Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
23 January 2006  
Untitled Document
Sections

Market
Management
Technology
 Technology Life
Columns

Between The Bytes

Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Management - Article

CXO Accent

Smart cards for access control



Mark Scapparo

The applications, advantages and benefits of contactless smart cards.

Security managers have never had more options for access control cards and other badging and credentialing applications. Magnetic stripe, Wiegand and proximity technology remain popular and effective.

One new technology many security and IT managers are evaluating is the contactless smart card. Just as proximity technology brought advantages over Wiegand card technology 20 years ago, contactless smart card technology is bringing new advantages over proximity for physical access control as well as other applications.

The objective of this article is to discuss smart card technology in an access control context, present its advantages, and discuss implementation considerations.

Benefits

Whether you are installing a new system, expanding an existing one, or undertaking a major upgrade, there are several considerations for using contactless smart cards instead of proximity or other access control card technologies. The following are the most important benefits of contactless smart cards.

Better security

Contactless smart card technology is optimised to provide highly secure devices by using cryptography, encryption and the internal computing power of the smart chip. Since the ISO/IEC standards do not address security and authentication, this capability must be examined in relation to the technology of each supplier.

For example, access control data in the card may be protected using 64-bit diversified security keys based on a unique card serial number. This security can be further customised by the end-user with a card programmer. The reader never transmits this unique card serial number to the control panel because it is used exclusively for key diversification and to prevent data collision when reading several cards at the same time.

RF data transmission between the cards and readers is encrypted using a secure algorithm so that with certain contactless technology the transaction between the card and the reader cannot be ‘sniffed’ and replayed to a reader. In addition, the cards and readers authenticate each other using a symmetrical key-based algorithm. For even higher security, card data may also be protected with DES or triple DES encryption.

By using diversified unique keys and industry standard encryption techniques, the risk of compromised data or duplicated cards is reduced. Even if an unauthorised person obtains a reader, without the keys the reader will not authenticate the card and data will not be transmitted.

These strong security measures are not implemented in proximity cards, giving contactless smart cards a significant advantage in security. Contactless physical access control credentials can carry secure IT applications such as secure log-on to networks, digital signature, and encryption.

Every day there is news of some new incident involving breaches of information systems security, and smart cards are rapidly becoming the de facto choice for securing IT infrastructure. While still in the early stages, this trend is being established by two influential groups which know the subject well— the computer industry and the US government. For example, Sun, HP and Microsoft have initiatives to use smart cards for their own worldwide network security. The US departments of defense, interior, and treasury have smart card initiatives for network access and electronic signatures.

Storage, secure reading and writing of data

Contactless smart card memory capacity ranges from 64 to 64K bytes, whereas proximity card memory ranges from eight to 256 bytes (2K bits).

Applications

Depending on the amount of memory available and the number of memory areas, contactless smart cards can serve as multi-application credentials that are used for many purposes. Since the memory can securely store any kind of information, physical access control credentials based on contactless technology can be used for just about anything. Applications are listed in the box titled ‘Multiple applications.’

Multiple applications

  • Biometrics
  • Equipment and material check-out
  • Health records
  • Secure authentication
  • Loyalty and membership programmes
  • Transit passes
  • Guard tour information
  • Parking and perimeter security
  • Digital cash
  • Time and attendance
  • Authorised access to office equipment
  • Information access

Another application that is offered with an access control card is parking and perimeter security. Eastman Kodak had a growing urgency to identify vehicles at long distances to guard their security perimeter and control access to parking facilities and loading dock areas within their corporate campus in the US. The deployment of an automatic vehicle identification (AVI) system was the logical need; an additional requirement at this phase of the project was compatibility with the company’s new employee access control cards.

Today, an updated system allows vehicles to activate gates and doors far enough in advance to eliminate the need to stop. This reduces a critical and potential security choke point at the company’s vehicle entrance area. Safety is also improved because drivers no longer need to reach out of a vehicle window for the stationary reader that is typically associated with card-only vehicle access.

