Increasing Security with Smart Credentials
Prepare for smart credential and NFC deployment now
- By Jeremy Earles
- Feb 01, 2014
For about the same price, a smart credential provides a higher level
of security, more convenience and far greater functionality than a
proximity card. As used on college campuses and in newer access
control systems, smart credentials have the ability to manage access,
payments and many other functions much more securely.
For instance, MIFARE DESFire EV1 smart cards offer several different layers
of security including:
- Mutual authentication that creates the ability for the client to verify or authenticate
the server;
- AES 128-bit encryption, a key encryption technique that helps protect sensitive
information;
- diversified keys that virtually ensure no one can read or access the holder’s credential
information without authorization; and
- message authentication code (MAC) that further protects each transaction
between the credential and the reader by ensuring complete and unmodified
transfer of information, helping to protect data integrity and outside attacks.
Power over Ethernet Simplifies Security Applications
By Shane Duffy
As the network edge expands to include increasingly remote locations, more security system designersare specifying Power over Ethernet (PoE) as part of their network topographies. For example,
imagine a remote security camera in an outdoor installation. Of course, it will need a data communications
connection, but if it’s going to transmit useful video in inclement weather, it will also need
a wiper for the lens, a pump for the cleaning solution and a heater to deal with frost, snow and condensation.
All of these elements require power; yet, standard Ethernet equipment will only provide the remote installation with a data connection. If no local power source is available, a separate line for power must be installed.
However, there’s a more efficient and less expensive way to go about it.
PoE provides power and data transfer on a single cable, eliminating the need to install dedicated AC power lines. The 802.3at PoE+ standard that is currently in the marketplace delivers up to 25 watts of power to end devices. The next iteration of PoE is expected to provide up to 60 watts of power. Unlike USB, which provides power and data on a single connection, PoE permits long cable runs. USB has a useful range of around five meters; PoE can easily handle cable runs of up to 100 meters.
PoE devices can simplify the management of remote devices. For example, when a link state is lost on a fiber segment, it is useful to be able to remotely force the output power on the copper port to “off.”
PoE puts data, power and remote management on a single length of cable, making it one of data networking’s most important tools.
—Shane Duffy is the fiber and telecoms product manager at B&B Electronics.
Bottom line, smart credentials increase the security of the information kept on
a card and stored in a facility. In comparison to door keys, magnetic stripe cards
and proximity cards provide encrypted security of smart credentials, ensuring they
are far harder to counterfeit. Issuing only one smart credential impacts administrative
costs. Not only is the cost of a single credential lower than purchasing
multiple forms of ID, but the reduced management and distribution time for one
credential will have a significant impact on productivity.
It is impossible to put a dollar amount on the potential damage that an organization
could suffer by unauthorized individuals gaining access to restricted areas.
By issuing staff credentials with strong authentication mechanisms, organizations
are effectively investing in their well-being and demonstrating that they take security
seriously.
IT-approved
When presenting a smart card solution, be prepared for representatives from the
IT department to take notice. More security system decisions are being made with
input from the IT department, and there is an increased desire for the convergence
of physical and logical security access control.
IT professionals want strong authentication credentials; the same level of security
provided by smart cards. Contrary to proximity and magnetic stripe cards and
their readers, smart cards go through a challenge and response sequence to initiate
conversations with the network. Communications are encrypted using industrystandard
encryption techniques.
By welcoming their involvement, showing the ability to speak their language
and answer their questions, you will gain additional layers of approval within the
IT organization.
Smart Cards on Campus
Colleges have been out front in their
use of the smart, one-card solution.
Although many are using proximity
cards, they have been quickly migrating
to smart cards over the past couple
years. That’s because they can get applications
on a smart card more easily,
including:
- Identification;
- library circulation privileges;
- building access;
- meal plans and “dining-dollars;”
- student health facilities;
- access to recreational facilities;
- charge privileges at university bookstore
locations;
- admission to athletic events;
- university transit;
- access to student legal services;
- bankcard access to university services,
which eliminates the need to
carry money on campus; and
- holding a biometric template.
As those selecting smart cards have
found, there’s a caveat in deploying
smart cards. Choosing the right smart
card credential can make all the difference
when trying to use them with
applications other than access control.
Therefore, look for platforms that are
open format rather than those designed
for proprietary systems.
