Hybrid Credentials

Be it a card or a mobile phone, credentials will be smart

There are three major initiatives for cards and credentials on college and healthcare campuses that every security director needs to be aware of:

1. Smart cards are becoming the credential of choice. If you currently use magnetic stripe or proximity cards, start planning for the switchover now.

2. It’s going to be a hybrid world. Although smart cards will be the credential of choice, multiple types of credentials, such as key systems, PINs and various types of cards and biometrics, will still be necessary for certain operations. Adding special credentials is possible, and even though you may be using multiple credentials, you still will want one system to manage all of them.

3. Get ready for new technologies, such as NFC (near field communications). With NFC-enabled smartphones, students and staff will be able to use their own smartphones as access credentials, just like they would use smart cards.

A smart credential, at about the same price as a proximity card, provides a higher level of security, more convenience and far greater functionality. As used on campuses and in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely. Plus issuing only one smart credential favorably impacts administrative costs. Not only is the cost of a single credential less than purchasing multiple forms of ID, but the reduced management and distribution time for one credential will have a significant impact on productivity.

For instance, MIFARE DESFire EV1 smart cards offer several different layers of security including mutual authentication that creates the ability for the client to verify or authenticate the server. These smart credentials will also provide AES 128-bit encryption, a key encryption technique that helps protect sensitive information as well as diversified keys that virtually ensure no one can read or access the holder’s credential information without authorization. They provide message authentication code (MAC) that further protects each transaction between the credential and the reader by ensuring complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks. Therefore, smart credentials increase the security of information kept on a card and stored in a facility.

IT Approved

When presenting a smart card solution, know that representatives from the IT department will probably take notice in a positive manner as more security system decisions are being made with input from the IT department. One reason is to meet the increased desire for the convergence of physical and logical security access control.

IT professionals want strong authentication credentials, the level of security provided by smart cards. Communications are encrypted using industry-standard, encryption techniques. By welcoming their involvement and showing the ability to speak their language and answer their questions, you will gain additional layers of approval within the IT department.

Smart Cards and Smartphones

Colleges have been outspoken in their use of the one smart card solution. Although many are still using proximity cards, they have been quickly migrating to smart cards over the past couple of years mainly because they can get applications on a smart card more easily, including identification, library circulation privileges, building access, meal plans, bankcard access to university services, holding a biometric template, among others.

Choosing the right smart card credential, however, can make all the difference when trying to use them with applications other than access control. Look for platforms that are open format rather than those designed for proprietary systems. Open formats allow for easy integration into other applications with minimal programming that speeds up the time of deployment while reducing the cost of implementation, giving organizations more freedom to get the most out of their investment. Open architecture readers also let organizations use both their present software and panels with their new credentials. If down the road they change their software, they can still use the readers.

NFC Technology

As Near Field Communications (NFC) technology is now being added to a growing number of mobile handsets to enable access control and many other applications, more organizations are considering joining the bring your own device (BYOD) trend and having their users deploy their own smartphones and access control credentials. It was projected that more than 285 million NFC-enabled smartphones were expected to be sold in 2013 and over half the phones sold in 2015 will be NFC-capable.

NFC provides simplified transactions, data exchange and wireless connections between two devices that are in close proximity to each other, usually by no more than a few inches.

As an example, Allegion’s aptiQmobile web-based credential management system allows NFC-enabled smartphones to grant access to buildings and dorm rooms as well as partake of other badge ID applications. To turn NFC-enabled smartphones into an access control credential, allowing people to use their smartphones to enter buildings in the same way they present a badge ID, users simply download the aptiQmobile app to their smartphone. Then, their access control administrator uses the aptiQmobile cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smartphone to the reader in the same way they use an ID card.

Verifying Who Is at the Door

For those situations in which the campus needs additional verification to confirm access (above someone having the appropriate smart card or smartphone), biometrics handles this challenge.

Healthcare facilities biometrics. On university healthcare campuses, physicians are not likely to always have their badges, but with a hand geometry reader, all they need to remember is an issued PIN code. From a security standpoint, hand geometry readers provide secure, tracked access that protects staff, patients, visitors and records in highly-secured hospital areas such as the pharmacy, patient records, labs and surgery rooms.

Identification Verification

At a major hospital in the southern United States, 39 Schlage Hand- Key terminals heighten security for patients and 3,500 employees on a 61-acre main hospital campus. These terminals are used in the birth center, IT data center and other major IT areas, the operating rooms and the emergency department.

University facilities biometrics. Data from independent research, Effective Management of Safe & Secure Openings & Identities, showed that 10 percent of colleges are already using biometrics. Besides residence halls, one of the most popular venues for biometrics is the recreational facility.

The University of California-Irvine, with 22,000 students, is an example. Plus this recreational facility doesn’t face the problem of students transferring an ID card to a friend.

“The number one suggestion from our members was eliminating the need for ID cards,” said Jlil Schindele, director of campus recreation at the University of California-Irvine. “We took their suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”

Students throughout the nation appreciate the added security and convenience of not worrying about lost, stolen or borrowed credentials. Biometrics also are popular at dining halls where they limit access to students who have paid for the meal plan and at computer labs where only those authorized to enter can do so, protecting sensitive equipment and information.

What to Do Today

For those campuses already using aptiQ multi-technology readers, there is no need to replace readers for migration. These all-in-one readers work with proximity and smart cards as well as the NFCenabled mobile phone credential, providing an easy migration path to upgrade credentials between any of those versions at their own pace. If non-smart access technology is being used, multi-technology readers can be installed to help ease into the transition by reading both the ID badges and the smartphones. This makes it easy for customers to continue to operate in a hybrid world of cards and mobile, if needed.

In addition, while the major carriers will ultimately offer NFC card emulation/secure element solutions, organizations wanting to use NFC-enabled smartphones as their access control credentials for employees and students can begin the transition now. The recently introduced aptiQmobile secure peer-to-peer (P2P) NFC mode lets organizations provide the convenience of using a mobile device today.

This secure, peer-to-peer solution provides several advantages. It lets organizations use NFC-enabled Android phones, regardless of carrier, to create a universal solution that even works on unlocked phones. Apple iPhone users would continue using a special case to enable their phones. But, for many, its most important advantage is that it lets customers across multiple market segments deploy now.

It is very important that campuses prepare for smart credential and NFC deployment while embracing when to deploy biometrics, even if that facility wants to install proximity, magnetic stripe or keypad readers at present. If a new reader is needed, select multi-technology readers that combine the ability to read magnetic stripe, proximity, smart cards and NFC-enabled smartphones in a single unit. That way, when the campus switches over to smart credentials, it won’t have to tear out all the old readers to install smart credential readers; and during the transition, the campus can use both their old magnetic stripe and proximity credentials along with the new smart credentials.

This article originally appeared in the July 2014 issue of Security Today.


  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West
  • Live from ISC West: Day 1 Recap

    The first day of ISC West 2023 is in the books, and it’s safe to say that vendors have brought their A-game to Las Vegas. The booths of this year’s Live From partners—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—were swamped all day long. Here’s a brief recap of just a few highlights from each partner’s presence at the show. Read Now

    • Industry Events
    • ISC West
  • Turn on the AC, ISC West is Hot

    Nothing warm about the Las Vegas weather outside. It is cold, and it was raining after the opening day. No one seemed to care inside the convention center. The hall was packed with inquisitive security professionals. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

New Products

  • PACE® Long Range Ethernet Solutions

    PACE® Long Range Ethernet Solutions

    Altronix introduces the newest addition to its portfolio of PACE® Long Range Ethernet Solutions. 3

  • Camden Door Controls CV-603 2 Door Bluetooth Access Control System

    Camden Door Controls CV-603 2 Door Bluetooth Access Control System

    his app-based system is designed to provide ‘best in class’ security of doors and gates, with up to 2,000 users. The intuitive programming app is Apple® and Android® compatible, with easy to use system set-up, user administration, downloadable audit trail and data back-up. 3

  • BriefCam v6.0

    BriefCam v6.0

    BriefCam has released BriefCam v6.0, which introduces the new deployment option of a multi-site architecture. This enables businesses with multiple, distributed locations to view aggregate data from all remote sites to uncover trends across locations, optimize operations and boost real-time alerting and response – all while continuing to reap the benefits of BriefCam's powerful analytics platform for making video searchable, actionable and quantifiable. 3