The Evolution of Physical-Logical Convergence & Multi-Technology Systems

The access control industry is experiencing dramatic changes on several fronts, including leaps forward in technology, the inevitable compromising of legacy systems and heightened security risks. In response, today's platforms have evolved to support the convergence of multiple standards, technologies and applications in the single reader-credential solution. These converged solutions improve user security and convenience while enabling the access control infrastructure to support a new era of advanced applications and increased mobility while protecting against rapidly evolving threats.

Contactless solutions lead the way

One of the first drivers for physical and logical access control convergence was the migration over the past 10 years from 125 kHz RFID proximity (or Prox) technology to more recent contactless smart card solutions. Prox cards and readers have become a de facto industry standard, but are not as secure or versatile as contactless smart cards. In order to support the migration to contactless technologies from a massive installed base of Prox solutions, the industry has developed multi-technology platforms capable of reading and writing both formats in a single reader-credential system capable of handling multiple applications.

Today's multi-technology readers also enable organizations to more easily support the access control requirements posed by mergers and acquisitions, facility and staff expansion and the move to multi-application cards. Other drivers for multi-technology include risk-management requirements, new contract-related or regulatory mandates and security breaches. To support these needs, today's multi-technology readers combine a wide variety of proximity and contactless smart card and reader technologies into a single platform.

There is more to the story than Prox and contactless smart card technology support. Solutions such as HID Global's iCLASS 13.56 MHz contactless smart card readers and credentials provide versatile interoperability while also supporting the convergence of multiple applications, such as biometric authentication, cashless vending and secure PC log on. Additionally, the industry is developing new platforms capable of supporting these multiple applications using an emerging class of "virtualized" contactless solutions for unprecedented portability. In other words, the concept of identity no longer must be restricted to the card that carries it-identities can reside on mobile phones, USB sticks and other media. The move toward virtualized credentials is driving fundamental changes in how we deliver and manage secure identity.

In 2010, HID Global took the first step in this direction with the introduction of its Trusted Identity Platform (TIP), which improves security while enabling the use of physical access control technology beyond traditional cards and readers. TIP-enabled devices, otherwise referred to as TIP Nodes, provide interoperability and portability of secure identity within a trusted boundary.

TIP provides the framework and delivery infrastructure to extend the traditional card and reader model with a new secure, open and independent data structure based on what HID Global calls Secure Identity Objects (SIOs). An SIO is a standards-based, device-independent data object that can exist on any number of identity devices, from memory cards and USB tokens to smartphones with NFC capabilities. The same SIO stored on one device can later be ported to another device with ease, and without strict constraints (see graphic on this page). SIOs on the credential side and SIO interpreters on the reader side perform similar functions to traditional cards and readers, only using this significantly more secure, flexible and extensible data structure.

SIOs also provide an additional layer of security on top of device-specific security, and use open standards for an infinitely extensible definition. This definition can support any piece of data, including data for access control, biometrics, vending, time and attendance and many other applications.

Next-generation secure identity platforms using TIP and SIOs also support the industry's vision to combine physical and logical access control in a single solution. These converged solutions enable a single smart card to support multiple authentication methods, enforce policies throughout the enterprise and provide multi-layered security across company networks, systems and facilities.

The Federal government has established its vision for converged physical and logical access in Homeland Security Presidential Directive-12 (HSPD-12). According to a February 2011 memorandum issued by the U.S. Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), starting next fiscal year, existing physical and logical access control systems must now be upgraded to use Personal Identification Verification (PIV) credentials in accordance with National Institute of Standards and Technology (NIST) guidelines, before federal agencies may use development and technology refresh funds to complete other activities. These systems must leverage smart card and biometric technology and support identification credentials according to government guidelines.

To meet these needs, security dealers and integrators will need to partner with suppliers who can provide seamless solutions that don't require a wholesale rip-and-replace upgrade of the existing access control infrastructure. Next-generation secure identity solutions will enable federal agencies to comply with government mandates, with all necessary audit support, on an incremental, pay-as-you-go basis, while still preserving investments in existing physical access control head-end servers, panels and door control hardware.

We are entering a new era of multi-faceted converged access control solutions that go well beyond yesterday's requirement simply to migrate from Prox to contactless solutions. The coming generation of converged solutions will support multiple standards and technologies in a single solution, while executing both physical and logical access control.

Dave Adams is the senior product marketing manager with HID Global,