Smart cards and biometrics

Smart cards are an ideal complement to a biometrics implementation, and are particularly well-suited for installations spanning multiple sites. Storing the template on the card simplifies system start-up and enables the support of unlimited members. It also eliminates the redundant wiring requirement for biometric template management, lowering implementation costs significantly.

Access keys

In many cases, organisations consider control of their own keys for physical access control and other applications an essential element to security. Contactless technology makes it possible to do this.

Future-proofing

Today, your immediate need may only be access control, but are you planning for tomorrow? A contactless smart card access control system provides an immediate benefit of higher security and also better positions the organisation with options for adding new applications in the future.

The many advantages of contactless smart cards have generated a great deal of interest in recent years, but one important factor that held the market back is cost. Until now, proximity technology held an important cost advantage over smart cards; however that has changed. Anyone with a budget to put in a standard proximity-based access control system can afford to install a smart card system instead.

Advantages over conventional smart cards

Contact smart cards never gained acceptance for use in physical access control systems for three main reasons.

  • A contactless presentation of the card is much more user-friendly and convenient for physical access control. With contact smart cards, users must properly orient the card to put the contact in the correct position, find the opening in the reader, insert the card and leave it there until the end of the transaction before removing it.
  • Contactless smart cards and readers are much more durable in harsh, dirty or outdoor environments such as those typically found in access control applications.
  • Contactless card transactions are designed to be faster than contact transactions.

Contact smart cards were not optimised for fast transactions but for high-security applications like financial services and debit card PIN protection. Since contactless cards were targeting high throughput applications like transit fare collection and ticketing, fast transactions were mandatory while still maintaining high levels of security. For that reason, as contactless technology developed, it was optimised for fast reading and authentication—an advantage in access control systems as well.

13.56 MHz contactless smart card chip with antenna

Multiple technology cards

Since contactless smart cards are generally delivered on ISO/IEC 7810 compliant card bodies, other features normally associated with plastic cards can be used in conjunction with contactless technology (See box: Features).

Features

  • Pre-printed graphics
  • Magnetic stripes
  • Bar codes
  • Photo personalisation via dye sublimation printing
  • Other customisation via dye sublimation printing
  • Contact chips
  • Embossing
  • Holograms
  • Signature panels
  • Punched slots for lanyards

In addition to these typical features, different technologies can be successfully combined on a single card, such as combining 15693 contactless (a standard) with Wiegand, magnetic stripe or proximity technology as a way to transition to the new technology over time. Cards that carry more than one technology are often called hybrid cards, combo cards or simply multiple technology cards.

Multiple technologies on a single credential can provide an excellent solution in many situations. One example is combining a high performance crypto-processor contact card (for secure network log-on) and contactless technology (for physical access control) on a single photo-ready identity credential. Another typical use is facilitating the migration from one access control technology to another over an extended period, across multiple facilities, or for subsets of the entire cardholder base.

Another aspect important to physical access control is making the smart card technology available in other form factors, notably keys and tags. (Tags are protected, self-adhering modules that can conveniently be added to an existing credential to simplify migration, or as a quick way to add new capabilities to a part of the total card population.) It is very important to confirm that your selected technology is available in these additional form factors common to the physical access control market.

For today or tomorrow

Contactless smart card technology is well suited for access control applications. It provides higher levels of security than traditional access control technologies. The platform also enables additional applications to be implemented on the same credential. There are products available in the market today that provide an affordable migration path to smart card technology while protecting customer investments in existing infrastructure.

Whether a company is implementing an IT security solution today, or is looking downstream and planning for the future, it makes sense to put in a contactless smart card access control system. This is because it creates a technology base that can support IT security and physical access applications on the same credential.

The author is Executive Vice-president, Sales, HID Corporation.
He can reached at hidindia@hidcorp.com

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.