For both solutions, any combination can be implemented.

LEGIC Connect runs in AWS cloud regions located in Switzerland and the European Union to ensure both, GDPR compliance and geo-redundancy. The Hardware Security Modules (HSMs) are run in secure, audited environments within Swiss borders only.

Compliance under the CRA is a shared responsibility across the digital supply chain. The CRA lays down rules for all “products with digital elements” placed on the EU market—this includes not only final products (e.g., a smart lock or industrial IoT gateway) but also the components within them. As such, LEGIC’s own products are required to be CRA compliant, and we ensure they meet these rigorous standards. While integrating a compliant LEGIC component does not grant automatic CE marking for your entire final device, our technology enables your overall compliance by providing a cryptographically secure, pre-hardened foundation. The CRA employs a risk-based classification scheme, imposing its most rigorous conformity assessments on products designated as "critical." We deliver the hardware roots of trust and secure elements that can help you navigate and meet the stringent statutory demands associated with these high-risk classifications, allowing you to focus on your application logic rather than low-level security engineering.

By building your architecture on LEGIC’s Security Modules and managed cryptographic services, you work towards adopting the "Security by Design" principles mandated by Annex I of the CRA. Our platform provides standardized, highly secure mechanisms for data protection at rest and in transit. By mapping your device architecture directly to our secure platform, you ensure that the fundamental building blocks of your product already align with the European Commission's rigorous security requirements. 

The CRA demands robust protection of security parameters, cryptographic keys, and the integrity of device configuration. Here, LEGIC Orbit serves as your centralized, highly secure key and configuration management system. Operating with certified Hardware Security Modules (HSMs), LEGIC Orbit randomly generates and distributes application keys and configuration data directly to edge devices via end-to-end encrypted Versatile Configuration Packages (VCP). Because these keys are never visible to anyone—not even the operator—LEGIC Orbit ensures a completely closed, tamper-proof chain of trust during device commissioning and throughout its lifecycle.

Annex I, Part II of the CRA dictates strict vulnerability handling and ongoing security updates throughout a product's lifecycle. LEGIC addresses this by providing automated over-the-air (OTA) update mechanisms and long-term firmware support for LEGIC Security Modules. We monitor for vulnerabilities and provide patches where necessary, ensuring your deployed devices maintain their secure posture over time. This commitment to continuous operational readiness is how we deliver true Lifetime Value to our partners and customers. 

Navigating the impending deadlines requires strategic preparation. While the September 2026 deadline specifically introduces mandatory reporting obligations for actively exploited vulnerabilities and severe incidents, the December 2027 enforcement cliff requires immense engineering foresight to achieve full product compliance. LEGIC acts as an indispensable compliance enabler across both phases by providing transparent, technical guidance on our integrated security modules. We supply the necessary technical documentation required to support your conformity assessments.

Yes. When your device manufacturer utilizes LEGIC’s secure architecture, your facility benefits from state-of-the-art cryptography, end-to-end encryption, and hardware-secure elements. We design our technology to minimize the impacts and contain the effects in case an unexpected vulnerability would be found. This ensures true Digital Sovereignty, giving you absolute control over your infrastructure and protection against evolving cyber threats. 

LEGIC advant smartcard technology incorporates advanced encryption and secure key management that aligns with the CRA’s stringent requirements for secure data processing and protection against unauthorized access. While the final access card or reader requires its own conformity assessment by the manufacturer, the underlying advant technology provides the necessary cryptographic basics so that these credentials cannot be easily cloned or compromised. 

LEGIC neon is engineered entirely on the principle of Security by Design. Utilizing state-of-the-art cryptographic algorithms and end-to-end encryption, neon ensures that credential data remains absolutely secure, whether stored on a smartphone, a modern smartcard, or in transit. Because its cryptographic keys are dynamically generated, containerized, and never visible, LEGIC neon inherently protects against data breaches, tracking, and unauthorized access, fulfilling the CRA's mandate for securing personal and sensitive data.

The CRA mandates stringent protection of cryptographic keys and system integrity. LEGIC Master-Token System-Control (MTSC) addresses this by anchoring your system's administrative rights to a unique, uncopiable physical smartcard—the Master-Token—rather than relying on vulnerable, volatile passwords. This hardware-based approach guarantees security independence, ensuring that only the physical holder of the token can authorize reader configurations or encode smartcards.

LEGIC Orbit is engineered from the ground up with Security by Design at its core. It provides a highly secure, managed cloud environment for cryptographic key distribution and mobile credential lifecycle management. LEGIC Orbit fully supports the continuous operational readiness mandated by the CRA, allowing for secure issuance, revocation, and updating of mobile credentials. It perfectly embodies our principles of Versatility and Simplicity—delivering enterprise-grade security without operational friction.