Research reported in an AVISIAN 2010 survey shows that 90 percent of end-users believe that adding new applications with minimal investment is important; and 53 percent of respondents stated that they are not satisfied with the solutions to accomplish this in today’s market.
Next-generation access control readers and credentials will also be able to provide an additional layer of security on top of device-specific security. Secure objects will act as a data wrapper and provide additional key diversification, authentication and encryption, while guarding against security penetration.
The objects will be bound to specific devices by using device-unique properties, which will prevent card cloning. 93 percent of end-users in the AVISIAN survey said a key requirement was having multiple layers of security on cards or credentials — especially when other applications and private data were present. 37 percent of industry providers said they were not satisfied with available solutions.
Additionally, next-generation readers will incorporate EAL5+ Secure Element (SE) hardware to ensure tamper-proof protection of keys and cryptographic operations. They also will include such features as velocity checking to provides breach resistance against electronic attacks, and active tamper technology to protect against physical tampering of the reader.
The coming generation of reader platforms using device-independent data structures will also use open standards such as Abstract Syntax Notification One (ASN.1, a joint ISO/IEC and ITU-T standard), a data definition that allows for an infinitely extensible object definition. This definition can support any piece of data, including data for access control, biometrics, vending, time-and-attendance and many other applications. This will enable card and reader systems to optimize deployment flexibility and grow in security capabilities, unlike solutions with fixed-field data structures that remain stuck in a fixed definition.
Another benefit of device-independent extensibility is the flexibility it brings the developer community. The interpreter portion of the system takes care of mapping data to supported devices, which means the developer need only focus on generating and transacting (reading/writing) the secure objects. The days of the vending-machine developer having to learn about intricate credential-technology sector terminology and key rules is over.
In addition to enabling credential portability, the coming generation of reader and card platforms will forge new territory in the area of sustainability. Intelligent power management will reduce reader power consumption by as much as 75 percent compared to standard operating mode, and manufacturers will move to the use of recycled content.
Next-generation reader platforms will also improve usability and performance by including features such as multi-mode frequency prioritization, which will increase transaction performance while improving card management. These reader platforms also will include a variety of improved user notification features.
Device-independent data structures deployed on next-generation readers within a trusted boundary will enable the migration of physical access control technology beyond traditional cards into a new world of configurable credentials and virtualized contactless solutions that can be securely provisioned, no matter where they are or how they are connected. This model will also enable users to add levels of security, customize security protection, and extend system capabilities without having to overhaul the device infrastructure and applications.
Finally, this new approach will significantly improve overall system security while creating a more easily extensible access control system infrastructure that can also support a new era of more convenient, virtual credentials that can be embedded into phones and other portable devices.