Understanding ID Badging and Access Control
Here’s a primer on proximity, smart card, smart phone credentials, readers and long-range solutions for campus access control.
In healthcare and education, it’s critically important to identify and control who comes and goes, but the topics of physical access control and identification badges can be a bit confusing.
Whether access control credentials are called badges, tokens or cards, they limit access to a facility to only those who possess one of these credentials. In many cases, workers can access their work areas but not locations such as food service, while the exact opposite holds true for cafeteria staff. Often, too, the security system is programmed to limit access only during specific time intervals, such as a few hours before and after a scheduled event. This is especially important for those venues that provide access credentials to vendors and/or delivery personnel.
However, when you start exploring the world of ID badge access, a whole new series of terms pop up: passive cards, active cards, proximity, smart cards, long range readers, Wiegand and so on. Let’s demystify them.
Passive Versus Active
Passive cards, the most popular, are powered by radio frequency (RF) signals from the reader. They do not have a battery of their own. Normally, they have a limited range of typically about four inches and must be held closely to the reader (hence, the term “proximity”). However, they can have a read range up to 20 inches.
The passive card and reader communicate with each other by an RF process called resonant energy coupling. Passive cards typically have three internal components — an antenna, a capacitor and an integrated circuit that holds the user’s ID number or other data. The reader also has an antenna that constantly generates a short-range RF field in a spherical orbit. When the card is placed within range of the reader, the card’s antenna and capacitor absorb and store energy from the field and resonate. This powers the integrated circuit, which sends the ID number to the card’s antenna, which, in turn, transmits by RF signals back to the reader.
Active cards are powered by an internal lithium battery. As a result, they can produce a much longer read range measured in feet and yards, from 4 inches to typically 15 feet. Their integrated circuit contains a receiver and transmitter that uses the battery’s power to amplify the signal so that the active card can be detected from farther away. However, the longer read ranges and that spherical orbit create a problem. Several readers and cards could end up conversing with each other, creating communication mayhem.
What is the most important thing you need to know about all this? Pick the solution that works best for the application and make sure you that you are using the right type of reader for the card.
125 KHz Proximity Cards and Readers
There are three main reasons why proximity cards and readers are still today’s most widely used ID badge technology. First, there is no contact between cards and the reader, which eliminates wear-and-tear. Second, proximity readers can be made very durable or even hidden into the wall to make them relatively vandal-resistant. Some are even bullet resistant. And, third, for almost 25 years, they have provided the most cost efficient front-end for an access control system. Thus, there is a massive installed base.
Proximity card readers communicate to the rest of the access control systems in various protocols, such as the Wiegand protocol, a de facto wiring standard that arose from the popularity of Wiegand effect card readers in the 1980s. Another popular protocol is the ABA Track II interface, a holdover from magnetic stripe card technology. Again, you don’t need to know what these protocols do or how they work. You just need to use the interface that the rest of the system uses.
When selecting a proximity card and reader for your application, there are several things to check. First, make sure they comply with one or both of the afore-mentioned two main interface protocols so that the cards and readers will interface with a wide range of electronic access control systems. Also, order readers that support several proximity card and tag technologies/brands. Check to see if the reader electronics are secured with tamper- and weather-resistant epoxy potting. This is important as, often, the readers are outdoors or in wet or dusty environments that aren’t suitable for electronics. Look for a lifetime warranty.
Most proximity manufacturers provide one of three types of cards: standard light, image technology and multi-tech card. The standard light proximity card is a clamshell design, meaning that there are two connected sides sealed together to hold the electronics. An image technology card is a slightly thicker card appropriate for dye sublimation printing. Lastly, the multi-tech card is a proximity card the same size as a credit card that might or might not have a magnetic stripe on it. It is commonly referred to as an ISO standard size. The most popular is the card/keypad reader.
13.56 MHz Smart Cards and Readers
Contactless smart cards are becoming the new standard. At often a cost comparable to proximity card systems, smart card systems often are more secure and can be used for applications beyond access control, such as library privileges, the campus cafeteria and so on.
All the leading smart card providers conform to ISO standards. ISO 14443 cards operate from zero to four inches, while ISO 15693 cards may provide longer ranges, something comfortable for the user and assuring a positive read. It should be noted, however, that there are proprietary, non-standard-based smart card technologies that could bind you to a single-supplier dependency and potentially restrictive pricing and delivery structures. Only in certain circumstances do you want to consider them.
The next term you must look for is “MIFARE DESFire EV1.” We could go into a deep technological explanation but, suffice it to say, MIFARE DESFire EV1 has become the contactless digital RFID technology benchmark for smart cards. MIFARE is the gateway to a series of security levels. Ask your manufacturer for a quick run-through so you pick the right level of security for your facility.
There are two main types of smart cards. The clamshell contactless smartcard is an ISO14443-compliant card with a 1K-byte memory. More memory can be added. The ISO contactless smartcard is an ISO14443-compliant card with a 1K-byte memory. It, too, can be ordered with more memory. Manufactured from glossy PVC, it is appropriate for dye sublimation imaging.
