printer friendly version

Access control cards are getting smarter

Regardless of the type of access control ID card you are using today, contactless smartcards are in your future. They cost less and do more than proximity badges and can be integrated into present access control systems. There are very few administrators that do not understand the role of access control badges and tokens in their overall program.

Of course, badges limit access to the facility to only those with an access control card. Countless companies take this a step further. In many cases, office workers can access their work areas but not the warehouse while the exact opposite holds true for warehouse staff. Often too, the security system is programmed to limit access only during specific time intervals.

This is especially important for those organisations that provide access cards to vendors and/or delivery personnel. Most importantly, as a result of using the badges or tokens, management can provide audits of who was where when. However, in most cases, that is all the traditional credential, whether bar code, barium ferrite, magnetic stripe or proximity, provides. Smartcards raise capabilities to the next level, at new unexpected pricing.

Now, before you think, "Have I not been hearing this for half a decade?" consider this: the retail cost of new contactless smartcard readers is significantly (some 20%) less than comparable proximity readers. Today, over 600 such readers and 8500 cards are being used in GE facilities throughout the world and their numbers are growing as they are migrated throughout the corporation.

What is more, the multi-application flexibility of contactless smartcards lets an organisation use them for logical/information access control, time and attendance and other applications in addition to physical access control. Each application gets its own memory space on the card or tag and security keys prevent one application from accessing another. For those considering biometrics at some of their access points, the card can even hold the biometric template.

As proximity became the predominant card technology over the last decade, contactless smartcards will replace proximity and the other legacy card technologies over the next three to five years.

Access control cards - a quick overview

* Bar codes: Some facilities still use bar code badges, the least secure of all access cards. They are what they sound like. A bar code reader scans the bar code to allow access. However, since the bar code is visible, it can be reproduced very easily. There is a solution though. By covering the bar code with an opaque film, the badge is only read by a UV bar code reader. Of course, this raises the cost.

* Magnetic stripe: No different than the common, ordinary credit card, information on a magstripe card is held on a strip of coated magnetic recording tape. Since the stripe must come in contact with the reader, there is ultimate wear-and-tear on the card. There is a reason that they are the de facto card for credit companies. They are less costly and easier to produce than other badges. Of course, this also means that they are easy to forge, making their security questionable. Nonetheless, they are successfully used by thousands of companies which require only simple access.

* Barium ferrite: No article on access control cards is complete without discussing barium ferrite, even though most have never seen such a card. It has up to 40 magnetic dots, which are polarised. Their variations create the unique badge number, which is read by either inserting the card into a reader and, in 'newer' models, touching the reader. Although somewhat difficult to reproduce, wear-and-tear, costs and other factors have pretty much made this technology disappear.

* Weigand badges: Also unknown to most, Wiegand badges contain strips of wire embedded in the badge. As it is inserted into a reader and passed over a set of magnetic field coils, each strip sends back an electric pulse (1 or 0). The placement of the wires determines the encoded number. The card is fairly safe since the card is difficult to produce and the wire to make the cards is patented. They are prone to cracking. Being a proprietary card, they are not widely used. Wiegand cards are typically found today only in legacy systems.

* Proximity badges and tokens: This is today's most widely used access control technology for two main reasons. First of all, there is no contact between cards and the reader. This eliminates the wear-and-tear factor. Secondly, proximity readers can be made very durable or even hidden into another structure to make them relatively vandal-resistant. Badges contain an antenna with microchip. As the badge enters a 'wake-up' field, the electronics inside the badge power up and send the encoded information to the reader.

There are three types of proximity badges.

- The read only, true to its name, can only be read. The number cannot be changed.

- Read/write badges can have their numbers re-programmed.

- Multitechnology badges are proximity badges that also employ another technology.

For instance, leading vendors provide such badges in combinations such as proximity/magnetic stripe, proximity/Wiegand and proximity/barium ferrite. These are typically employed where a company has an older legacy access control card technology and wants to migrate without eliminating access to buildings. This is especially important for companies with multiple facilities. In other cases, the company cafeteria or some other application may only take magnetic stripe or the other technology credentials.

