Ready for Hybrid Access Control?

Prepare for the rising tide of smart access control credentials.
Published: February 21, 2014

Today, there are three major initiatives for cards and credentials on college and healthcare campuses. Every security director needs to be aware of them.

1. Smart cards are becoming the credential of choice. If you presently use magnetic stripe or proximity cards, start planning for the switchover now.

2. It’s going to be a hybrid world. Although smart cards will be the credential of choice, multiple types of credentials such as key systems, PINs, various cards and biometrics, will still be necessary for certain operations. Adding specialized credentials to such areas is possible. And, even though you may be using multiple credentials, you still will want one system to manage all of them.

3. Get ready for new technologies such as near field communications (NFC). With NFC-enabled smart phones, you will be able to employ your employees’/customers’ own smart phones as access credentials, just like they would use smart cards. Start preparing now. Now a smart credential, which costs about the same as a proximity card, provides a higher level of security, more convenience and far greater functionality. As used on campuses and in newer access control systems, smart credentials have the ability to manage access, payments and many other functions much more securely.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

For instance, MIFARE DESFire EV1 smart cards offer several layers of security, including mutual authentication. This creates the ability for the client to verify or authenticate the server. These smart credentials also provide: AES 128-bit encryption, a key encryption technique that helps protect sensitive information; diversified keys, which virtually ensure no one can read or access the holder’s credentials information without authorization; and a message authentication code (MAC) that further protects each transaction between the credential and the reader. This security feature ensures complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks.

The bottom line is that smart credentials increase the security of information kept on the card and stored in the facility. Compared with door keys, magnetic stripe cards or proximity cards, the encrypted security of smart credentials makes them far harder to counterfeit. It is not possible to put a dollar amount on the potential damage that an organization could suffer by unauthorized individuals gaining access to restricted areas of the facility. By issuing staff credentials with strong authentication mechanisms, organizations are effectively investing in their well being and demonstrating that they take security seriously.

Issuing only one smart credential also impacts administrative costs. Not only is the cost of a single credential lower than purchasing multiple forms of ID, but the reduced management and distribution time for one credential can significantly impact productivity.

IT Staff Like Secure Credentials

When presenting a smart-card solution, be prepared for representatives from the IT department to take notice. More and more security system decisions are being made with input from the IT department. And we’re seeing increased desire for the convergence of physical and logical security access control.

IT professionals want strong authentication credentials, the level of security provided by smart cards. Unlike proximity and magnetic stripe cards and their readers, smart cards go through a challenge-and-response sequence to initiate conversations with the network. Communications are encrypted using industry-standard encryption techniques. By welcoming the IT department’s involvement and showing your ability to speak their language and answer their questions, you will gain additional layers of approval within the IT organization.

Avoid Proprietary Platforms

Colleges have been out front in their use of the smart-card/one-card solution. Although many are using proximity cards, they have been swiftly migrating to smart cards over the past couple years. That’s because they can get myriad applications on a smart card more easily: identification, library circulation privileges, building access, meal plans and “dining-dollars,” student health facilities, access to recreational facilities, charge privileges at university bookstore locations, admission to athletic events, university transit, access to student legal services, bankcard access to university services (which eliminates the need to carry money on campus), and holding a biometric template.

As those selecting smart cards have found, smart phones into an access control credential, allowing people to use their smart phones to enter buildings in the same way they present a badge ID, users simply download the appropriate app to their device. Then, their access control administrator uses the cloud service to send a secure mobile credential directly to the user’s phone. Once the mobile credential is downloaded, users open the app and tap their smart phone to the reader in the same way they use an ID card.

Biometrics Also Part of the Mix

For those situations in which the campus needs additional verification to confirm access (above someone having the appropriate smart card or smart phone), biometrics can handle the challenge. On healthcare campuses, physicians are not likely to always have their badges. With a hand geometry reader, all they need to remember is a PIN code that they are issued. From a security standpoint, hand geometry readers also provide secure, tracked access that protects staff, patients, visitors and records in highly-secured hospital areas such as the pharmacy, patient records, labs and surgery rooms.

At a major hospital in the South, for example, 39 hand geometry terminals heighten security for patients and 3,500 employees on a 61-acre main hospital campus. The terminals are used in the birth center, IT data center, other major IT areas, the operating rooms and the emergency department.

There are likely no venues where biometrics are more visible than on college campuses. Data from independent research, Effective Management of Safe & Secure Openings & Identities, showed that 10% of colleges are already using biometrics. Besides residence halls, one of the most popular venues for biometrics on a campus is the recreational facility. Students continually forget to bring their cards when heading to work out. Plus, the recreational facility doesn’t face the problem of students transferring an ID card to a friend. The University of California-Irvine, with 22,000 students, is an example.

Students appreciate the added security and convenience of not worrying about lost, stolen or borrowed credentials.

“The number one suggestion from our members was eliminating the need for ID cards,” reports UC-Irvine Director of Campus Recreation Jill Schindele. “We took their suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”

Students appreciate the added security and convenience of not worrying about lost, stolen or borrowed credentials. Biometrics are also popular at dining halls where they limit access to students who have paid for the meal plan and at computer labs where only those authorized to enter can do so, protecting sensitive equipment and information. To the access control software, the hand geometry reader looks just like the card reader.

Start Transitioning Today

For campuses already using certain brands of multi-technology readers, there is no need to replace readers to migrate to smart cards, smart phones or a combination of the two. These readers can work with magnetic stripe, proximity and smart cards as well as the NFC-enabled mobile phone credential all in one reader, providing an easy migration path to upgrade credentials between any of those versions at their own pace. If non-smart
access technology is being used, multi-technology readers can be installed to help ease into the transition by reading both the ID badges and the smart phones. This also makes it easy for customers to continue to operate in a hybrid world of cards and mobile if needed.

In addition, while the major carriers will ultimately offer NFC card emulation/secure element solutions, organizations wanting to utilize NFC-enabled smart phones as their access control credentials for employees and students can begin the transition now.

Secure peer-to-peer solutions provide several advantages. Importantly, they let organizations use Android NFC-enabled phones regardless of choice of carriers, creating a universal solution. Some even work on unlocked phones.

In light of these developments, it is very important that campuses be prepared for smart credential and NFC deployment – even if that facility wants to install proximity, magnetic stripe or keypad readers now – and know when to best deploy biometrics. If a new reader is needed, consider selecting a multi-technology reader that combines the ability to read magnetic stripe, proximity, smart cards and NFC-enabled smart phones in a single unit. That way, when the campus switches over to smart credentials, it won’t have to tear out all the old readers to install smart credential readers. During the transition, the campus can use both the old magnetic stripe and proximity credentials and the new smart credentials.

Jeremy Earles is Allegion portfolio manager for credentials and readers. He can be contacted at


Posted in: News

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series