Increasing Security with Smart Credentials

Increasing Security with Smart Credentials

Prepare for smart credential and NFC deployment now

Increasing Security with Smart CredentialsFor about the same price, a smart credential provides a higher level of security, more convenience and far greater functionality than a proximity card. As used on college campuses and in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely.

For instance, MIFARE DESFire EV1 smart cards offer several different layers of security including:

  • Mutual authentication that creates the ability for the client to verify or authenticate the server;
  • AES 128-bit encryption, a key encryption technique that helps protect sensitive information;
  • diversified keys that virtually ensure no one can read or access the holder’s credential information without authorization; and
  • message authentication code (MAC) that further protects each transaction between the credential and the reader by ensuring complete and unmodified transfer of information, helping to protect data integrity and outside attacks.

Power over Ethernet Simplifies Security Applications

By Shane Duffy

As the network edge expands to include increasingly remote locations, more security system designersare specifying Power over Ethernet (PoE) as part of their network topographies. For example, imagine a remote security camera in an outdoor installation. Of course, it will need a data communications connection, but if it’s going to transmit useful video in inclement weather, it will also need a wiper for the lens, a pump for the cleaning solution and a heater to deal with frost, snow and condensation.

All of these elements require power; yet, standard Ethernet equipment will only provide the remote installation with a data connection. If no local power source is available, a separate line for power must be installed.

However, there’s a more efficient and less expensive way to go about it.

PoE provides power and data transfer on a single cable, eliminating the need to install dedicated AC power lines. The 802.3at PoE+ standard that is currently in the marketplace delivers up to 25 watts of power to end devices. The next iteration of PoE is expected to provide up to 60 watts of power. Unlike USB, which provides power and data on a single connection, PoE permits long cable runs. USB has a useful range of around five meters; PoE can easily handle cable runs of up to 100 meters.

PoE devices can simplify the management of remote devices. For example, when a link state is lost on a fiber segment, it is useful to be able to remotely force the output power on the copper port to “off.”

PoE puts data, power and remote management on a single length of cable, making it one of data networking’s most important tools.

—Shane Duffy is the fiber and telecoms product manager at B&B Electronics.

Bottom line, smart credentials increase the security of the information kept on a card and stored in a facility. In comparison to door keys, magnetic stripe cards and proximity cards provide encrypted security of smart credentials, ensuring they are far harder to counterfeit. Issuing only one smart credential impacts administrative costs. Not only is the cost of a single credential lower than purchasing multiple forms of ID, but the reduced management and distribution time for one credential will have a significant impact on productivity.

It is impossible to put a dollar amount on the potential damage that an organization could suffer by unauthorized individuals gaining access to restricted areas. By issuing staff credentials with strong authentication mechanisms, organizations are effectively investing in their well-being and demonstrating that they take security seriously.


When presenting a smart card solution, be prepared for representatives from the IT department to take notice. More security system decisions are being made with input from the IT department, and there is an increased desire for the convergence of physical and logical security access control.

IT professionals want strong authentication credentials; the same level of security provided by smart cards. Contrary to proximity and magnetic stripe cards and their readers, smart cards go through a challenge and response sequence to initiate conversations with the network. Communications are encrypted using industrystandard encryption techniques.

By welcoming their involvement, showing the ability to speak their language and answer their questions, you will gain additional layers of approval within the IT organization.

Smart Cards on Campus

Colleges have been out front in their use of the smart, one-card solution. Although many are using proximity cards, they have been quickly migrating to smart cards over the past couple years. That’s because they can get applications on a smart card more easily, including:

  • Identification;
  • library circulation privileges;
  • building access;
  • meal plans and “dining-dollars;”
  • student health facilities;
  • access to recreational facilities;
  • charge privileges at university bookstore locations;
  • admission to athletic events;
  • university transit;
  • access to student legal services;
  • bankcard access to university services, which eliminates the need to carry money on campus; and
  • holding a biometric template.

As those selecting smart cards have found, there’s a caveat in deploying smart cards. Choosing the right smart card credential can make all the difference when trying to use them with applications other than access control. Therefore, look for platforms that are open format rather than those designed for proprietary systems.

