Increasing Security with Smart Credentials

Increasing Security with Smart Credentials

Prepare for smart credential and NFC deployment now

  • By Jeremy Earles
  • Feb 01, 2014

Increasing Security with Smart CredentialsFor about the same price, a smart credential provides a higher level of security, more convenience and far greater functionality than a proximity card. As used on college campuses and in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely.

For instance, MIFARE DESFire EV1 smart cards offer several different layers of security including:

  • Mutual authentication that creates the ability for the client to verify or authenticate the server;
  • AES 128-bit encryption, a key encryption technique that helps protect sensitive information;
  • diversified keys that virtually ensure no one can read or access the holder’s credential information without authorization; and
  • message authentication code (MAC) that further protects each transaction between the credential and the reader by ensuring complete and unmodified transfer of information, helping to protect data integrity and outside attacks.

Power over Ethernet Simplifies Security Applications

By Shane Duffy

As the network edge expands to include increasingly remote locations, more security system designersare specifying Power over Ethernet (PoE) as part of their network topographies. For example, imagine a remote security camera in an outdoor installation. Of course, it will need a data communications connection, but if it’s going to transmit useful video in inclement weather, it will also need a wiper for the lens, a pump for the cleaning solution and a heater to deal with frost, snow and condensation.

All of these elements require power; yet, standard Ethernet equipment will only provide the remote installation with a data connection. If no local power source is available, a separate line for power must be installed.

However, there’s a more efficient and less expensive way to go about it.

PoE provides power and data transfer on a single cable, eliminating the need to install dedicated AC power lines. The 802.3at PoE+ standard that is currently in the marketplace delivers up to 25 watts of power to end devices. The next iteration of PoE is expected to provide up to 60 watts of power. Unlike USB, which provides power and data on a single connection, PoE permits long cable runs. USB has a useful range of around five meters; PoE can easily handle cable runs of up to 100 meters.

PoE devices can simplify the management of remote devices. For example, when a link state is lost on a fiber segment, it is useful to be able to remotely force the output power on the copper port to “off.”

PoE puts data, power and remote management on a single length of cable, making it one of data networking’s most important tools.

—Shane Duffy is the fiber and telecoms product manager at B&B Electronics.

Bottom line, smart credentials increase the security of the information kept on a card and stored in a facility. In comparison to door keys, magnetic stripe cards and proximity cards provide encrypted security of smart credentials, ensuring they are far harder to counterfeit. Issuing only one smart credential impacts administrative costs. Not only is the cost of a single credential lower than purchasing multiple forms of ID, but the reduced management and distribution time for one credential will have a significant impact on productivity.

It is impossible to put a dollar amount on the potential damage that an organization could suffer by unauthorized individuals gaining access to restricted areas. By issuing staff credentials with strong authentication mechanisms, organizations are effectively investing in their well-being and demonstrating that they take security seriously.

IT-approved

When presenting a smart card solution, be prepared for representatives from the IT department to take notice. More security system decisions are being made with input from the IT department, and there is an increased desire for the convergence of physical and logical security access control.

IT professionals want strong authentication credentials; the same level of security provided by smart cards. Contrary to proximity and magnetic stripe cards and their readers, smart cards go through a challenge and response sequence to initiate conversations with the network. Communications are encrypted using industrystandard encryption techniques.

By welcoming their involvement, showing the ability to speak their language and answer their questions, you will gain additional layers of approval within the IT organization.

Smart Cards on Campus

Colleges have been out front in their use of the smart, one-card solution. Although many are using proximity cards, they have been quickly migrating to smart cards over the past couple years. That’s because they can get applications on a smart card more easily, including:

  • Identification;
  • library circulation privileges;
  • building access;
  • meal plans and “dining-dollars;”
  • student health facilities;
  • access to recreational facilities;
  • charge privileges at university bookstore locations;
  • admission to athletic events;
  • university transit;
  • access to student legal services;
  • bankcard access to university services, which eliminates the need to carry money on campus; and
  • holding a biometric template.

As those selecting smart cards have found, there’s a caveat in deploying smart cards. Choosing the right smart card credential can make all the difference when trying to use them with applications other than access control. Therefore, look for platforms that are open format rather than those designed for proprietary systems.

