What Type of Credential Do You Need for that Contactless Access Control System?

June 1, 2016
Find the best credential for your specific application, be it reader- or card- based 2-factor identification with the reader/keypad configuration, biometric card or smart card

Ralph is a locksmith who has put in a couple of simple proximity card systems. Therefore, he feels fairly confident of handling such business in the future. And, soon, he gets the chance. A new prospect wants to implement a new access control system using contactless cards. He wants the system to provide 2-factor identification, also be used for the company cafeteria to charge lunches and resist being copied or hacked. Oh oh! Can this be done?

With all the various selections available from the major credential vendors, everything Ralph needs is available - standard. Multiple types of physical forms of credentials provide different types of reading technologies and offer various options. Let's explore the main ones and pretend that we are Ralph as we go through this exercise.

When Specifying, Put an Adjective in Front of "Card"

The most elementary type of card is the clamshell proximity card. The clamshell card looks just like its name implies. Like the package that hold your strawberries at the supermarket, it is a one-piece container consisting of two halves joined by a hinge which, when closed, holds the electronics and any identification information. It is typically the most inexpensive card.

Many consider the image or ISO card a cleaner solution. A small .046 inch thicker, this one-piece card, similar to a credit card, easily accepts dye sublimation printing using a card printer which connects to a computer. This is a much faster, easier way of providing card information such as names, photographs, logos and other graphics than printing something on paper and then having to place it within a clamshell.

The next credential is not a card at all but acts like one when it comes into proximity of a reader. Designed to be carried on a key ring, the key fob (also called key ring) is one of the smallest, most durable proximity credentials you can select. Users have found the key fob especially convenient because it is on the same ring that holds door and car keys. It's always there, can be carried in the pockets, purse or on a necklace or clip whenever in the office. All the user needs to do is cozy up to the reader to open a door.

The final physical format is the proximity patch which can be attached to just about anything from a wallet to a cell phone. It can be used with an existing photo ID card to create new security credentials without incurring the costs of rebadging. When affixed to existing magnetic stripe or barcode cards, it provides an inexpensive upgrade to proximity.

Specifying the Reader Technology is Key

Although many card-based systems still use magnetic stripe cards, new access control systems rarely use them. And, when creating a contactless system, they are automatically ruled out anyway, with one rare exception to be explained later, let's forget about them.

Proximity. For the last two decades, the primary contactless technology used in access control systems has been the proximity card (125 kHz technology). In the last decade, proximity cards have been augmented by the smart card (13.56 MHz technology). And that's the way it has been until just recently. All of a sudden, there has been great interest in long range reading (433 MHz technology).

Let's first look at standard proximity. Held near an electronic reader for a moment, a proximity card enables the identification of an encoded number on the card. The reader usually produces a beep or other sound to indicate the card has been read. Proximity cards typically have a read range of less than 15 inches. The card can often be left in a wallet or purse and read by simply holding the wallet or purse near the reader. Today, the term "proximity card" refers to the 125 kHz devices as distinct to the 13.56 MHz contactless smartcards.

Passive 125 kHz cards are powered by radio frequency signals from the reader device and so have a limited range and must be held close to the reader unit. Active 125 kHz proximity cards are powered by an internal lithium battery. They can have a greater range, up to six feet.

Smart. Today, a smart credential (13.56 MHz), at about the same price as a proximity card, provides a higher level of security, more convenience and far greater functionality. As used in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely.

  • Identification
  • Library circulation privileges
  • Building access
  • Meal plans and “dining-dollars”
  • Health facilities
  • Access to recreational facilities
  • Charge privileges   
  • Transit
  • Access to legal services
  • Bankcard access
  • Holding a biometric template

Smart credentials increase the security of information kept on the card. In comparison to door keys, magnetic stripe cards or proximity cards, the encrypted security of smart credentials ensures that they are far harder to counterfeit.

Choosing the right smart card credential can make all the difference when trying to use them with applications other than access control. Look for platforms that are open format rather than those designed for proprietary systems. Open formats allow easy integration into other applications with minimal programming, speeding up the time of deployment, reducing the cost of implementation and give organizations more freedom to get the most out of their investment. Open architecture readers also let organizations use both their present software and panels with their new credentials. Down the road, when they change their software, they can still use the readers.

