Access Card Migration: MagStripe to Smart Card

Employee identification badges have been around for well over 100 years. Ford Motor Company’s early ID badges had the employee number and the name of the facility stamped into the metal badge. Company rules required employees to wear the badge visibly, outside of their clothing, at all times. In the mid-1910s, Ford began using German Silver (Sterling Silver) for their badges.

These early employee identification badges were an easy way to determine if an employee was where he belonged and if an employee was not where they were supposed to be. There was minimal need for keys as many companies were on three shifts or a few "trusted" employees received access to keys to lock and unlock doors. Usually, the person in the guard shack would provide access control.

Over the years, employee identification badges have become more popular and useful, with photos providing a more precise form of identification. Some badges not only provided identification, but also could be used to make purchases and gain access using the badge as a credential. Access capable employee identification badges (access badges) provide identity documentation and a credential, which is a way to identify a person to a system for the purpose of authentication.

Magstripe Cards

In the late 1960s, magnetic stripe (tape) magnetic qualities were modified to store data. Through trial and error, the stripe was eventually bonded onto a plastic card base. The magnetic stripe or Magstripe card provides the ability to store data on an inexpensive, easily transportable product. The first Magstripe card for identification was invented by Forrest Parry at IBM for the U.S. Government.

Next, different international, governmental and private standards came into place for the physical properties including size, location of Magstripe, magnetic characteristics and data formats and positioning. Magnetic stripe cards were developed into bankcards, employee identification cards, etc.

A plus for the new identification card was the opposite side of the plastic base could be printed and/or embossed with logos, photos, company information and employee information. Companies could have the time clock operating in conjunction with access cards to audit employees and determine payroll.

Unfortunately, a limited amount of information can be contained on a Magstripe card. For access control applications, information could be encoded at the producer's location and/or the end user’s location. The magnetic stripe would keep the information relatively protected.

Magstripe cards are read using hardwired swipe card (insertion) readers. A downside of the Magstripe cards for access control was that the strip would prematurely wear out. In instances where the card was used multiple times a day, a card could need to be replaced as often as every three months.

The demise of the Magstripe card is rapidly approaching as the ease of cloning and lack of security has become unmanageable.

Barium Ferrite

During this time, additional credential mechanisms were introduced. Barium ferrite has had data applications including media storage and magnetic stripe cards for hotel rooms and identification cards. ID and access cards are implanted with unique patterns that are magnetically attracting and repelling. When the proper card was presented to the insertion reader, the mechanism would confirm or deny access. Early Barium ferrite insertion readers required cleaning and recalibration. Later, more reliable and advanced cards and readers were introduced. Barium ferrite cards require contact; touching or insertion into a hardwired badge reader. Although no longer practical for most applications, the barium ferrite system is still widely utilized.

Note: There are companies that sell Magstripe and barium ferrite cards, readers and supplies.

Wiegand

In the late 1970s, the Wiegand wire embedded card (keycard) and reader were patented and introduced for access control applications. The keycard wire technology is based on the Wiegand Effect of unique magnetic properties resulting in the ability to switch magnetization polarity. This switchover is called the Wiegand Effect.

John Wiegand created the extraordinary annealed and hardened wire. He was a musician with perfect pitch, which gave him the ability to determine the characteristics required to produce wires capable of switching magnetization polarity (Wiegand Effect).

To build a Wiegand Keycard, he placed short pieces of these magnetic wires disposed parallel to each other transversely of the card. This series of embedded wires encodes the "key" and the clock tracks. On January 1, 1974, John R. Wiegand received patent 3,783,249 for Coded Magnetic Card and Reader.

Simplifying the patent language, when a Wiegand keycard approaches a Wiegand compatible reader (coil) emitting coded waves, each wire's magnetic state flips. The wire change indicates a "1". No wire indicates a "0". The generated data pulse is read and fed to a single signal processor. The signal processor determines if the data pulse is correct. If the data pulse is correct, the output can be used to activate any device including an electrical switch (door lock), arrival and departure of an employee, etc. The 26-bit format used in today's Proximity cards arose from the development of the Wiegand keycard.

