Hybrid Credentials

Be it a card or a mobile phone, credentials will be smart

There are three major initiatives for cards and credentials on college and healthcare campuses that every security director needs to be aware of:

1. Smart cards are becoming the credential of choice. If you currently use magnetic stripe or proximity cards, start planning for the switchover now.

2. It’s going to be a hybrid world. Although smart cards will be the credential of choice, multiple types of credentials, such as key systems, PINs and various types of cards and biometrics, will still be necessary for certain operations. Adding special credentials is possible, and even though you may be using multiple credentials, you still will want one system to manage all of them.

3. Get ready for new technologies, such as NFC (near field communications). With NFC-enabled smartphones, students and staff will be able to use their own smartphones as access credentials, just like they would use smart cards.

A smart credential, at about the same price as a proximity card, provides a higher level of security, more convenience and far greater functionality. As used on campuses and in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely. Plus issuing only one smart credential favorably impacts administrative costs. Not only is the cost of a single credential less than purchasing multiple forms of ID, but the reduced management and distribution time for one credential will have a significant impact on productivity.

For instance, MIFARE DESFire EV1 smart cards offer several different layers of security including mutual authentication that creates the ability for the client to verify or authenticate the server. These smart credentials will also provide AES 128-bit encryption, a key encryption technique that helps protect sensitive information as well as diversified keys that virtually ensure no one can read or access the holder’s credential information without authorization. They provide message authentication code (MAC) that further protects each transaction between the credential and the reader by ensuring complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks. Therefore, smart credentials increase the security of information kept on a card and stored in a facility.

IT Approved

When presenting a smart card solution, know that representatives from the IT department will probably take notice in a positive manner as more security system decisions are being made with input from the IT department. One reason is to meet the increased desire for the convergence of physical and logical security access control.

IT professionals want strong authentication credentials, the level of security provided by smart cards. Communications are encrypted using industry-standard, encryption techniques. By welcoming their involvement and showing the ability to speak their language and answer their questions, you will gain additional layers of approval within the IT department.

Smart Cards and Smartphones

Colleges have been outspoken in their use of the one smart card solution. Although many are still using proximity cards, they have been quickly migrating to smart cards over the past couple of years mainly because they can get applications on a smart card more easily, including identification, library circulation privileges, building access, meal plans, bankcard access to university services, holding a biometric template, among others.

Choosing the right smart card credential, however, can make all the difference when trying to use them with applications other than access control. Look for platforms that are open format rather than those designed for proprietary systems. Open formats allow for easy integration into other applications with minimal programming that speeds up the time of deployment while reducing the cost of implementation, giving organizations more freedom to get the most out of their investment. Open architecture readers also let organizations use both their present software and panels with their new credentials. If down the road they change their software, they can still use the readers.

NFC Technology

As Near Field Communications (NFC) technology is now being added to a growing number of mobile handsets to enable access control and many other applications, more organizations are considering joining the bring your own device (BYOD) trend and having their users deploy their own smartphones and access control credentials. It was projected that more than 285 million NFC-enabled smartphones were expected to be sold in 2013 and over half the phones sold in 2015 will be NFC-capable.

NFC provides simplified transactions, data exchange and wireless connections between two devices that are in close proximity to each other, usually by no more than a few inches.

As an example, Allegion’s aptiQmobile web-based credential management system allows NFC-enabled smartphones to grant access to buildings and dorm rooms as well as partake of other badge ID applications. To turn NFC-enabled smartphones into an access control credential, allowing people to use their smartphones to enter buildings in the same way they present a badge ID, users simply download the aptiQmobile app to their smartphone. Then, their access control administrator uses the aptiQmobile cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smartphone to the reader in the same way they use an ID card.

Verifying Who Is at the Door

For those situations in which the campus needs additional verification to confirm access (above someone having the appropriate smart card or smartphone), biometrics handles this challenge.

Healthcare facilities biometrics. On university healthcare campuses, physicians are not likely to always have their badges, but with a hand geometry reader, all they need to remember is an issued PIN code. From a security standpoint, hand geometry readers provide secure, tracked access that protects staff, patients, visitors and records in highly-secured hospital areas such as the pharmacy, patient records, labs and surgery rooms.

Identification Verification

At a major hospital in the southern United States, 39 Schlage Hand- Key terminals heighten security for patients and 3,500 employees on a 61-acre main hospital campus. These terminals are used in the birth center, IT data center and other major IT areas, the operating rooms and the emergency department.

University facilities biometrics. Data from independent research, Effective Management of Safe & Secure Openings & Identities, showed that 10 percent of colleges are already using biometrics. Besides residence halls, one of the most popular venues for biometrics is the recreational facility.

The University of California-Irvine, with 22,000 students, is an example. Plus this recreational facility doesn’t face the problem of students transferring an ID card to a friend.

“The number one suggestion from our members was eliminating the need for ID cards,” said Jlil Schindele, director of campus recreation at the University of California-Irvine. “We took their suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”

Students throughout the nation appreciate the added security and convenience of not worrying about lost, stolen or borrowed credentials. Biometrics also are popular at dining halls where they limit access to students who have paid for the meal plan and at computer labs where only those authorized to enter can do so, protecting sensitive equipment and information.

What to Do Today

For those campuses already using aptiQ multi-technology readers, there is no need to replace readers for migration. These all-in-one readers work with proximity and smart cards as well as the NFCenabled mobile phone credential, providing an easy migration path to upgrade credentials between any of those versions at their own pace. If non-smart access technology is being used, multi-technology readers can be installed to help ease into the transition by reading both the ID badges and the smartphones. This makes it easy for customers to continue to operate in a hybrid world of cards and mobile, if needed.

In addition, while the major carriers will ultimately offer NFC card emulation/secure element solutions, organizations wanting to use NFC-enabled smartphones as their access control credentials for employees and students can begin the transition now. The recently introduced aptiQmobile secure peer-to-peer (P2P) NFC mode lets organizations provide the convenience of using a mobile device today.

This secure, peer-to-peer solution provides several advantages. It lets organizations use NFC-enabled Android phones, regardless of carrier, to create a universal solution that even works on unlocked phones. Apple iPhone users would continue using a special case to enable their phones. But, for many, its most important advantage is that it lets customers across multiple market segments deploy now.

It is very important that campuses prepare for smart credential and NFC deployment while embracing when to deploy biometrics, even if that facility wants to install proximity, magnetic stripe or keypad readers at present. If a new reader is needed, select multi-technology readers that combine the ability to read magnetic stripe, proximity, smart cards and NFC-enabled smartphones in a single unit. That way, when the campus switches over to smart credentials, it won’t have to tear out all the old readers to install smart credential readers; and during the transition, the campus can use both their old magnetic stripe and proximity credentials along with the new smart credentials.

This article originally appeared in the July 2014 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3