Credentials Then And Now

Nov. 1, 2016
Technology has spurred the migration of access control credentials from bar codes and mag stripe to Wiegand, proximity, smart cards and NFC and Bluetooth capability

Access control allows or prevents access to protected areas by requiring individuals to interact with a guard, keypad, reader, or terminals with the correct response to prove they are authorized to enter.

Electronic access control systems have evolved over the last half century with ever more sophisticated ways to authenticate these individuals by use of one or more of the following criteria:

  • What you know: A memorized code
  • What you have: A key or credential
  • Who you are: A biometric characteristic such as a hand print, fingerprint or retinal pattern.

Each of these is an authentication factor, and higher security applications used multiple (more than one) authentication factors.

My own career in access control began on the manufacturing side for a firm that manufactured a keypad type access control. Although many people regard keypads as the lowest (what you know) level of access control, these keypads were most often deployed within premises which had robust perimeter security with cameras and armed guards.

But for non-military applications, automated solutions were required; ones using readers and reader keypads which ostensibly controlled access without need for human intervention.

The development of credentials has been a stepping stone process involving numerous technologies and refinements.

Barium Ferrite

These cards contain a Barium Ferrite insert, which is encoded by magnetizing spots in a specific pattern with specific polarities.

The reader had a slot where a facility card is inserted, and factory-encoded cards were ordered that would work only with that facility code. The card reader’s only out put was a switch, which would be used to energize an electric door strike. It was much more secure than just a memorized code, and we combined the barium ferrite card reader with a keypad so that both a valid card and the correct memorized code would be required for entry.

Bar Codes

A bar code is a pattern of parallel lines that vary in width and spacing which represent data. Bar code readers use a light beam to scan the pattern into digital data that is transferred to a host computer for decision or storage. Bar code technology is the standard for retail check-out, inventory control and postal service.

Next to magnetic stripe credentials, bar code credentials are the easiest and least expensive to produce. However, since conventional bar codes are visible and easy to duplicate, the bar code card is the least secure of the access control credentials. However for security applications, some bar codes are embedded in laminated credentials.

Magnetic Stripe

Magnetic Stripe (mag-stripe) cards have been the most common technology used in many applications for many decades. These cards contain a strip of ferrous material similar to audio magnetic tape attached to the outside surface of the credential. The credential is moved through a reader (swiped) which has a magnetic read head similar to the type used in a tape recorder. Three tracks are available on a magnetic stripe.

Up until very recently magstripe were the primary means of payment in retail. They are still used but banks are transitioning to smart cards because courts have forced the banks to reimburse card holders for financial loses which can be attributed to the low security mag stripe encoding.


Wiegand technology is widely recognized and field proven. The cards and readers are low cost and durable, with a high level of security.

The term Wiegand is applied to several characteristics related to access control readers and cards. Wiegand is:

  1. A specific reader-to-card interface
  2. A specific binary reader-to-controller interface
  3. An electronic signal carrying data
  4. The standard 26-bit binary card data format
  5. An electromagnetic effect
  6. A card technology

When we say, “Wiegand,” we typically refer to the general concept of security card data encoding.

The Wiegand Reader-to-Controller Interface is an interface that defines how two devices communicate with one another. The Wiegand interface is the most prominent industry interface for card access control. The Wiegand interface consists of three conductors (wires) called Data Zero (usually green), Data One (usually white), and Data Return (usually black).

Wiegand effect is a pulse-generating phenomenon in a special alloy wire that is embedded in the credential in a pattern.

Due to the complexity of manufacturing the Wiegand wire, Wiegand cards are virtually impossible to duplicate but expensive to manufacture. It is also necessary for the Weigand credential to make physical contact with the reader and passed over a reader head. We used to OEM Weigand cards which we would buy in bulk and then individually test and label prior to sale. The reject rate was significant.


