The Evolution of Physical-Logical Convergence & Multi-Technology Systems

Winds of change bring versatile interoperability to access control


The access control industry is experiencing dramatic changes on several fronts, including leaps forward in technology, the inevitable compromising of legacy systems and heightened security risks. In response, today’s platforms have evolved to support the convergence of multiple standards, technologies and applications in the single reader-credential solution. These converged solutions improve user security and convenience while enabling the access control infrastructure to support a new era of advanced applications and increased mobility while protecting against rapidly evolving threats.

 

Contactless solutions lead the way

One of the first drivers for physical and logical access control convergence was the migration over the past 10 years from 125 kHz RFID proximity (or Prox) technology to more recent contactless smart card solutions. Prox cards and readers have become a de facto industry standard, but are not as secure or versatile as contactless smart cards. In order to support the migration to contactless technologies from a massive installed base of Prox solutions, the industry has developed multi-technology platforms capable of reading and writing both formats in a single reader-credential system capable of handling multiple applications.

Today’s multi-technology readers also enable organizations to more easily support the access control requirements posed by mergers and acquisitions, facility and staff expansion and the move to multi-application cards. Other drivers for multi-technology include risk-management requirements, new contract-related or regulatory mandates and security breaches. To support these needs, today’s multi-technology readers combine a wide variety of proximity and contactless smart card and reader technologies into a single platform.

There is more to the story than Prox and contactless smart card technology support. Solutions such as HID Global’s iCLASS 13.56 MHz contactless smart card readers and credentials provide versatile interoperability while also supporting the convergence of multiple applications, such as biometric authentication, cashless vending and secure PC log on. Additionally, the industry is developing new platforms capable of supporting these multiple applications using an emerging class of “virtualized” contactless solutions for unprecedented portability. In other words, the concept of identity no longer must be restricted to the card that carries it—identities can reside on mobile phones, USB sticks and other media. The move toward virtualized credentials is driving fundamental changes in how we deliver and manage secure identity.

In 2010, HID Global took the first step in this direction with the introduction of its Trusted Identity Platform (TIP), which improves security while enabling the use of physical access control technology beyond traditional cards and readers. TIP-enabled devices, otherwise referred to as TIP Nodes, provide interoperability and portability of secure identity within a trusted boundary.

TIP provides the framework and delivery infrastructure to extend the traditional card and reader model with a new secure, open and independent data structure based on what HID Global calls Secure Identity Objects (SIOs). An SIO is a standards-based, device-independent data object that can exist on any number of identity devices, from memory cards and USB tokens to smartphones with NFC capabilities. The same SIO stored on one device can later be ported to another device with ease, and without strict constraints (see graphic on this page). SIOs on the credential side and SIO interpreters on the reader side perform similar functions to traditional cards and readers, only using this significantly more secure, flexible and extensible data structure.

SIOs also provide an additional layer of security on top of device-specific security, and use open standards for an infinitely extensible definition. This definition can support any piece of data, including data for access control, biometrics, vending, time and attendance and many other applications.

This content continues onto the next page...