By Raj Venkat
Security is complicated. In any given facility, there are multiple openings to secure and multiple people who need access. Varied layers of clearance, employee turnover rates, and a long list of other factors play a role in dictating exactly which credential solutions make the most sense.
Whether it is a key, card, biometric device, or multi-factor authentication, a credential system provides access to spaces or services within a facility. Higher-security credentials, like smart cards and biometrics, are often required for restricted areas or rooms containing sensitive information or materials. Keys or personal identification number (PIN) codes may be sufficient for supply closets and other less sensitive areas that still require security, but where convenience takes precedence. Many times, several types of credentials are used together.
Mechanical locks have been a staple of commercial security for years. They are dependable, affordable, and secure. Today, mechanical locks play a vital role in the broader security system of many hospitals, schools and universities, offices, and other commercial buildings. However, they can be cumbersome for specific applications.
Card-based credentials are available in a variety of technologies, including magnetic stripe, proximity, and smart cards. They are also available in numerous forms to suit different building needs. For system managers, card-based credentials are easier to manage than lock-and-keys, and are harder to duplicate than PIN codes. Access privileges can be easily assigned and revoked, and those of a single user can be altered without impacting the entire population. With card-based access, the threat of unauthorized keys or shared PINs is eliminated.
With magnetic stripe cards, users physically swipe their card through a reader (much like a credit card). Magnetic stripe technology has been around for decades and provides an affordable option for low-security environments and convenience-based applications. They do not work well in dirty environments, however, due to the electromechanical nature of the acquisition device.
Proximity cards are the most basic form of ‘contactless cards.’ These credentials are encoded with a unique number that cannot be updated or changed. This ensures the data on the card remains intact and unaltered. They are applicable for a wide array of environmental conditions and in applications requiring a unique identification number, but are not optimal for applications that require data storage.
As the name implies, contactless cards do not need to physically touch a reader. Instead, users simply wave them in front of a device—reducing wear on the reader and card and extending the life of the system. This makes them an ideal choice for facilities with a high volume of traffic on specific openings or a large number of users.
Smart cards are the most advanced contactless cards on the market today. As far as users are concerned, they function just like proximity cards. However, there is a key difference—smart cards have the ability to store information. This makes them significantly more useful than magnetic stripe or proximity cards.
Biometrics provides an automated method of recognizing an individual based on his or her unique physical characteristics. This technology eliminates a person gaining entry by using another’s key, code, or card—it is harder, after all, to share fingerprints or retinas. Biometric-based systems, like hand geometry, enable a facility manager to ensure only verified users have access to a facility at authorized times. Biometrics provide the highest level of assurance the actual authorized individual—rather than just the authorized key, card, or code—has access to a secure facility.
Current state of security
The proximity card remains the most used credential in access control. However, with the price of smart credentials being comparable to proximity today (within five per cent or so), many building owners and facility managers are opting for the former, even if the only application will be physical access control.
A smart credential can provide higher security, more convenience, and far greater functionality than a proximity card. Smart credentials have the ability to manage access, payments, tool and supplies check-outs, and many other functions. For new construction, even if smart card systems are not part of the original project budget, it makes sense for multi-technology readers to be specified. This way, when the switch to smart cards comes about, building owners will not have to tear out and re-install all their facilities’ readers.
Cutting-edge smart cards use proprietary technologies based on various levels of the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 14443, Identification Cards: Contactless Integrated Circuit Cards–Proximity Cards—a global standard that defines proximity cards used for identification, and the transmission protocols for communicating with it.
These systems offer several different layers of security, including mutual authentication, which ensures the reader and the card are allowed to ‘talk’ with each other before any information is exchanged. Smart cards using this MIFARE DESFire EV1 protocol also provide:
- AES 128-bit encryption—this is a key encryption technique that helps protect sensitive information;
- diversified keys that virtually ensure no one can read or access the holder’s credentials without authorization; and
- Message Authentication Code (MAC), which further protects each transaction between the credential and the reader (it ensures complete and unmodified transfer of information, helping protect data integrity and prevent outside attacks).
Most organizations understand the importance of a ‘one-card’ solution, rather than having employees or tenants carrying multiple cards or keys. The reason for the slow, but steady, migration from proximity to smart card is because the latter allows implementation of myriad applications, which include:
- building access;
- supplies check-out verification;
- company cafeteria or health plan charges;
- access to recreational facilities;
- possibility of co-ordination with transit providers; and
- bank card access.
Thus, as well as their increased security capabilities, open system smart credentials can be used to host multiple applications, letting organizations consolidate many services on one card, producing cost savings and increased efficiencies. Contrary to a smart card that is of a proprietary design, an open-system smart credential, such as one based on the MIFARE standard, will be able to work with other hardware and software also built to the standard without having to undertake tweaking. It is much more efficient, economical, and secure for an employee to carry a smart card that can provide various applications, including storage of a biometric template.