Kicking it up a leve

Kicking It Up a Level

How new credentials and biometrics are helping protect people and property better

An employee at a particular major teaching hospital carries a magnetic stripe card with two barcodes on the lanyard. In addition, the employee must remember two different PINs and carry a proximity card for the institution’s other facility. That doesn’t make sense.

A credential is what you use to identify yourself to a system. Whether it’s a key, a card or a biometric, your credential can provide access to spaces or services within your facility. For system managers, card-based credentials offer a solution that is easier to manage than keys and harder to duplicate than PINs. Managers can easily assign and revoke access privileges, or alter a single user’s access privileges without affecting the entire population of users.

With card-based access, the threat of unauthorized keys and shared PIN codes is eliminated. In facilities that require permission to multiple systems, card-based credentials offer the potential to consolidate technologies across multiple systems, enabling users to carry one credential to achieve multiple activities.

However, today’s typical access control system was, in all too many cases, installed in stages. As a result, it is made up of different brands and disparate products that often do not integrate into the same system or talk with one another. Too many of today’s systems require many separate databases and a plethora of software interfaces that create confusion, lower the level of security within the facility, and decrease staff productivity for the customer and the installer.

Not only are such scenarios cumbersome for the employees, they drive the physical access control management crazy. And on the horizon sits the IT department, becoming more and more prevalent in access control hardware and software purchases. They shouldn’t put up with it.

In addition, not all card technologies are the same. Some card credentials are a great deal more secure than others. So, with this is mind, what’s the outlook for the future in IDs, biometrics and credentials?

Smart Cards Are the Future

We used to think that Homeland Security Presidential Directive 12 (HSPD- 12) would fuel smart card use in the government and accelerate adoption by large enterprises because HSPD-12 seeks to establish secure and reliable identification for all federal employees and contractors. Because federal mandates tend to have a cascading effect, this directive would have a huge significance: State and local governments, as well as first responders, would become major buyers of FIPS 201-compliant smart cards as they follow the federal initiatives. Private contractors would have to follow.

But organizations have bigger and more important reasons for choosing smart credentials, and there is no reason not to deploy smart cards immediately, even if the only application is to ensure physical access control. Organizations need smart credentials that work for them today and give them the flexibility to add applications in the future. After all, it is simply too easy for unauthorized people to duplicate and use another person’s proximity card.

Smart cards provide a higher level of security, more convenience and far greater functionality than proximity cards do for a comparable price. In addition, these smart cards have the ability to manage access, payments and many other functions.

Unlike proximity cards, smart cards using MIFARE DESFire EV1 technology offer several different layers of security, including mutual authentication, which ensures that the reader and the card are allowed to talk with each other before any information is exchanged. They also provide AES 128-bit encryption, a key encryption technique that helps protect sensitive information. They additionally supply diversified keys, which virtually ensure no one can read or access the holder’s credentials information without authorization. A message authentication code further protects each transaction between the credential and the reader, ensuring complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks.

Thus, smart cards provide groups with a way to increase the security of their access control solution today while providing a pathway to other smart credential applications. For that reason, although organizations might currently be using proximity, they are quickly migrating to smart credentials because they can incorporate a multitude of applications on a smart card more easily.

Besides access control, popular smart credential applications include identification, check-out verification, company cafeteria charges, access to recreational facilities, charge privileges at various locations, admission to events, transit passes, service access, bankcard service and biometric template holding.

The Bottom Line on Smart Cards

It is important that organizations be prepared for smart credential deployment, even if their facility wants to install proximity, magnetic stripe or keypad readers at present. Integrators can help customers by proposing multitechnology readers that combine the ability to read both proximity cards and smart cards. That way, when the group switches over to smart cards, it doesn’t have to tear out its old readers to install smart card readers. During the transition, the group can use both its old proximity credential and the new smart credential.

Also, ensure the new credential readers are open-architecture. Save money by using the existing access control system, if at all possible. Open architecture readers will let groups use both their current software and panels with their new credentials. If, down the road, the group changes its software, it can still use these readers.

Biometrics—Making Security Include Who You Are

Biometrics are automated methods of recognizing an individual based on unique physical characteristics. Biometric technologies, like hand geometry and fingerprinting, enable a facility manager to ensure that only verified users have access to a facility at authorized times. Biometrics provides the highest level of assurance that the actual authorized individual, rather than just the authorized key, card or code, has access to a secure facility. Because of the versatility of biometric technologies, you will find them used in universities, data centers, day care centers, airports, healthcare facilities and government buildings—any place where resources, lives or sensitive information require the highest levels of security.

