Advances in Access Control Card Security

Jan. 2, 2017
The security industry is responding to today's security challenges with products incorporating the latest technology. The key is matching the right access control system to your customers' level of threat.

From the early Barium Ferrite and magstripe to today’s enhanced encryption, we’ve come a long way, baby.

We’ve come so far that some think the sun is setting on credentials all together. But we think not yet. While NFC and Bluetooth are very exciting, we expect that the credential in some form or another will be around at least until your kids are ready to retire.

With the challenges security providers face in this time of hacking and terrorism, we require a full pallet of solutions to keep one step ahead of the bad guys.

Listen up.

"When considering any security application, it is critical the end user and locksmith realistically assess the threat of a hack to their facilities. For example, if access control is merely a convenience over the alternative of a physical key, there is a reduced risk the end user will be hacked. However, if the end user perceives an imminent threat to the facility due to the nature of work, product, or storage method, and the facility uses an access system as an element to the overall security system, they may be at a higher risk and should consider hacker mitigation methods," said Scott Lindley, President of Farpointe Data.

Well stated. Here are several examples of how the security industry is responding to today’s security challenges.

Seos® Credential Technology

Seos® is a breakthrough credential technology from ASSA ABLOY. Solutions that are powered by Seos (such as the new Yale NexTouch access control) offer the freedom to use your device of choice – from smart cards to smartphones – for secure access to more applications.

Seos power solutions that range from building access, computer login and cashless vending to Internet of Things (IoT) applications, time- and-attendance, secure print authentication and an ever-increasing number of other uses that are in demand.

As a dynamic, standards-based technology that is already proven in the marketplace, Seos introduces a new realm of choices.

With solutions powered by Seos, customers have the potential to use any combination of smart phones, smart cards, tablets, wearables, bank cards, keyfobs, inlays and other smart devices to secure more applications than ever before.

Seos is available from ASSA ABLOY through its own solutions across different markets as well as powering third-party products through licensing that accelerates wider adoption.

By providing a common standard for both mobile and smart card based credentials, communicating over NFC and Bluetooth Smart, integration into access control systems is flexible and easy.

HID Trusted Tag Services

HID Trusted Tag Services combine HID Global’s patented NFC trusted tag technology and its cloud-based authentication platform with partners’ Internet of Things (IoT) applications for automated security guard tour and key management capabilities.  The solution enables facility managers to accurately track security check points and instantly dispatch guards for instant response to and reporting of fraudulent activities throughout the building. Security guards are able to patrol areas more easily and efficiently with automated patrol stops that replace manual sign-in processes. And, with a simple tap of their mobile phone to a secure trusted tag, guards can digitally prove that a security patrol took place at the proper location, at the proper time.  

Advantages include

  • ƒ Secure – Encrypted data changes on every tap, blocking attempts to share, clone or manipulate tags or URLs.
  • ƒ Frictionless operation – Simply tap to interact, no app to create or download.
  • ƒ Streamlined deployment – No proprietary software or special readers for tag authentication required.
  • ƒ Enhanced analytics – Provides real-time access to precise data and reliable audit trails.
  • ƒ Flexible – Supports NFC-enabled devices and is designed for future support of Bluetooth®-enabled devices.

HID Trusted Tag Services can facilitate transactions simply by tapping an attached or embedded NFC tag with an NFC-enabled smartphone or tablet to securely communicate information. This results in a frictionless authentication experience using a solution that fuels more powerful and dynamic Internet of Things applications.

HID Trusted Tag® Services combine HID Global’s patented NFC trusted tags with its cloud-based authentication platform to add unique and trusted identities to everyday objects. The innovative and easy-to- use solution facilitates secure, efficient transactions simply by tapping an attached or embedded tag with a smartphone (or other NFC device).

Providing a frictionless authentication experience is not possible with today’s standard NFC labels, static tags or QR codes, HID Trusted Tag Services are an ideal choice for “proof of presence”, time-and-attendance, brand protection and other Internet of Things applications using NFC-enabled smartphones today and Bluetooth smart devices in the future.

1. At production time, HID Trusted Tags are programmed with a customer-defined URL that points to your website. Your website hosts the user experience for users who will tap tags with their phones.

2. Every time a user taps their NFC mobile phone to a trusted tag, the tag generates a unique cryptographic code. The code is automatically appended as a parameter to the URL that is stored on the tag.

3. This unique URL is then sent to the user’s mobile phone, which will open the corresponding website (a process identical to any URL received from an NFC tag).

