Kicking it up a leve

Kicking It Up a Level

How new credentials and biometrics are helping protect people and property better

An employee at a particular major teaching hospital carries a magnetic stripe card with two barcodes on the lanyard. In addition, the employee must remember two different PINs and carry a proximity card for the institution’s other facility. That doesn’t make sense.

A credential is what you use to identify yourself to a system. Whether it’s a key, a card or a biometric, your credential can provide access to spaces or services within your facility. For system managers, card-based credentials offer a solution that is easier to manage than keys and harder to duplicate than PINs. Managers can easily assign and revoke access privileges, or alter a single user’s access privileges without affecting the entire population of users.

With card-based access, the threat of unauthorized keys and shared PIN codes is eliminated. In facilities that require permission to multiple systems, card-based credentials offer the potential to consolidate technologies across multiple systems, enabling users to carry one credential to achieve multiple activities.

However, today’s typical access control system was, in all too many cases, installed in stages. As a result, it is made up of different brands and disparate products that often do not integrate into the same system or talk with one another. Too many of today’s systems require many separate databases and a plethora of software interfaces that create confusion, lower the level of security within the facility, and decrease staff productivity for the customer and the installer.

Not only are such scenarios cumbersome for the employees, they drive the physical access control management crazy. And on the horizon sits the IT department, becoming more and more prevalent in access control hardware and software purchases. They shouldn’t put up with it.

In addition, not all card technologies are the same. Some card credentials are a great deal more secure than others. So, with this is mind, what’s the outlook for the future in IDs, biometrics and credentials?

Smart Cards Are the Future

We used to think that Homeland Security Presidential Directive 12 (HSPD- 12) would fuel smart card use in the government and accelerate adoption by large enterprises because HSPD-12 seeks to establish secure and reliable identification for all federal employees and contractors. Because federal mandates tend to have a cascading effect, this directive would have a huge significance: State and local governments, as well as first responders, would become major buyers of FIPS 201-compliant smart cards as they follow the federal initiatives. Private contractors would have to follow.

But organizations have bigger and more important reasons for choosing smart credentials, and there is no reason not to deploy smart cards immediately, even if the only application is to ensure physical access control. Organizations need smart credentials that work for them today and give them the flexibility to add applications in the future. After all, it is simply too easy for unauthorized people to duplicate and use another person’s proximity card.

Smart cards provide a higher level of security, more convenience and far greater functionality than proximity cards do for a comparable price. In addition, these smart cards have the ability to manage access, payments and many other functions.

Unlike proximity cards, smart cards using MIFARE DESFire EV1 technology offer several different layers of security, including mutual authentication, which ensures that the reader and the card are allowed to talk with each other before any information is exchanged. They also provide AES 128-bit encryption, a key encryption technique that helps protect sensitive information. They additionally supply diversified keys, which virtually ensure no one can read or access the holder’s credentials information without authorization. A message authentication code further protects each transaction between the credential and the reader, ensuring complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks.

Thus, smart cards provide groups with a way to increase the security of their access control solution today while providing a pathway to other smart credential applications. For that reason, although organizations might currently be using proximity, they are quickly migrating to smart credentials because they can incorporate a multitude of applications on a smart card more easily.

Besides access control, popular smart credential applications include identification, check-out verification, company cafeteria charges, access to recreational facilities, charge privileges at various locations, admission to events, transit passes, service access, bankcard service and biometric template holding.

The Bottom Line on Smart Cards

It is important that organizations be prepared for smart credential deployment, even if their facility wants to install proximity, magnetic stripe or keypad readers at present. Integrators can help customers by proposing multitechnology readers that combine the ability to read both proximity cards and smart cards. That way, when the group switches over to smart cards, it doesn’t have to tear out its old readers to install smart card readers. During the transition, the group can use both its old proximity credential and the new smart credential.

Also, ensure the new credential readers are open-architecture. Save money by using the existing access control system, if at all possible. Open architecture readers will let groups use both their current software and panels with their new credentials. If, down the road, the group changes its software, it can still use these readers.

Biometrics—Making Security Include Who You Are

Biometrics are automated methods of recognizing an individual based on unique physical characteristics. Biometric technologies, like hand geometry and fingerprinting, enable a facility manager to ensure that only verified users have access to a facility at authorized times. Biometrics provides the highest level of assurance that the actual authorized individual, rather than just the authorized key, card or code, has access to a secure facility. Because of the versatility of biometric technologies, you will find them used in universities, data centers, day care centers, airports, healthcare facilities and government buildings—any place where resources, lives or sensitive information require the highest levels of security.

