Hybrid Credentials
Be it a card or a mobile phone, credentials will be smart
- By Jeremy Earles
- Jul 01, 2014
There are three major initiatives for cards
and credentials on college and healthcare
campuses that every security director needs
to be aware of:
1. Smart cards are becoming the credential of choice. If you currently
use magnetic stripe or proximity cards, start planning for the
switchover now.
2. It’s going to be a hybrid world. Although smart cards will be the
credential of choice, multiple types of credentials, such as key systems,
PINs and various types of cards and biometrics, will still be necessary
for certain operations. Adding special credentials is possible, and even
though you may be using multiple credentials, you still will want one
system to manage all of them.
3. Get ready for new technologies, such as NFC (near field communications).
With NFC-enabled smartphones, students and staff will be
able to use their own smartphones as access credentials, just like they
would use smart cards.
A smart credential, at about the same price as a proximity card,
provides a higher level of security, more convenience and far greater
functionality. As used on campuses and in newer access control systems,
smart credentials have the ability to manage access, payments
and many other functions much more securely. Plus issuing only one
smart credential favorably impacts administrative costs. Not only is
the cost of a single credential less than purchasing multiple forms of
ID, but the reduced management and distribution time for one credential
will have a significant impact on productivity.
For instance, MIFARE DESFire EV1 smart cards offer several different
layers of security including mutual authentication that creates
the ability for the client to verify or authenticate the server. These
smart credentials will also provide AES 128-bit encryption, a key
encryption technique that helps protect sensitive information as
well as diversified keys that virtually ensure no one can read or
access the holder’s credential information without authorization.
They provide message authentication code (MAC) that further protects
each transaction between the credential and the reader by
ensuring complete and unmodified transfer of information, helping
to protect data integrity and prevent outside attacks. Therefore,
smart credentials increase the security of information kept on a card
and stored in a facility.
IT Approved
When presenting a smart card solution, know that representatives
from the IT department will probably take notice in a positive manner
as more security system decisions are being made with input from the
IT department. One reason is to meet the increased desire for the
convergence of physical and logical security access control.
IT professionals want strong authentication credentials, the level of
security provided by smart cards. Communications are encrypted
using industry-standard, encryption techniques. By welcoming their
involvement and showing the ability to speak their language and
answer their questions, you will gain additional layers of approval
within the IT department.
Smart Cards and Smartphones
Colleges have been outspoken in their use of the one smart card solution.
Although many are still using proximity cards, they have been
quickly migrating to smart cards over the past couple of years mainly
because they can get applications on a smart card more easily, including
identification, library circulation privileges, building access, meal
plans, bankcard access to university services, holding a biometric template,
among others.
Choosing the right smart card credential, however, can make all the
difference when trying to use them with applications other than access
control. Look for platforms that are open format rather than those
designed for proprietary systems. Open formats allow for easy integration
into other applications with minimal programming that speeds up
the time of deployment while reducing the cost of implementation,
giving organizations more freedom to get the most out of their investment.
Open architecture readers also let organizations use both their
present software and panels with their new credentials. If down the
road they change their software, they can still use the readers.
NFC Technology
As Near Field Communications (NFC) technology is now being added
to a growing number of mobile handsets to enable access control and
many other applications, more organizations are considering joining the
bring your own device (BYOD) trend and having their users deploy their
own smartphones and access control credentials. It was projected that
more than 285 million NFC-enabled smartphones were expected to be
sold in 2013 and over half the phones sold in 2015 will be NFC-capable.
NFC provides simplified transactions, data exchange and wireless
connections between two devices that are in close proximity to each
other, usually by no more than a few inches.
As an example, Allegion’s aptiQmobile web-based credential management
system allows NFC-enabled smartphones to grant access to
buildings and dorm rooms as well as partake of other badge ID applications.
To turn NFC-enabled smartphones into an access control credential,
allowing people to use their smartphones to enter buildings in
the same way they present a badge ID, users simply download the
aptiQmobile app to their smartphone. Then, their access control
administrator uses the aptiQmobile cloud service to send a secure
mobile credential directly to the user’s phone. Once the mobile credential
is downloaded, users open the app and tap their smartphone to the
reader in the same way they use an ID card.
Verifying Who Is at the Door
For those situations in which the campus needs additional verification
to confirm access (above someone having the appropriate smart card
or smartphone), biometrics handles this challenge.
Healthcare facilities biometrics. On university healthcare campuses,
physicians are not likely to always have their badges, but with a
hand geometry reader, all they need to remember is an issued PIN
code. From a security standpoint, hand geometry readers provide
secure, tracked access that protects staff, patients, visitors and records
in highly-secured hospital areas such as the pharmacy, patient records,
labs and surgery rooms.
Identification Verification
At a major hospital in the southern United States, 39 Schlage Hand-
Key terminals heighten security for patients and 3,500 employees on a
61-acre main hospital campus. These terminals are used in the birth
center, IT data center and other major IT areas, the operating rooms
and the emergency department.
University facilities biometrics. Data from independent research,
Effective Management of Safe & Secure Openings & Identities, showed
that 10 percent of colleges are already using biometrics. Besides residence
halls, one of the most popular venues for biometrics is the recreational
facility.
The University of California-Irvine, with 22,000 students, is an
example. Plus this recreational facility doesn’t face the problem of students
transferring an ID card to a friend.
“The number one suggestion from our members was eliminating
the need for ID cards,” said Jlil Schindele, director of campus recreation
at the University of California-Irvine. “We took their suggestions
seriously and feel that hand geometry is the fastest and most efficient
alternative to identification cards.”
Students throughout the nation appreciate the added security and
convenience of not worrying about lost, stolen or borrowed credentials.
Biometrics also are popular at dining halls where they limit
access to students who have paid for the meal plan and at computer
labs where only those authorized to enter can do so, protecting sensitive
equipment and information.
What to Do Today
For those campuses already using aptiQ multi-technology readers,
there is no need to replace readers for migration. These all-in-one
readers work with proximity and smart cards as well as the NFCenabled
mobile phone credential, providing an easy migration path to
upgrade credentials between any of those versions at their own pace. If
non-smart access technology is being used, multi-technology readers
can be installed to help ease into the transition by reading both the ID
badges and the smartphones. This makes it easy for customers to continue
to operate in a hybrid world of cards and mobile, if needed.
In addition, while the major carriers will ultimately offer NFC card
emulation/secure element solutions, organizations wanting to use
NFC-enabled smartphones as their access control credentials for
employees and students can begin the transition now. The recently
introduced aptiQmobile secure peer-to-peer (P2P) NFC mode lets
organizations provide the convenience of using a mobile device today.
This secure, peer-to-peer solution provides several advantages. It
lets organizations use NFC-enabled Android phones, regardless of carrier,
to create a universal solution that even works on unlocked phones.
Apple iPhone users would continue using a special case to enable their
phones. But, for many, its most important advantage is that it lets customers
across multiple market segments deploy now.
It is very important that campuses prepare for smart credential and
NFC deployment while embracing when to deploy biometrics, even if
that facility wants to install proximity, magnetic stripe or keypad readers
at present. If a new reader is needed, select multi-technology readers
that combine the ability to read magnetic stripe, proximity, smart
cards and NFC-enabled smartphones in a single unit. That way, when
the campus switches over to smart credentials, it won’t have to tear out
all the old readers to install smart credential readers;
and during the transition, the campus can use
both their old magnetic stripe and proximity credentials
along with the new smart credentials.
This article originally appeared in the July 2014 issue of Security Today.