Open formats allow easy integration into other applications with minimal programming, speeding up the time of deployment, reducing the cost of implementation and giving organizations more freedom to get the most out of their investment. Open architecture readers also let organizations use both their current software and panels with their new credentials. If down the road the organization changes their software, they can still use the readers.

Using Smart Phones like Smart Cards

As Near Field Communication (NFC) technology is now being added to a growing number of mobile handsets to enable access control, along with many other applications, more and more organizations are considering joining the bring-your-own-device (BYOD) trend by having their users deploy their own smartphones and access control credentials. It was projected that over 285 million NFC-enabled smart phones were expected to be sold in 2013, and over half the phones sold in 2015 will be NFC capable.

NFC provides simplified transactions, data exchange and wireless connections between two devices that are in close proximity to each other, usually by no more than a few inches. As an example, Allegion’s aptiQmobile web-based key management system allows NFC-enabled smart phones to grant access to buildings and dorm rooms as well as partake in other badge ID applications.

To turn NFC-enabled smart phones into an access control credential, allowing people to use their smart phones to enter buildings, users simply download the aptiQmobile app to their smart phone. Then, their access control administrator uses the aptiQmobile cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smart phone to the reader in the same way they use an ID card.

What to Do Today

For those customers already using aptiQ multi-technology readers, there is no need to replace readers to migrate to smart cards, smart phones or a combination of the two. These readers work with magnetic stripe, proximity and smart cards as well as the NFC-enabled, mobile-phone-credentialed, all-in-one reader, providing an easy migration path to upgrade credentials between any of those versions at their own pace. If non-smart access technology is being used, multi-technology readers can be installed to help ease into the transition by reading both ID badges and smart phones. This also makes it easy for customers to continue to operate in a hybrid world of cards and mobile, if needed.

In addition, while the major carriers will ultimately offer NFC card emulation/secure element solutions, organizations wanting to use NFC-enabled smartphones as access control credentials for employees and students can begin the transition now. The recently-introduced aptiQmobile secure peer-topeer (P2P) NFC mode allows organizations to provide the convenience of using a mobile device today.

This peer-to-peer solution provides several advantages. It lets organizations use NFC-enabled, Android phones regardless of carrier choice, creating a universal solution. It even works on unlocked phones. Apple iPhone users would continue using a special case; but for many, its’ most important advantage is that it allows customers across multiple market segments to deploy now.

Ability to use Smart Credentials

Work is being done to give NFC-enabled smart phones the ability to use smart credentials. Members of the aptiQ Alliance Program, consisting of global companies that are using an open-architecture, smart card technology that extends the use of an access control card or NFC-enabled smart phone credential to an increasing number of applications, have come together to create an ecosystem of applications that support aptiQ smart card technology. End users will learn how they can better leverage smart credentials to build out an increasing number of available solutions.

The aptiQ Developer Network offers access to Allegion, a partner in the Samsung Enterprise Alliance Program (SEAP) that was created as an ecosystem for Samsung to provide better support to its various partners. Enterprise solutions, such as aptiQmobile, are an integral part of Samsung’s goto- market strategy. Allegion resources will work closely with the developers to help write the appropriate interface between their software and Allegion’s cloud-based, aptiQmobile service. As a result, developers will be able to give their current software programs the ability to issue mobile credentials.

Also, by enabling Pinsight Touch, the first nationwide open platform from Sprint’s Pinsight Media+ for securely storing and accessing credentials on a mobile device, aptiQmobile will help open up even more possibilities for the access control market.

It is very important that organizations prepare for smart credential and NFC deployment, even if they want to install proximity, magnetic stripe or keypad readers at present. Integrators can help their customers by proposing multi-technology readers that combine the ability to read magnetic stripe, proximity, smart cards and NFC-enabled smart phones. That way, when the group switches over to smart credentials, they don’t have to tear out all their old readers to install smart credential readers; and during the transition, they can use both their old magnetic stripe and proximity credentials along with the new smart credential.

This article originally appeared in the February 2014 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3