Open formats allow easy integration into other applications with minimal programming, speeding up the time of deployment, reducing the cost of implementation and giving organizations more freedom to get the most out of their investment. Open architecture readers also let organizations use both their current software and panels with their new credentials. If down the road the organization changes their software, they can still use the readers.

Using Smart Phones like Smart Cards

As Near Field Communication (NFC) technology is now being added to a growing number of mobile handsets to enable access control, along with many other applications, more and more organizations are considering joining the bring-your-own-device (BYOD) trend by having their users deploy their own smartphones and access control credentials. It was projected that over 285 million NFC-enabled smart phones were expected to be sold in 2013, and over half the phones sold in 2015 will be NFC capable.

NFC provides simplified transactions, data exchange and wireless connections between two devices that are in close proximity to each other, usually by no more than a few inches. As an example, Allegion’s aptiQmobile web-based key management system allows NFC-enabled smart phones to grant access to buildings and dorm rooms as well as partake in other badge ID applications.

To turn NFC-enabled smart phones into an access control credential, allowing people to use their smart phones to enter buildings, users simply download the aptiQmobile app to their smart phone. Then, their access control administrator uses the aptiQmobile cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smart phone to the reader in the same way they use an ID card.

What to Do Today

For those customers already using aptiQ multi-technology readers, there is no need to replace readers to migrate to smart cards, smart phones or a combination of the two. These readers work with magnetic stripe, proximity and smart cards as well as the NFC-enabled, mobile-phone-credentialed, all-in-one reader, providing an easy migration path to upgrade credentials between any of those versions at their own pace. If non-smart access technology is being used, multi-technology readers can be installed to help ease into the transition by reading both ID badges and smart phones. This also makes it easy for customers to continue to operate in a hybrid world of cards and mobile, if needed.

In addition, while the major carriers will ultimately offer NFC card emulation/secure element solutions, organizations wanting to use NFC-enabled smartphones as access control credentials for employees and students can begin the transition now. The recently-introduced aptiQmobile secure peer-topeer (P2P) NFC mode allows organizations to provide the convenience of using a mobile device today.

This peer-to-peer solution provides several advantages. It lets organizations use NFC-enabled, Android phones regardless of carrier choice, creating a universal solution. It even works on unlocked phones. Apple iPhone users would continue using a special case; but for many, its’ most important advantage is that it allows customers across multiple market segments to deploy now.

Ability to use Smart Credentials

Work is being done to give NFC-enabled smart phones the ability to use smart credentials. Members of the aptiQ Alliance Program, consisting of global companies that are using an open-architecture, smart card technology that extends the use of an access control card or NFC-enabled smart phone credential to an increasing number of applications, have come together to create an ecosystem of applications that support aptiQ smart card technology. End users will learn how they can better leverage smart credentials to build out an increasing number of available solutions.

The aptiQ Developer Network offers access to Allegion, a partner in the Samsung Enterprise Alliance Program (SEAP) that was created as an ecosystem for Samsung to provide better support to its various partners. Enterprise solutions, such as aptiQmobile, are an integral part of Samsung’s goto- market strategy. Allegion resources will work closely with the developers to help write the appropriate interface between their software and Allegion’s cloud-based, aptiQmobile service. As a result, developers will be able to give their current software programs the ability to issue mobile credentials.

Also, by enabling Pinsight Touch, the first nationwide open platform from Sprint’s Pinsight Media+ for securely storing and accessing credentials on a mobile device, aptiQmobile will help open up even more possibilities for the access control market.

It is very important that organizations prepare for smart credential and NFC deployment, even if they want to install proximity, magnetic stripe or keypad readers at present. Integrators can help their customers by proposing multi-technology readers that combine the ability to read magnetic stripe, proximity, smart cards and NFC-enabled smart phones. That way, when the group switches over to smart credentials, they don’t have to tear out all their old readers to install smart credential readers; and during the transition, they can use both their old magnetic stripe and proximity credentials along with the new smart credential.

This article originally appeared in the February 2014 issue of Security Today.

Featured

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

  • Report: 78 Percent of CISOs Seeing Significant Impact from AI-Powered Cyber Threats

    Darktrace recently unveiled its 2025 State of AI Cybersecurity report. The findings reveal that 78% of Chief Information Security Officers (CISOs) surveyed say that AI-powered threats are having a significant impact on their organizations, a 5% increase1 from 2024. While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills and a shortage of personnel and talent continue to be listed as the two top inhibitors to a successful defense. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.