* Contact smartcards. These cards contain a microchip that holds and processes large amounts of information. Metal pads on the card make contact with the reader to power up the circuitry and communication with the microprocessor. As a contact technology, though, they suffer the effects of wear-and-tear.

Why there will be contactless smartcards in your future

This technology is ideal for physical access control and other applications. Because ID cards and readers are typically exposed to the elements and have high usage, this sealed contactless technology prevents damage when cards and readers are exposed to dirt, water, cold and other harsh environments. With no mechanical read heads or moving parts, maintenance costs are minimised. Finally, with read ranges extending beyond a foot, contactless smartcards offer hands-free access.

To assure that you review the appropriate smartcard solution for your applications, you need a very quick primer on the three types of smartcards and information on a couple of very important 'standards' that can make or break your system. Contactless smartcards fall into one of three classifications.

Close coupled contactless smartcards - ISO 10365 - operate with the card just about touching the reader, similar to most proximity readers. That is so the reader can transmit power into the card to run a very powerful microprocessor. With more recent developments, that is no longer needed and most integrators will advise you to use one of the other contactless smartcard technologies.

ISO 14443A (sometimes called Mifare) cards operate from zero to four inches while ISO 15693 cards operate from zero to 39 inches but most readers created for these cards hold the distance at 14 inches, comfortable for the user and assuring a positive read. Most integrators will suggest you concentrate on the ISO 15693 standard. Here is why.

Beware of proprietary technologies

ISO standards are the standards that all leading security systems software manufacturers and integrators are using. There are proprietary, non-standards-based smartcard technologies that could bind you to a single-supplier dependency and potentially restrictive pricing structures. Caveat emptor ... buyer beware.

The ISO 15693 standard promotes an open and competitive market for any organisation that decides to employ contactless smartcard credentials. It ensures a lower cost of total system ownership as the ISO 15693 technology increases in popularity and acceptance. Importantly, it will allow your company to deploy future technologies based on ISO 15693 standards, circumventing the need to replace your entire security system in order to leverage this new technology.

To repeat an earlier statement, readers of the 15693 Standard already cost approximately 18% less than proximity readers. And, you should be able to get a lifetime warranty on the reader.

Because the ISO 15693 standard employs 16-digit badge identification data, it is considered more secure than proximity cards with their 12 digits. With a 4-state intelligent supervision feature, a reader can monitor and report alarms for open contact, closed contact, cut wire and shorted wire. Such intelligent supervision ensures that security personnel are notified if someone tampers with the reader, a door is breeched or a circuit is bypassed. This is important and should be asked for.

No matter what the application or site constraints, you can employ the ISO 15693-compliant badges. Key fobs and disc tags are also available to facilitate migration to the new contactless technology. For instance, if you have a facility using proximity, you would simply affix disk tags to your present proximity cards so that you can continue using your legacy readers and cards as the migration takes place.

If you put in the Mifare (ISO 14443A) standard and want the upgraded features of ISO 15693, there is more good news. Leading contactless smartcard readers read both ISO standards. Thus, you will be able to mix and match ISO-compliant standards as you preserve current investments, eliminate any chance of single vendor dependency and enjoy a lower cost of security system ownership.

Infrastructure ready for contactless smartcards

The reason smartcards have not been employed in security systems to any extent is because they were difficult to integrate into the Wiegand protocol employed by most legacy access control systems. However, with the advent of open architecture command and control integration platforms such as GE Interlogix' Facility Commander, the convergence of physical access control systems with IT systems, and a drive by all towards interoperability and open platforms, those restrictions are quickly falling by the wayside.

Standardised interfaces and protocols are de facto in all leading enterprise access control and security management systems, whether designed for mid-sized or large organisations.

With their lower reader costs, reduced costs of system ownership and increased applications opportunities, every loss prevention manager needs to more closely study contactless smartcards as they review their present systems.

Share this article:

Further reading: