Migrating Credentials

Access control systems increasingly have the capabilities to deliver more functionality than simply managing who has access rights to a protected area. This makes them more appealing for many sites, and it has never been easier to migrate to the latest credential technologies.

When ‘smart cards’ first appeared, many years ago, they were seen as something of an overkill for access control systems. During their early adoption, acceptance was hindered by the cost, plus the fact that integration of business systems was still in its infancy. Today the cost of credentials has fallen, and integration is just desired by end users, it’s demanded by them!

The most significant benefit of smart credentials exists where a site utilises multiple applications which have a requirement for some form of individual identification. Using older technologies, this might require members of staff to be issued with a number of cards for different purposes. These might include credentials for general access control, network access control, time and attendance monitoring, cashless vending, asset tracking and logging (such as proof of required training to use a device or remove it from a stores area), as well as portable records of employment, contractual or even medical records where such a requirement exists.

The capabilities of smart credentials can also be employed to enhance security and streamline throughput times for access control. For example, biometric templates can be stored on the credential itself. This means that when access is requested, the system can operate off-line, with the reader comparing the captured biometric element with the stored template, ensuring that the card user is its authorised holder. The one-to-one comparison is faster than seeking matches in a large database, and allows more accurate matching to be implemented.

Being able to interact with various systems and business elements – and to carry a range of secure data and other information – on one secure credential makes increasing sense. Benefits are further increased if the data from the various elements can be used to create a smoother and more effective experience for the user. A single card with many purposes will always be more effective than a number of credentials with different uses.

Additionally, the resultant data can also be utilised to assist in the creation of enhanced operational policies. Reduced credential management can also deliver true cost efficiencies!

The transition
The big drivers for transitioning from 125kHz proximity technology to 13.56MHz smart card technology are convergence and security. Smart credentials make sense in terms of convergence because multiple applications can be managed by a single card. Michael Moyna of ACT states, ‘With 13.56MHz smart card technology, it is possible to read and write data from different parts on the smart card. The different applications can share the same information or write proprietary information back onto the card. The older kHz technology cards do not offer this flexibility.’

Smart cards can be sourced with different memory sizes to suit an application’s needs, and this is another area where kHz cards are found lacking.

Many of the smart credentials used by the security market have their roots outside of our industry. That the technology has been embraced by a diverse range of other sectors simplifies the integration of systems, and means that stored data can be used by a wider variety of devices.

Of course, the secure nature of the cards ensures that one system cannot ‘view’ another system’s data. Indeed, the specific data also cannot be viewed by a third party to discover the credential’s content. Many smart credential solutions employ encrypted encapsulation of data.

Moyna points out, ‘Security on the kHz cards can only be described as weak at best. To access data on 13.56MHz smart cards requires authentication.

‘MIFARE Classic has a simple security mechanism. MIFARE DESFire EV1 uses 128bit AES encryption to protect data and for transmission between the card and reader. This is useful where the customer requires a high level of security or is concerned about cards being cloned.’

For many sites, the transition from proximity-based systems to smart credentials – whilst desirable – represents a challenge. Alongside the investment in terms of the cost of replacement credentials and readers, many view the time associated with administering the change as the biggest issue. However, the preferred and often most painless way is to carry out the transition in stages. Typically companies will do this by department or by building.

Many manufacturers supply multi-technology readers. These allow existing 125kHz credentials to be retained and used alongside newer 13.56MHz technology. This also allows a wide range of additional applications to be introduced without the pain of changing every system for every authorised user at one fell swoop.

An alternative approach to changing readers is to opt for multi-technology cards, thus allowing the readers to be changed as and when budgets allow. This, however, does mean that true convergence cannot be enjoyed until much of the site is upgraded.

In summary
The benefits of a single credential implementation are obvious, and can streamline the data handling processes, as well as making operations simpler for on-site users. The flexibility can be further enhanced with higher levels of security too.

Businesses with a significant estate of existing credentials can take a staggered approach to transition, allowing them to manage the upgrade in terms of disruption, budget and implementation.

BENCHMARK
Benchmark is the industry's only publication for installers and integrators which is dedicated to technological innovation and the design and implementation of smarter solutions. With an unrivalled level of experience in technology-based systems, Benchmark delivers independent and credible editorial content.

Related Posts