Proximity credentials utilize radio-frequency identification (RFID) technology to communicate between a card and reader. The reader translates the information from a card into a digital format read by a host panel/computer that makes the decision to authorize a person’s entry or acceptance. Proximity has become the standard in access control due to convenience (reading a credential presented within several inches of a door or reader) as well as greater transaction security when compared to magnetic stripe and bar code technologies.

Smart Card

Smart Card credentials are typically credit card-sized credentials containing an embedded processor chip with a memory capacity approximately 800 times that of a magnetic stripe card. Most smart card systems have the capacity to both read and write information to the card from the reader or panel, providing better data security while creating much greater flexibility for use in various applications.

Smart Card credentials can be Contact or Contactless. Contact cards are similar in operation to magstripe cards in that they must be swiped or inserted into a reader to be read. They are recognizable by the gold chip visible on the outside of the card (which must make contact with the reader). Contactless cards utilize RFID technology, which may appear identical in operation to a proximity card to the average user. However, contactless smart cards have 100 times the information storage capacity, work on a different RF frequency and have far greater data security than a traditional proximity card.


MIFARE is a well-known brand for a wide range of contactless IC products with a typical read/write distance of 4 inches used for many security applications; with 260 million readers and more than 10 billion contactless and dual interface ICs sold.

The MIFARE name (derived from the term MIkron FARE Collection System) covers proprietary technologies based upon various levels of the ISO/IEC 14443 Type A 13.56 MHz contactless smart card standard.


NFC (Near Field Communications) makes it possible to use smartphones as access credentials, just like you would use smart cards. This trend is often referred to as BYOD (Bring Your Own Device).

A smart credential provides a higher level of security and convenience since smartphones are password protected, and individuals are not likely to not have their phone with them at all times.

NFC provides simplified transactions, data exchange and wireless connections between two devices that are in close proximity to each other, usually by no more than a few inches.

An excellent example is Allegion’s aptiQ mobile web-based credential management system which allows NFC-enabled smartphones to grant physical access as well as be used for other traditional credential/ID applications.

To turn NFC-enabled smartphones into an access control credential, allowing people to use their smartphones to enter buildings in the same way they present a badge ID, users simply download the aptiQmobile app to their smartphone. Then, their access control administrator uses the aptiQmobile cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smartphone to the reader in the same way they use an ID card.


Bluetooth is a global wireless communication standard that connects devices together over a limited communication range; such as between a smartphone and a door controller. Codelocks CL5500 uses Bluetooth as one of its available protocols so Bluetooth devices such as smartphones can be used as the access control credential.

A Bluetooth device uses radio waves instead of wires or cables to connect to a phone or computer. All Bluetooth products contain a tiny computer chip with a Bluetooth radio and software. When two Bluetooth devices want to talk to each other, they need to pair. Communication between Bluetooth devices happens over short-range, ad hoc networks known as piconets. A piconet is a network of devices connected using Bluetooth technology. The number of devices in the piconet network ranges from two to eight connected devices. When a network is established, one device takes the role of the master while all the other devices act as slaves. Piconets are established dynamically and automatically as Bluetooth devices enter and leave radio proximity.

There are several different versions of the core specification—of Bluetooth. The most common today are Bluetooth BR/EDR (basic rate/enhanced data rate) and Bluetooth with low energy functionality.

Bluetooth wirelessly connects devices together. It can connect a headset to a phone, car or computer. It can connect a phone or computer to speakers. It can connect your lights, door locks, TV, shoes, basketballs, water bottles, toys—almost anything you can think of—to an app on your phone.

Bluetooth takes it even further with connecting beacons to shoppers or travelers in airports or even attendees at sporting events. The future of Bluetooth is limited only to a developer’s imagination.

Bluetooth benefits include widespread availability, ease of use, low cost and low power requirements.

You will find Bluetooth built into phones, laptops, desktops and tablets.

This makes it so convenient to connect a door lock, keyboard, mouse, speakers or fitness band to a phone or computer.

About the Author

Tim O'Leary

Tim O'Leary is a security consultant, trainer and technician who has also been writing articles on all areas of locksmithing & physical security for many years.