The Wiegand code stripe, which makes up the protocol digital code, contains small pieces of specially processed wire. The code stripe is embedded (laminated) under pressure to create a solid vinyl keycard the same basic dimensions of the Magstripe card. Because of the design and technology, Wiegand keycards do not wear out. The Wiegand Keycard Reader has no moving parts, electronic circuits, data sequencing or interpretation. The keycard is immune to external magnetic fields or RF interference and is destroyed when someone attempts to remove the code stripe.

While not completely obsolete, Wiegand Keycard technology is a legacy product. The Wiegand Keycard technology should not be considered for any new major system. However, for an existing access control system unless there is a reason to upgrade, this technology can continue to provide controlled access for many years.

Multi-Technology Cards

An alternative to replacement for Wiegand Keycard access control system is the upgrade path that incorporates multi-technology access cards. These cards incorporate Wiegand keycards and proximity or smart card technology. This provides the opportunity to slowly convert to either Radio Frequency technology by purchasing multi-technology access cards and proximity or smart card readers for specific locations at different times until the conversion is completed.

As technology has evolved, companies with tight budgets make the financial commitment to purchase new electronic access control systems only when their existing system is too old or too expensive to maintain or obtain replacement parts. Another important consideration is when the f card numbers have been reused many times, conflicts arise when re-issuing already issued card numbers.

Electronic technology cards provide additional features or higher levels of security. This seems to become of value once the commitment has been made and newer technology has been in place for a period of time.

Prox Cards

Newer technology includes the later incarnations of the low frequency 125 KHz Proximity (Prox) cards and the 13.56 MHz smart cards. Proximity card technology has an Integrated Circuit (IC) connected to a copper wire coil. The coil provides an antenna to receive and transmit the data. The Proximity card just needs to be near the reader (within inches) for a moment to have the encoded data (code) read. Most readers emanate a beep notifying the cardholder it has been read. Unlike Magstripe, Wiegand Keycard and barium ferrite cards, direct contact or even line of sight is not required for a Proximity card to be read.

Proximity cards are coded to a pre-programmed facility code and serial number. Contained within the Proximity card IC chip is the encoded data. This data is fixed; no changes can be made once they have been created.

The industry standard Proximity format is the 26-bit Wiegand protocol. It is an open format, which is recognized by most access control hardware. The 26 bits uses a facility (site) code and card numbers. The 26-bit Wiegand facility code is bits 2-9. The facility code remains the same for the entire facility. The code (card) number is bits 10-25. Bit-1 is even parity and bit-26 is odd parity. Different formats and manufacturers have a similar structure and parity bits to check for errors.

There can be up to 65,535 card/fob ID numbers in a "standard" 26-bit Wiegand Format, from one to 65,535, using all 16 card number field bits, per facility code.

In today's world, part of the problem of having a sufficient number of card numbers is in an average education facility such as a university, college or hospital is turnover rate. In an average higher education facility that has campus wide access control approximately ¼ to 1/3 of the total card holders annually drop out, graduate, retire or move on from temporary positions. In addition, some think badges are disposable and lose them monthly. It is never a good idea to reuse card numbers unless administration has all of the cards that have been given out.

In addition to the 26-bit format, additional formats include the 34-bit and 37-bit. They are also available in dealer proprietary formats. Before purchasing a Proximity card-based access control cards and readers, make sure the equipment chosen provides the desired level of security.

Most access control Proximity cards and badges are passive, requiring radio frequency signals from the reader to transmit through the coil, powering the IC onboard power storage. Once powered, the encoded data (binary code) is transmitted to the reader and converted to be read by the controller to determine if access is granted or denied. If access is not granted, no action is taken. If access is granted, the locking mechanism and related components are unlocked and the cardholder can gain entry. Most new readers continue to incorporate Wiegand upstream data so they will always be backwards compatible with older technology access control systems.

Most Proximity cards are the clamshell style with a top and bottom plastic cover sandwiching the coil and the integrated circuit. These cards are available with the card horizontal (card style) or vertical (ID badge). Other styles include the fob, tag and the Prox horizontal card with Magstripe. Proximity cards can also have a Barcode (UPC).

There are advantages with the Proximity card using multiple technologies. For example, a Proximity card can also have a Magstripe and/or bar code. This provides the ability for a school to provide either debit or credit transactions for purchasing using one card that also identifies the person.