4. Your website removes the cryptographic parameter from the URL and passes it on to the HID Global cloud authentication service through a single web-service call.

5. The HID Trusted Tag Services authentication cloud verifies whether the code is authentic (i.e.: a true physical tap of a trusted tag) or caused by a shared/copied URL.

6. Based on this information, your website can block the request, offer an alternative to the user, or simply log whether the website was accessed via a physical tap or a shared URL for later analysis.

7. The standards-based cryptographic code changes for every tap, enabling each tap to be authenticated. This is a unique functionality only HID Trusted Tags can provide.

Farpointe Migrates To DESfire

Farpointe Data, a dormakaba Group company, recently announced that it has migrated to MIFARE DESFire EV1, the next generation of smart card technology by NXP Semiconductors, in its line of Delta smart cards. Access control system manufacturers, integrators and dealers will be able to tout greater security over MIFARE Classic smart cards because MIFARE DESFire EV1 uses 128 AES encryption, the same as used by the U.S. federal government.

MIFARE DESFire EV1 is based on open global standards for both air interface and cryptographic methods. It is compliant to all four levels of ISO/IEC 14443A and uses optional ISO/IEC 7816-4 commands.

Featuring an on-chip backup management system and mutual three pass authentication, a MIFARE DESFire EV1 card can hold up to 28 different applications and 32 files per application. The size of each file is defined at the moment of its creation, making MIFARE DESFire EV1 a truly flexible and convenient product platform. Additionally, an automatic anti-tear mechanism is available for all file types, which guarantees transaction oriented data integrity. With MIFARE DESFire EV1, data transfer rates up to 848 kbit/s can be achieved, allowing fast data transmission.

DES indicates the high level of security using a 3DES or AES hardware cryptographic engine for enciphering transmission data and “Fire” signifies its position as a fast, innovative, reliable and secure IC in the contactless transaction market.

As a result, MIFARE DESFire EV1 brings many benefits to end users. Cardholders can experience convenient contactless ticketing while also having the possibility to use the same device for related applications such as payment at vending machines, electronic access control or event ticketing. In other words, the MIFARE DESFire EV1 silicon solution offers enhanced consumer-friendly system design, in combination with security and reliability.

Farpointe’s Delta smart cards based on MIFARE DESFire EV1 technology are available for delivery now. More Information:


VIZpin is a Security-as- a-Service (SaaS) that lets you connect virtually any device to the Internet of Things (IoT) even when there is no network available. VIZpin’s cloud-based management tools are ideal for applications like managing access to doors, gates, garages, ATMs, cabinets, machines, storage units and construction vehicles. It can also manage data to and from any Powered-by- VIZpin™ device.

For Security Access Control applications, VIZpin eliminates the need for cards and fobs, access control panels, PCs, access control software, cabling, network hardware and Internet Service Providers by transforming your phone into your key and your network.

With VIZpin you can control access to multiple sites securely and inexpensively. VIZpin lets you send electronic keys to anyone with a Bluetooth phone, perfect for managing employees, visitors, contractors and vendors. The keys can last from 15 minutes to 15 years...and they can’t be copied. If you change your mind, VIZpin keys can be revoked easily anytime, from anywhere.

The VIZpin SMART app uses Bluetooth so it works even when there is no cellular or local area network making it perfect for cost sensitive and remote installations.

The VIZpin SMART app is available for Android® and iPhones® When you arrive, simply press the VIZpin key. VIZpin-by- Text lets you send and revoke VIZpin electronic keys to anyone with a flip phone, Blackberry® or Windows® phone.

The VP1 Bluetooth Reader-Controller is an integrated long-range reader and door controller that can be used as a new system or to enhance existing systems. It works with VIZpin to let users send, revoke and monitor electronic keys from anywhere, to anyone who has downloaded the free VIZpin SMART app.

The VP1 works up to 30 feet (10M) away and mounts out-of- sight on the secure side, away from hackers, weather and vandals.

Additional features include:

• Relay Output for Door Strikes, Mag Locks, Gates and Garages

• Door Sensor Input with Built-in Logic

• Arming Input for Loop, Motion Sensor or Pressure Plate

• Monitored Request-to- Exit Input

• 26 Bit Wiegand Input/Output for use with Existing Systems

• Tri-Color LED

• Real Time Clock

• Low Power 12VDC

About the Author

Tim O'Leary

Tim O'Leary is a security consultant, trainer and technician who has also been writing articles on all areas of locksmithing & physical security for many years.