‘Smart’ Tech Enhances Access Control Security
By Kimberly Tjoumakaris, Public Relations Manager, ICMA
For much of history, our identification systems have relied on face-to-face interactions and physical documents and processes. But digital technologies are transforming how identity is authenticated around the globe.
In an era of growing security concerns, governments, corporations and property managers must elevate the importance of a trusted identity while balancing the demand for convenient and efficient access. According to the International Card Manufacturers Association (ICMA)’s 2018 Global Market Statistics Report, access control card use has increased globally with the demand for increased security driving growth.
Access control cards are an essential part of commercial security systems—keeping buildings and designated areas secure and safe by controlling entry or restricting access within a space. With the wave or swipe of a card, residents, employees or visitors can gain access to an entire facility or secured zone and property managers can track the exact times of entry and exit.
Technological advancements in security systems, including the deployment of wireless technology, are enhancing access control. “Security is a top concern for both private and public entities; many industries are transitioning to smart cards,” said Martin Hoff, Entrust Datacard’s product marketing manager of hardware. “Smart cards are the most secure type of access card and are used most often in government, health care and financial sectors, while proximity cards are commonly used in higher education and enterprise.”
Access cards are tied to a person’s identity through a physical access control (PAC) system, which involves a two-step process that links a card to a person after the card has been printed. Some card personalization software systems can also connect to and update the PAC system after the card has been personalized.
“Access control begins with a trusted identity, which validates the person who is entitled to the benefits associated with a credential,” said Sebastian Tormos, Entrust Datacard’s director of vertical marketing.
First, a system identifies an individual. Then, his or her credentials are authenticated via a badge, smart card, password, mobile device or biometric (such as a fingerprint). Following authentication, building access control systems grant entry.
“The amount of personalization that occurs with access cards depends on what type of information and security is put on the card, for example, encoding a smart card with unique data, certificates and/or credentials,” Hoff said.
Digital Identity is Key to Security
Although technology continues to evolve and advance, when it comes to a trusted identity, physical cards will continue to play a valued role in securely granting or restricting access—especially in the health care and government sectors. The combination of a physical card with a digital identity is powerful and provides multi-layered security. Combining multiple features is important to the security of both physical and digital credentials.
“Access cards are encoded with a unique decimal number, which is put in the system and linked to the user’s record,” said Howard Albrow, HID Global’s NPI product line manager of PACS credentials. “Typically, an access control card does not contain any personal identifiable information, but through the system, it can link to a data record that may hold personal identifiable information.”
3 Types of Access Control Cards
There are two categories of access control cards—nonsecure and secure—and both provide ways to monitor who is entering or exiting a building. A proximity card is the most common type of access card for commercial and residential buildings; however they offer little security.
Typically the size of a credit card, an access card usually lasts five to 10 years before it has to be replaced. However, many factors affect the durability and lifespan of the card, such as the type of card substrate and personalization techniques used, how the card is stored and if the card is resistant to chemicals, abrasion, moisture and ultraviolet light.
Although the three types of access control cards—proximity, magnetic stripe and smart—may look the same, the technologies driving them vary significantly.
Proximity (prox) cards can be made of several different materials, but they all work in the same way; by being held in close proximity to a card reader, without needing to make physical contact with the reader. Prox cards are an older technology and a low security card.
Magnetic stripe cards are one of the oldest forms of access cards and offer minimal security. They are copied very easily and are typically used in low security settings like hotels. They work by swiping a magnetic stripe through a card reader (like a credit card).
The most recent advancement in the access control card market segment—smart cards—were developed with the goal of being hard to duplicate. The three types of smart cards—SEOS, MIFARE DESFire EV2, iCLASS SE—offer the most security, operating at 13.56Mhz (compared to a prox card which operates at 125kHz). Smart cards feature an embedded integrated circuit and are capable of writing data in addition to reading it, which allows the cards to store more data than traditional prox cards, supporting a host of credential options. Smart cards can provide personal identification, authentication, data storage and application processing. They can be combined with other card technologies for increased security.
“Smart cards are the best fit for commercial and residential building access because they provide greater security with an encrypted credential that must be decrypted by a reader,” said Hoff. “It’s much easier to spoof proximity and magnetic stripe cards.”
Access Control: Future Trends
While access cards still play a strong role in the access control market, some companies are moving toward smartphone Bluetooth-enabled technology to give residents frictionless access through secured doors, elevators and turnstiles. The introduction of mobile credentials has the potential to revolutionize the access control industry. Instead of carrying and swiping a card, a phone’s technology can help authenticate identity and grant entry.
“There has been a tremendous uptick in the popularity of mobile credentials,” said Albrow. “A mobile credential can be used via a smartphone to interact with an access control reader in the place of a physical card, which is more convenient, allows greater flexibility, improves privacy and can also lower the maintenance costs of credential management for end users.”
Biometric technology is also increasing with fingerprint recognition and iris scanning. In some cases, multiple methods of biometric identification are combined with the use of a card (or used in place of a card) for even greater security.
Hoff added, “Cards will continue to be used for access, but there is a definite shift to mobile credentials and biometrics.”