If access control systems are to control where people, not credentials, can and cannot go, then only a biometric device truly provides this capability. Most people are familiar with the idea that biometrics are used in high-security venues such as data centers, nuclear plants and laboratories. However, many find it surprising that their biggest deployments are where they are chosen for convenience.

Biometrics are user-friendly. First of all, they can eliminate the need for keys or cards. While keys themselves don’t cost much and dramatic price reductions have lowered the capital cost of the cards in recent years, the true benefit of eliminating them is realized through reduced administrative efforts. For instance, an administrator must replace and reissue a lost card. Lost keys not only require replacement, but they also create the need for replacing the cylinders for all the openings that the lost key accessed. Thus, when taken together, the overall administration of a key or card system is costly. Hands and fingers are not stolen or forgotten. They also don’t wear out or need to be replaced.

“The number-one suggestion from our members was eliminating the need for ID cards,” said Director of Campus Recreation Jill Schindele at the University of California-Irvine. “We took [these] suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”

Secondly, biometrics are easy to administer, install and maintain. Replacing card readers, in many cases, is simply an unplug-plug-and-play operation. Hand geometry readers, especially, get people into buildings and rooms quickly. They include a variety of options, such as letting an employee quickly check accrued vacation time. Plus, it is easy to control threshold levels, allowing administrators to implement tight access control in a nuclear power plant and loose access at a spa. At the University of Georgia, biometric palm readers control access to campus housing. “Housing basically has an electrified door system,” said Bill McGee, formerly the manager of the Bulldog Bucks office blackboard transaction system at University of Georgia card services. “Any door can be opened from the control desk or remote desks around campus. We also have cameras on the doors. By adding the [palm reader] HandKey, we go from an access control system to a security access system. We feel that this is an important attribute. By simply putting one HandKey at an entrance, an organization can turn that door into a security system in its simplest form at a low cost.”

According to McGee, eliminating re-keying upon lost or stolen keys and students or employees leaving the university is especially important for larger institutions. With 800 people in a dormitory, re-keying would be both cost-prohibitive and a logistical nightmare.

As a result of so many biometric implementations that took place on college campuses during the last decade—in addition to the countless campuses that already had been using biometrics for years—in the residence halls, dining halls, and recreation centers, the industry has created thousands upon thousands of future prospects that see biometrics as a tool to be trusted for its security and convenience rather than equipment to be feared as “futuristic” or worrisome.

Tightening the ID Process Is Now a Two-Step Procedure

Most people will agree with Gary Conley, the University of Virginia’s facilities and systems engineer for the office of business operations, that simply running a magnetic stripe card or entering a PIN is not enough in today’s world. A lost card or found PIN should not be the ticket for unauthorized users to enter places they don’t belong.

That’s why two-step/multi-factor authentication is becoming more common. Indeed, it has been one major selling point in the phenomenal growth of biometrics over the past several years in which a PIN or card is used to bring up the biometric template that must be matched. Using smart cards in conjunction with biometrics raises the security level.

That’s because a single smart card can store both the user’s ID number and biometric template. Because of this, there is no need to distribute hand templates across a network of readers or require the access control system to manage biometric templates. This means integration to any existing access control application is greatly simplified, eliminating extra network infrastructure costs. Because the template resides only on the card, the solution also eases individual privacy concerns.

Providing the best of smart cards and biometrics, the solution provides dual authentication by requesting both the right card and the right person. A smart card reader is attached to or embedded into the biometric reader. A plastic cardholder is affixed to the side of the unit. The verification process takes approximately one second.

With the hand reader, the hand template requires only nine bytes to define the hand, the smallest in the biometric industry. This ensures fast response times and that the smart card can maximize its benefits by offering users increased room for other applications. In addition, the implementation supports multiple secure applications on the smart cards. Possible applications include the storage of additional information to allow for secure log on to a PC or laptop and accessing the company’s network.

Help That Hospital Employee

Today, it is much more efficient, economical and secure to have the initially mentioned teaching hospital’s employee carry a smart card that provides a variety of applications, including a biometric template. It can provide the employee with access to the areas of the hospital to which the person is authorized, including the biometrically secured pharmacy and other similarly secure locations, making the job easier, adding to employee productivity and helping the hospital become more secure. The same would be true if the employee were a student or staffer on the campus proper, or if he or she worked in an office building.

This article originally appeared in the August 2011 issue of Security Today.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus

Digital Edition

  • Security Today Magazine - September 2018

    September 2018

    Featuring:

    • Cash in Transit
    • Processing Security
    • Bigger is Getting Better
    • Growing Adoption
    • Seeing the Potential

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management
  • Campus Security & Life Safety