Open formats allow easy integration
into other applications with minimal
programming, speeding up the time
of deployment, reducing the cost of
implementation and giving organizations
more freedom to get the most out
of their investment. Open architecture
readers also let organizations use both
their current software and panels with
their new credentials. If down the road
the organization changes their software,
they can still use the readers.
Using Smart Phones
like Smart Cards
As Near Field Communication (NFC)
technology is now being added to a
growing number of mobile handsets to
enable access control, along with many
other applications, more and more organizations
are considering joining the
bring-your-own-device (BYOD) trend
by having their users deploy their own
smartphones and access control credentials.
It was projected that over 285
million NFC-enabled smart phones
were expected to be sold in 2013, and
over half the phones sold in 2015 will
be NFC capable.
NFC provides simplified transactions,
data exchange and wireless connections
between two devices that are
in close proximity to each other, usually
by no more than a few inches. As
an example, Allegion’s aptiQmobile
web-based key management system
allows NFC-enabled smart phones to
grant access to buildings and dorm
rooms as well as partake in other
badge ID applications.
To turn NFC-enabled smart phones
into an access control credential, allowing
people to use their smart phones to
enter buildings, users simply download
the aptiQmobile app to their smart
phone. Then, their access control administrator uses the aptiQmobile cloud service to
send a secure mobile credential directly to the user’s
phone. Once the mobile credential is downloaded,
users open the app and tap their smart phone to the
reader in the same way they use an ID card.
What to Do Today
For those customers already using aptiQ multi-technology
readers, there is no need to replace readers
to migrate to smart cards, smart phones or a combination
of the two. These readers work with magnetic
stripe, proximity and smart cards as well as the
NFC-enabled, mobile-phone-credentialed, all-in-one
reader, providing an easy migration path to upgrade
credentials between any of those versions at their own
pace. If non-smart access technology is being used,
multi-technology readers can be installed to help ease
into the transition by reading both ID badges and
smart phones. This also makes it easy for customers
to continue to operate in a hybrid world of cards and
mobile, if needed.
In addition, while the major carriers will ultimately
offer NFC card emulation/secure element solutions,
organizations wanting to use NFC-enabled
smartphones as access control credentials for employees
and students can begin the transition now.
The recently-introduced aptiQmobile secure peer-topeer
(P2P) NFC mode allows organizations to provide the convenience of using a mobile
device today.
This peer-to-peer solution provides
several advantages. It lets organizations
use NFC-enabled, Android
phones regardless of carrier choice,
creating a universal solution. It even
works on unlocked phones. Apple
iPhone users would continue using a
special case; but for many, its’ most
important advantage is that it allows
customers across multiple market segments
to deploy now.
Ability to use
Smart Credentials
Work is being done to give NFC-enabled
smart phones the ability to use
smart credentials. Members of the
aptiQ Alliance Program, consisting
of global companies that are using an
open-architecture, smart card technology
that extends the use of an access
control card or NFC-enabled smart
phone credential to an increasing number
of applications, have come together
to create an ecosystem of applications
that support aptiQ smart card technology.
End users will learn how they
can better leverage smart credentials
to build out an increasing number of
available solutions.
The aptiQ Developer Network offers
access to Allegion, a partner in the
Samsung Enterprise Alliance Program
(SEAP) that was created as an ecosystem
for Samsung to provide better
support to its various partners. Enterprise
solutions, such as aptiQmobile,
are an integral part of Samsung’s goto-
market strategy. Allegion resources
will work closely with the developers
to help write the appropriate interface
between their software and Allegion’s
cloud-based, aptiQmobile service. As
a result, developers will be able to give
their current software programs the
ability to issue mobile credentials.
Also, by enabling Pinsight Touch,
the first nationwide open platform from
Sprint’s Pinsight Media+ for securely
storing and accessing credentials on a
mobile device, aptiQmobile will help
open up even more possibilities for the
access control market.
It is very important that organizations
prepare for smart credential and
NFC deployment, even if they want
to install proximity, magnetic stripe
or keypad readers at present. Integrators
can help their customers by
proposing multi-technology readers
that combine the ability to read magnetic
stripe, proximity, smart cards and
NFC-enabled smart phones. That way,
when the group switches over to smart
credentials, they don’t have to tear out
all their old readers to install smart credential
readers; and during the transition,
they can use both their old magnetic
stripe and proximity credentials
along with the new
smart credential.
This article originally appeared in the February 2014 issue of Security Today.