Long Range. 433 MHz long range receivers support either 2-button or 4-button transmitters to open two to four different doors from ranges up to 200 feet. Each button outputs transmitter data over separate outputs, yet the receiver installs just like a proximity reader for easy integration with popular proximity or contactless smart card access control systems.

Available in either a two- or four-button configuration and equipped standard with a proximity or contactless smart card module, the transmitter can be used as a presentation-style access credential. Each transmitter integrates the convenience of long range identification with traditional proximity or contactless smart card access control.

For example, if a site requires employees to access a parking structure (gate/barrier) and a door (building entrance), the 433 MHz solution will enable users to access both the long range and proximity applications with a single transmitter. For the parking structure, the users press the transmitter button from the secure convenience of their vehicles (without lowering the window) and, when wanting to gain access at the door, they simply present the transmitter to the building’s proximity reader. Since identical data is transmitted upon button press or presentation, each user needs only be enrolled once in the access control system.

Multi-Tech Cards. There are three main types of multi-tech cards: proximity/magnetic stripe, proximity/smart and proximity-smart/biometric.

Typical applications for the proximity/magnetic stripe combination employ the card's proximity technology for access control and the magnetic stripe for compatibility with numerous systems, such as those commonly utilized for time and attendance. Other applications include systems for cafeterias, libraries, copy machines and other office equipment management. There is also a smart/magnetic stripe combination card but it is seldom seen.

The proximity/smart combination is typically used when the organization has plans for migrating from its present proximity system to a smart card system. This dual card lets the company add smart card readers as time and budgets allow. During this time, all cards will work on all readers, proximity or smart, and, once finished, the firm won't need to change out one type of card for another.

The proximity or smart card with biometric is the newest version of the multi-tech card. It provides 2-factor (what you have and who you are) verification on the card itself versus reader based 2-factor verification in which the card is inserted and the keypad requires the correct security number before the door unlocks.

A contactless credential with on-card fingerprint reading provides all the assets of the proximity or smart card and eliminates its most glaring deficiency, not knowing who is holding it. The biometric card reads the user’s fingerprint. Eliminating the problems of solely deploying PINs and standard cards, the biometric card lets users authenticate themselves directly on the card through something they are, a fingerprint or thumbprint. Only then will the card system activate the lock. This is much more secure than simply using a standard card, which verifies only something the user carries.

Unique Options Add to a Credential's ROI

The most popular options have to do with security of the credential itself, helping to protect card-based systems from skimming, eavesdropping, hacking and relay attacks. With this option, a high-security handshake, or code, between the proximity or smart card, tag and reader prevents credential duplication and ensure that the readers will only collect data from these specially coded credentials.

For those familiar with mechanical access control, it's the electronic security equivalent of a mechanical key management system, in which a specific organization is the only one that has the individual key that they use. Such keys are only available through their locksmith and their locksmith never provides another company with the same key. In the electronic access control scenario, no other company will have the reader/card combination that only that specific organization gets from their locksmith. Only their exclusive reader will be able to read their exclusive card or tag and their reader will read no other card or tag.

The other popular anti-tamper security option is for smart cards. At manufacture, readers, cards and tags are programmed with the special algorithm, cryptographically ensuring the integrity of the sensitive access control data stored on the card or tag. Readers scan through the credential's access control data searching for data discrepancies, which may occur during the counterfeiting, tampering or hacking of a contactless smartcard. This is an additional layer of protection to what is already available in smart card authentication, operating independently, in addition to, and above this standard level of security. In use, the option allows a smartcard reader to effectively verify that the sensitive access control data programmed to a card or tag is not counterfeit.

Happy Shopping, Ralph

To meet the needs of his customer, Ralph can find the credential best for this application. He can produce reader- or card- based 2-factor identification with the reader/keypad configuration or the biometric card. To both allow people into the facility and charge their lunches, a smart card will do the job. Lastly, he can use one or both options to help secure the card. Best of all, everything discussed is easily found and discussed on the major vendors' websites.