If access control systems are to control where people, not credentials, can and cannot go, then only a biometric device truly provides this capability. Most people are familiar with the idea that biometrics are used in high-security venues such as data centers, nuclear plants and laboratories. However, many find it surprising that their biggest deployments are where they are chosen for convenience.

Biometrics are user-friendly. First of all, they can eliminate the need for keys or cards. While keys themselves don’t cost much and dramatic price reductions have lowered the capital cost of the cards in recent years, the true benefit of eliminating them is realized through reduced administrative efforts. For instance, an administrator must replace and reissue a lost card. Lost keys not only require replacement, but they also create the need for replacing the cylinders for all the openings that the lost key accessed. Thus, when taken together, the overall administration of a key or card system is costly. Hands and fingers are not stolen or forgotten. They also don’t wear out or need to be replaced.

“The number-one suggestion from our members was eliminating the need for ID cards,” said Director of Campus Recreation Jill Schindele at the University of California-Irvine. “We took [these] suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”

Secondly, biometrics are easy to administer, install and maintain. Replacing card readers, in many cases, is simply an unplug-plug-and-play operation. Hand geometry readers, especially, get people into buildings and rooms quickly. They include a variety of options, such as letting an employee quickly check accrued vacation time. Plus, it is easy to control threshold levels, allowing administrators to implement tight access control in a nuclear power plant and loose access at a spa. At the University of Georgia, biometric palm readers control access to campus housing. “Housing basically has an electrified door system,” said Bill McGee, formerly the manager of the Bulldog Bucks office blackboard transaction system at University of Georgia card services. “Any door can be opened from the control desk or remote desks around campus. We also have cameras on the doors. By adding the [palm reader] HandKey, we go from an access control system to a security access system. We feel that this is an important attribute. By simply putting one HandKey at an entrance, an organization can turn that door into a security system in its simplest form at a low cost.”

According to McGee, eliminating re-keying upon lost or stolen keys and students or employees leaving the university is especially important for larger institutions. With 800 people in a dormitory, re-keying would be both cost-prohibitive and a logistical nightmare.

As a result of so many biometric implementations that took place on college campuses during the last decade—in addition to the countless campuses that already had been using biometrics for years—in the residence halls, dining halls, and recreation centers, the industry has created thousands upon thousands of future prospects that see biometrics as a tool to be trusted for its security and convenience rather than equipment to be feared as “futuristic” or worrisome.

Tightening the ID Process Is Now a Two-Step Procedure

Most people will agree with Gary Conley, the University of Virginia’s facilities and systems engineer for the office of business operations, that simply running a magnetic stripe card or entering a PIN is not enough in today’s world. A lost card or found PIN should not be the ticket for unauthorized users to enter places they don’t belong.

That’s why two-step/multi-factor authentication is becoming more common. Indeed, it has been one major selling point in the phenomenal growth of biometrics over the past several years in which a PIN or card is used to bring up the biometric template that must be matched. Using smart cards in conjunction with biometrics raises the security level.

That’s because a single smart card can store both the user’s ID number and biometric template. Because of this, there is no need to distribute hand templates across a network of readers or require the access control system to manage biometric templates. This means integration to any existing access control application is greatly simplified, eliminating extra network infrastructure costs. Because the template resides only on the card, the solution also eases individual privacy concerns.

Providing the best of smart cards and biometrics, the solution provides dual authentication by requesting both the right card and the right person. A smart card reader is attached to or embedded into the biometric reader. A plastic cardholder is affixed to the side of the unit. The verification process takes approximately one second.

With the hand reader, the hand template requires only nine bytes to define the hand, the smallest in the biometric industry. This ensures fast response times and that the smart card can maximize its benefits by offering users increased room for other applications. In addition, the implementation supports multiple secure applications on the smart cards. Possible applications include the storage of additional information to allow for secure log on to a PC or laptop and accessing the company’s network.

Help That Hospital Employee

Today, it is much more efficient, economical and secure to have the initially mentioned teaching hospital’s employee carry a smart card that provides a variety of applications, including a biometric template. It can provide the employee with access to the areas of the hospital to which the person is authorized, including the biometrically secured pharmacy and other similarly secure locations, making the job easier, adding to employee productivity and helping the hospital become more secure. The same would be true if the employee were a student or staffer on the campus proper, or if he or she worked in an office building.

This article originally appeared in the August 2011 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3