There are problems with Proximity card technology. There are a limited number of facility codes since the binary system is either odd or even. This means that the number of Proximity card systems with large amount (100,000 or 1 million) of card numbers is limited. Different manufacturers using similar facility codes and card numbers result in the possibility of duplication. A greater concern is many Proximity card technologies can be cloned.

There are variations of the Proximity card technology. For example, HID Indala 125 kHz Proximity Readers have FlexSecur® technology. This provides an additional level of reader verification processing. MAXSecure from Farpointe Data integrates a high-security code (handshake) between the Proximity credential and the reader. MAXSecure is designed for applications where card numbers have been repeatedly used due to excessive turnover or time. The high security code equipped Proximity cards screens out unauthorized credentials. For information on technologies supported, contact Farpointe Data.

Smart Cards

Around the early 2000s, the 13.56 MHz smart card was developed for access control applications to provide a higher level of security. The smart card has an embedded, secure integrated circuit (microcontroller) or equivalent intelligence with memory. Credit Card companies are converting to cards with Europay MasterCard Visa (EMV) chips. EMV technology will not prevent data breaches, but they will make it much harder for criminals to profit at this time. According to a resource, France has cut credit card fraud 80 percent since 1992, when they introduced the EMV technology. Employee identification badges for many government agencies now require the use of smart cards.

There are contact and contactless smart cards. Contact smart cards have the contact chip above the microcontroller on one side of the card. The gold or silver color contact chip contacts the mechanism within the contact reader.

The contactless smart card is used for commercial access control applications where the time required to insert the card into a reader, have it read and removed adds way too much "person time" for controlled entry doors especially on a large scale.

Contactless smart cards have a coil assembly connected to the microcontroller. These cards make use of radio frequency between card and reader, eliminating the need to physically insert the card. For access control requiring a higher level of secure card access, the contactless smart card can verify that the reader is authentic and can prove its own authenticity to the reader before starting a secure transaction.

Proximity cards use a coil as an antenna and an integrated circuit. However, Proximity cards have no memory. The embedded memory equipped microcontroller gives smart cards the unique ability for encryption and mutual authentication, store large amounts of data and interact intelligently with the reader. The smart (access) card is read by a contactless radio frequency reader, as is a Proximity card using the same access control application information. Like the Proximity card, the smart card produces a Wiegand protocol output.

For access control purposes, a smart card is available in card, fob and tag configurations, the same as the Proximity card. The microcontroller in the smart card can implement a personal firewall, releasing only mandatory information when required. This gives the smart cards unique capabilities such as support for biometric authentication and information privacy if the organization issuing the cards, readers and systems designs it into the application.

There are different smart cards. Some are read/write and others are read only. Proprietary smart cards include the Mifare and DESfire. There are the different HID iClass smart cards. Because of the variations, not all smart card readers and multiple credential readers will read all of the different card formats. To meet this end, multimode cards have multiple microcontrollers to function with different methods of communications. Before setting up an access control system using a specific smart card technology, do your research to ensure your customer's needs are met.

Multi-Technology Cards

As different smart card and additional technologies develop and improve, the migration from one technology to another must be available for seamless operation for several reasons. The development and administration costs for a new identity access card system can be expensive. Offering multiple technology credential readers that read both Proximity cards and smart cards helps to create a timeframe to convert making it fiscally practical when the process is started early on in the development of the smartcard system.

Hybrid card readers can include a Magstripe or a Wiegand keycard reader in addition to the Proximity card reader and/or smart card reader. This eases technology migration while some are still using their same access badges. Make sure the reader is compatible with the smart card's technology. Once the new readers and software have been incorporated, the access cards can be distributed by groups introduced by level or required security.

To increase security, HID is introducing bioClass readers that provide multi-factor authentication utilizing smart card technology combined with biometric template verification, and/or a PIN. During verification, the LCD graphical display will assist the user with instructions about finger placement on the biometric sensor. The fingerprint template is collected at the reader and immediately transferred to the card. During this enrollment process, the fingerprint template is stored only on the card. The template is never transmitted to an external host. The location of the finger pad is compliant with ADA standards.

The intelligent use of access cards that authenticate any individual who has access privileges is critical to maintaining a high level of security. To maintain such levels, companies must require strong authentication requirements. Depending upon the level of security, multiple credentials can include microcontroller, biometric and keypad.