Increasing Security with Smart Credentials

Increasing Security with Smart Credentials

Prepare for smart credential and NFC deployment now

Increasing Security with Smart CredentialsFor about the same price, a smart credential provides a higher level of security, more convenience and far greater functionality than a proximity card. As used on college campuses and in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely.

For instance, MIFARE DESFire EV1 smart cards offer several different layers of security including:

  • Mutual authentication that creates the ability for the client to verify or authenticate the server;
  • AES 128-bit encryption, a key encryption technique that helps protect sensitive information;
  • diversified keys that virtually ensure no one can read or access the holder’s credential information without authorization; and
  • message authentication code (MAC) that further protects each transaction between the credential and the reader by ensuring complete and unmodified transfer of information, helping to protect data integrity and outside attacks.

Power over Ethernet Simplifies Security Applications

By Shane Duffy

As the network edge expands to include increasingly remote locations, more security system designersare specifying Power over Ethernet (PoE) as part of their network topographies. For example, imagine a remote security camera in an outdoor installation. Of course, it will need a data communications connection, but if it’s going to transmit useful video in inclement weather, it will also need a wiper for the lens, a pump for the cleaning solution and a heater to deal with frost, snow and condensation.

All of these elements require power; yet, standard Ethernet equipment will only provide the remote installation with a data connection. If no local power source is available, a separate line for power must be installed.

However, there’s a more efficient and less expensive way to go about it.

PoE provides power and data transfer on a single cable, eliminating the need to install dedicated AC power lines. The 802.3at PoE+ standard that is currently in the marketplace delivers up to 25 watts of power to end devices. The next iteration of PoE is expected to provide up to 60 watts of power. Unlike USB, which provides power and data on a single connection, PoE permits long cable runs. USB has a useful range of around five meters; PoE can easily handle cable runs of up to 100 meters.

PoE devices can simplify the management of remote devices. For example, when a link state is lost on a fiber segment, it is useful to be able to remotely force the output power on the copper port to “off.”

PoE puts data, power and remote management on a single length of cable, making it one of data networking’s most important tools.

—Shane Duffy is the fiber and telecoms product manager at B&B Electronics.

Bottom line, smart credentials increase the security of the information kept on a card and stored in a facility. In comparison to door keys, magnetic stripe cards and proximity cards provide encrypted security of smart credentials, ensuring they are far harder to counterfeit. Issuing only one smart credential impacts administrative costs. Not only is the cost of a single credential lower than purchasing multiple forms of ID, but the reduced management and distribution time for one credential will have a significant impact on productivity.

It is impossible to put a dollar amount on the potential damage that an organization could suffer by unauthorized individuals gaining access to restricted areas. By issuing staff credentials with strong authentication mechanisms, organizations are effectively investing in their well-being and demonstrating that they take security seriously.

IT-approved

When presenting a smart card solution, be prepared for representatives from the IT department to take notice. More security system decisions are being made with input from the IT department, and there is an increased desire for the convergence of physical and logical security access control.

IT professionals want strong authentication credentials; the same level of security provided by smart cards. Contrary to proximity and magnetic stripe cards and their readers, smart cards go through a challenge and response sequence to initiate conversations with the network. Communications are encrypted using industrystandard encryption techniques.

By welcoming their involvement, showing the ability to speak their language and answer their questions, you will gain additional layers of approval within the IT organization.

Smart Cards on Campus

Colleges have been out front in their use of the smart, one-card solution. Although many are using proximity cards, they have been quickly migrating to smart cards over the past couple years. That’s because they can get applications on a smart card more easily, including:

  • Identification;
  • library circulation privileges;
  • building access;
  • meal plans and “dining-dollars;”
  • student health facilities;
  • access to recreational facilities;
  • charge privileges at university bookstore locations;
  • admission to athletic events;
  • university transit;
  • access to student legal services;
  • bankcard access to university services, which eliminates the need to carry money on campus; and
  • holding a biometric template.

As those selecting smart cards have found, there’s a caveat in deploying smart cards. Choosing the right smart card credential can make all the difference when trying to use them with applications other than access control. Therefore, look for platforms that are open format rather than those designed for proprietary systems.

Open formats allow easy integration into other applications with minimal programming, speeding up the time of deployment, reducing the cost of implementation and giving organizations more freedom to get the most out of their investment. Open architecture readers also let organizations use both their current software and panels with their new credentials. If down the road the organization changes their software, they can still use the readers.

Using Smart Phones like Smart Cards

As Near Field Communication (NFC) technology is now being added to a growing number of mobile handsets to enable access control, along with many other applications, more and more organizations are considering joining the bring-your-own-device (BYOD) trend by having their users deploy their own smartphones and access control credentials. It was projected that over 285 million NFC-enabled smart phones were expected to be sold in 2013, and over half the phones sold in 2015 will be NFC capable.

NFC provides simplified transactions, data exchange and wireless connections between two devices that are in close proximity to each other, usually by no more than a few inches. As an example, Allegion’s aptiQmobile web-based key management system allows NFC-enabled smart phones to grant access to buildings and dorm rooms as well as partake in other badge ID applications.

To turn NFC-enabled smart phones into an access control credential, allowing people to use their smart phones to enter buildings, users simply download the aptiQmobile app to their smart phone. Then, their access control administrator uses the aptiQmobile cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smart phone to the reader in the same way they use an ID card.

What to Do Today

For those customers already using aptiQ multi-technology readers, there is no need to replace readers to migrate to smart cards, smart phones or a combination of the two. These readers work with magnetic stripe, proximity and smart cards as well as the NFC-enabled, mobile-phone-credentialed, all-in-one reader, providing an easy migration path to upgrade credentials between any of those versions at their own pace. If non-smart access technology is being used, multi-technology readers can be installed to help ease into the transition by reading both ID badges and smart phones. This also makes it easy for customers to continue to operate in a hybrid world of cards and mobile, if needed.

In addition, while the major carriers will ultimately offer NFC card emulation/secure element solutions, organizations wanting to use NFC-enabled smartphones as access control credentials for employees and students can begin the transition now. The recently-introduced aptiQmobile secure peer-topeer (P2P) NFC mode allows organizations to provide the convenience of using a mobile device today.

This peer-to-peer solution provides several advantages. It lets organizations use NFC-enabled, Android phones regardless of carrier choice, creating a universal solution. It even works on unlocked phones. Apple iPhone users would continue using a special case; but for many, its’ most important advantage is that it allows customers across multiple market segments to deploy now.

Ability to use Smart Credentials

Work is being done to give NFC-enabled smart phones the ability to use smart credentials. Members of the aptiQ Alliance Program, consisting of global companies that are using an open-architecture, smart card technology that extends the use of an access control card or NFC-enabled smart phone credential to an increasing number of applications, have come together to create an ecosystem of applications that support aptiQ smart card technology. End users will learn how they can better leverage smart credentials to build out an increasing number of available solutions.

The aptiQ Developer Network offers access to Allegion, a partner in the Samsung Enterprise Alliance Program (SEAP) that was created as an ecosystem for Samsung to provide better support to its various partners. Enterprise solutions, such as aptiQmobile, are an integral part of Samsung’s goto- market strategy. Allegion resources will work closely with the developers to help write the appropriate interface between their software and Allegion’s cloud-based, aptiQmobile service. As a result, developers will be able to give their current software programs the ability to issue mobile credentials.

Also, by enabling Pinsight Touch, the first nationwide open platform from Sprint’s Pinsight Media+ for securely storing and accessing credentials on a mobile device, aptiQmobile will help open up even more possibilities for the access control market.

It is very important that organizations prepare for smart credential and NFC deployment, even if they want to install proximity, magnetic stripe or keypad readers at present. Integrators can help their customers by proposing multi-technology readers that combine the ability to read magnetic stripe, proximity, smart cards and NFC-enabled smart phones. That way, when the group switches over to smart credentials, they don’t have to tear out all their old readers to install smart credential readers; and during the transition, they can use both their old magnetic stripe and proximity credentials along with the new smart credential.

This article originally appeared in the February 2014 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3