Providing Access
Integrator collaborator creates major healthcare security solution
- By Scott Lindley
- Mar 01, 2017
A Michigan based health care provider that features two
main campuses and has dozens of remote and satellite
care centers had, for years, deployed a magnetic
stripe card-based Galaxy Control Systems access
control system integrated, installed and serviced by
VidCom Solutions in Lansing. The system included both ID badging
and video integration.
“The system kept expanding and, ultimately, the end user decided
to update the system to the latest Galaxy platform and, simultaneously,
upgrade from magnetic stripe to 125 kHz proximity cards and
readers,” said Greg Simmer, president/owner of VidCom Solutions.
“By this time, the size of the system was impressive, having grown to
more than 1,000 doors and 40,000 card holders.”
“After contacting Galaxy Control Systems and Farpointe Data, the
industry OEM for RFID-based access cards and readers, a bid was
submitted for changing out the installed magnetic stripe card system.
“ “Since the transition would happen over time, our quote to Vid-
Com included Farpointe’s combination proximity/magnetic stripe
cards,” executive vice president of Galaxy, Rick Caruthers said.
“Greatly simplifying the administration of the change-over, this
would allow employees to use their new card on the legacy magnetic
stripe readers and, once the new proximity readers were installed, to
keep using the same card.
““Our team secured the deal and, as always on a win, we were
ready to celebrate when I got a call from the customer,” Simmer
said. “When they told us to tear up the P.O., I almost swallowed my
tongue. However, this surprise was followed by learning they were
still going ahead with the upgrade but they wanted to future proof
the hospital system by moving to contactless smart cards. That made
me feel much better.”
Hospital Required Heightened Security
It turned out that this health care provider wanted to create a onecard
solution leveraging the use of 13.56MHz technology to ultimately
support a cashless medical campus, eliminating internal security
threats while facilitating higher levels of security. Among the
functions of the new system would be secure reads of access data
with the ability to utilize the remaining sectors and secure storage for
other identification uses in applications other than electronic access
control at doors.
“Realizing the new request for even tighter security, we went beyond
simply bidding smart cards,” Simmer said. “We thoroughly explained
the built-in encryption features of the cards and also added a
major security option that Farpointe offers, MAXSecure.”
“Simmer explained that many customers have heard that smart
cards are more secure than proximity cards but don’t know why. He
feels that integrators that explain the importance of MIFARE, and
in particular DESFire EV1 technology, will always have a step up on
integrators that don’t.
“That’s because a 13.56MHz contactless smart card based upon
DESFire EV1 uses 128 bit AES encryption, the same as used by the
U.S. federal government. DESFire EV1 is based on open global standards
for both air interface and cryptographic methods. It is normally
compliant to all 4 levels of ISO/IEC 14443A and can make use
of optional ISO/IEC 7816-4 commands.
“Smart cards with MIFARE DESFire EV1 protection are ideal
for sales to large health care service networks, such as the Michigan
provider we service, wanting to use secure multi-application smart
cards in access management or closed-loop e-payment applications,”
Simmer said. “They fully comply with the requirements for fast and
highly secure data transmission, flexible memory organization and
interoperability with existing infrastructures.”
“Featuring an on-chip backup management system and mutual
three pass authentication, a DESFire EV1 card can typically hold up
to 28 different applications and 32 files per application. The size of
each file is defined at the moment of its creation, making DESFire
EV1 a truly flexible and convenient product platform. Additionally,
an automatic anti-tear mechanism is available for all file types, which
helps guarantee transaction oriented data integrity. With DESFire
EV1, data transfer rates up to 848 kbit/s can be achieved, allowing
fast data transmission.
““Adding MAXSecure to the card makes
it even more secure,” Simmer said. “MAXSecure
provides a high-security handshake,
or code, between the card, tag and reader to
help prevent credential duplication and ensure
that customer’s smart card readers will
only collect data from the hospital’s specially
coded credentials. In the MAXSecure electronic
access control scenario, no other company
will have the reader/card combination
that our customer gets from us. Only their
exclusive reader will be able to read their exclusive
card or tag and their reader will read
no other card or tag.”
“Once more, VidCom Solutions won the
job with the health care provider purchasing
the MIFARE printable contactless smart
cards with embedded magnetic stripe to facilitate
change-over and further protected by
MAXSecure. Quickly after the upgrade, they
also wanted to set up an identification and
a payroll deduction scheme for purchases
made in the cafeterias. For this application to
function properly, they would need a combo
keypad unit that could read credentials and
further validate with a pin.
““This was easily solved by using Farpointe’s
Delta 6.4 combo contactless smart
card reader/keypad unit at each cash register
station,” Simmer said. “The tricky part
was the integration with the health care provider’s
payroll system. To do this, Farpointe
assisted us in enlisting the help of another
Farpointe partner, Cypress Computer Systems
in Lapeer, Mich. Cypress provided the
communication middleware to satisfy the desired
function.”
50,000 Users Across
1,750 Access Points
Today, operating on the Galaxy Control Systems
models 500, 600 and 635, the Michiganbased
health care provider controls approximately
1750 access points, 50,000 users and
850 cameras, as well as effectively integrating
badging, a payroll deduction application
and intrusion systems. In addition, there are
some 50 remote sites that tie into the system
with credential interaction between sites.
“Maintaining a site of this scope can be
a full time job in itself,” Simmer said. “For
life safety reasons, we are on call around the
clock. In addition, this is a very functional
system as it is being used 24/7, 365 days a
year. With this kind of wear and tear, there is
a huge demand on the deployed equipment.
Quality is critical. We heavily rely on the
valued support we receive
from our suppliers
to help us with any new
challenges and technology.
Our vendors have
been awesome.”
This article originally appeared in the March 2017 issue of Security Today.