Keyfobs are also available in both proximity and smartcard technologies. They are often used in place of cards, being designed to be carried on a key ring. The most durable typically include a brass reinforcing eyelet.
As with proximity cards, you will also want to assure that the readers comply with the Wiegand communication standard. Review what to look for in proximity cards again. Basically, it’s the same list: potted, different sizes, card plus keypad and so on.
Vandal-Proofing the Card Reader
Vandal-resistant and bullet-resistant contactless card readers are ideal for installations where more durability is required than with a standard reader. They are becoming big hits at schools, universities, correctional institutions, housing authorities, factories, hospitals and other locales where RFID proximity and smart card readers can take a beating.
In both types of hazard-resistant readers, protection is greatly enhanced because the electronics are sealed in weather-and tamper-resistant epoxy potting for both indoor and outdoor operations, providing an IP67 rating that assures the electronics are protected from water, steam, detergents, dust, sand, tools and other elements, which could be used to impede data collection. In addition, the vandal-resistant readers are manufactured from thick polycarbonate material and feature tamperproof screws. An anti-tamper mode is also available, providing supervision of both the reader and its cabling.
Bullet-resistant proximity card readers can provide the highest level of vandal resistance by featuring a virtually indestructible exterior. These readers are milled from a solid block of stainless steel and reinforced with a bullet-resistant insert that is compliant with UL752 performance level standards of ballistic protection.
Smart Phones as Credentials
About five years ago, smartphones as credentials appeared to be the new panacea. Everybody had a smartphone and always carried it with them. The belief was that with the adoption of smartphone credentials there would be no need to print or distribute cards. However, we learned that students and employees had different types of smartphones. They were a nightmare to incorporate into the existing system. Adding them drove systems installers and users crazy, and most were soon disbanded. The problem wasn’t with the new technology, it turns out; it was how the industry tried to retrofit their old system into the new solution.
Even today, some ID badge companies are trying to kluge their present offerings into new mobile solutions. For instance, does the unit incorporate a snap-on to the present card reader? That alone would make it not weatherized or secured against tampering. Bottom line, the mobile system needs to have been designed to be a mobile system, not just a hastily-produced option to the old card system.
Those days of jerry rigging are over. All one needs to do anymore is to choose a smartphone credential system in which they place their order, just like they presently do for physical credentials, to receive credential information that is quickly emailed. Then, enter the credential ID details from their order summary sheet into their access control system software just like before. Finally, issue registration key certificates to the students and employees. It’s just that simple and error-free. To emphasize, there are no subscription or license fees required. Only the phone number of the phone is needed; no private information.
Installation is just as easy and safe. First, users go to either the Apple App Store or Google Play and download the wallet app. Enroll the devise. Keep in mind, no portal account or on-board information is needed. To add the credential, simply scan the QR code or enter the 16-digit registration key. Secure the AES encrypted BLE transmission and begin collecting data.
433 MHz Transmitters and Receivers
Note that with this technology the terms “transmitters and receivers” are used in place of “cards and readers.” The receivers support either two-button or four-button transmitters from ranges up to 200 feet. Each button outputs transmitter data, the user’s ID number or other data, over separate Wiegand outputs yet the receiver installs just like a standard proximity reader for easy integration with popular access control systems.
They are a terrific solution for long range access control applications such as gates and vehicle barriers, moving aircraft in and out of secure hangars, arming and disarming alarm systems as well as situations calling for emergency duress. Instead of using a card, which could activate more than one device or door at a time, the transmitter holder selects exactly the mechanism to be immediately triggered.
Available in either a two- or four-button configuration and equipped standard with a potted proximity or contactless smart card module, the transmitter can also be used as a traditional, presentation-style access credential. For example, a button may be pressed to activate a long-range application, such as a gated parking barrier, and then be presented to a proximity reader to allow entry through a door and into the building.
Why You Need to Know about OSPD
The Open Supervised Device Protocol (OSDP) is a communication standard adopted by the Security Industry Association (SIA) that lets security equipment, such as card and biometric readers from one company interface easily with control panels and equipment from another manufacturer. In other words, OSPD fosters interoperability among security devices. It also adds sophistication and security benefits through features such as bi-directional communication and read/write capabilities. A two-way channel paves the way for forward-looking security applications such as the handling of advanced smartcard technology, PKI, and mobile device access. Not only does it provide a concise set of commonly used commands and responses, it eliminates guesswork, since encryption and authentication are predefined.
In other words, OSDP helps ensure that numerous manufacturers’ products will work with each other. Interoperability can be achieved regardless of system architecture. For instance, the specification can handle smartcards by constantly monitoring wiring to protect against attack threats and serves as a solution for high-end encryption such as required in federal applications. The specification for handling LEDs, text, buzzers and other feedback mechanisms provides a rich, user-centric access control environment.
The Bottom Line
Whatever you may need as an ID badge system, you should be able to find a solution that meets your needs.
Scott Lindley is the general manager for Farpointe Data.