Different facilities face different security challenges. But one dilemma many companies, educational institutions, government organizations and public entities have in common is how to marry their varied data systems, access control and support functions using a single badge or card. When the facility director decides to take on this challenge, the card's access control technology must be one of his or her key considerations. The potential ancillary functions of each technology could also play a role.
Bar coding on badges affords staff the ability to associate the badge holder with items he or she possesses. Just about anything that a bar code can be attached to thus becomes fair game for accounting issues. Bar codes can provide a unique link to the on-duty security officer as well. Wand-type bar code readers have become handy in verified security patrols. Facilities are outfitted with bar codes located along the patrol routes. The patrolling officer first reads his or her own badge's bar code, then uses the wand to read the location bar code, thus ensuring security rounds are being correctly performed. The information from the wand can then be downloaded to a software program.
Magnetic stripe on the badge allows more applications to be used to augment visual identification and bar code inventory issues. Magstripes provide low to medium security, depending on how they are configured. Magstripe affords the ability to engage any internal database that uses the magnetic stripeÃ¢â‚¬â€whether it's access control or notÃ¢â‚¬â€as long as the information is encoded on the same track within the stripe. The latest magstripe readers can read any combination of the three tracks if necessary.
Adding proximity features to the single card creates an additional level of convenience and security. Proximity card technology is based upon radio frequency identification. The reader reads the card as it comes near the antenna. Antennas are the conduits between the prox chip and the transceiver, which interfaces with the application being used. The reader then emits radio waves, and depending upon its power output and the radio frequency used, the readable distance from the reader is variable from an inch to hundreds of feet.
When a proximity badge passes through the electromagnetic zone, it detects the reader's activation signal. The reader then decodes the data encoded in the badge's chip, and the information is sent to the server for processing. Using a PIN in conjunction with a magstripe or proximity badge allows for additional authentication in case the badge is lost or stolen. Some software also allows a record to be maintained of those badges attempting and failing to gain access at the reader. You are keeping a record not only of those programmed to be given access, but also of those who tried and were not allowed access.
The next progression of card access uses applications resident on integrated circuit chips within the card itself. The card can then act as a microprocessor by allowing an immense amount of information to be accessed, processed and stored on- or off-line. Some types of smart cards have recently become cost efficient in comparison with proximity cards on the market. Currently, cost efficiency is measured by the number of applications the card is intended to support, but chip parity is making smart cards overall a more cost-effective solution for the future. According to Jim Coleman, president of Operational Security Systems in Atlanta, GA, the trend in badge access control is moving from the proximity/magstripe configuration toward smart card implementation.
Smart cards can store hundreds of times more data than a standard card with a magnetic stripe. Contact smart cards transfer information or applications through the module that connects with either a terminal or a card reader. Contactless smart cards, similar in design to the proximity card, use a transmitting antenna to communicate with a receiving antenna to transfer information.
The real strength of the smart card is its ability to suit individual needs in diverse applications. Encryption allows the data to be securely transferred through wired or wireless systems and networks. Smart cards used in the health industry can assure both doctor and patient that the integrity of personal information will not be compromised. Health facilities can enhance security even further by adding other identifying characteristics such as biometrics. Individual patient information is embedded in the card itself, thus reducing the amount of paperwork and record keeping. Smart cards also enable worldwide applications such as secure logon.
A Growing Trend
Jim Cregge, president of 4K Security Services Inc. in Alpharetta, GA, says more companies are moving toward an identity management protocol that enables end users to manage all their information and data from a one-card solution.
"Many companies are using a combination proximity card and smart card as a transition step, on the path to an eventual one card solution for identity management, access control, personnel identification and other ancillary applications. Companies are concerned about the exposure they may have about data penetration, especially in the log in/log out phase of data access," said Cregge, who is presently working to integrate all the systems of one large, well-known company into a one-card solution.
The ability to work with the company's information technology department in preparation for the transition from a prox card solution to a smart card solution is critical to the change. "At shift change time one day, you can change out the old cards with the new smart cards, reprogram the databases to accept the new card number and you're on your way to a fully integrated identification management system that is efficient, manageable, and will allow future expansion and the ability to add applications," Cregge said.
In the university setting, cards can be used for class registration, buying food, laundry services and banking functions. Charges can be made through the card and sent to the parent's home for payment or accounting. A set dollar amount can be created in a student's account, and if the student approaches the limit, he or she is prompted to add money. A single card acts securely to access information and make everyday transactions more convenient.
When Mirant Corporation recognized a glaring need to implement an efficient and effective single-card solution, the company's director of corporate security and facilities, Frank Cirillo, quickly formulated a matrix of the card applications currently in use. "At the time, Mirant had seven or eight different badges and access cards running the gamut from access control, visual identification and inventory control to database access. The first thing I did," said Cirillo, "was to get all the players together, all the people who defined the needs of the corporation, to include the vendor, and developed a matrix of every card and what function they were performing. Over the years, instead of looking at integrating the functions and needs into a single card, each department opted to use tunnel vision and not look at the values associated with an integrated system and controlled their individual access procedures. We came up with a solution very quickly."
The solution was a Sensormatic access control system that used Software House's C-CURE 800 software and HID Prox Corporate 1000 cards. Only three people were authorized to order new cards from the manufacturer. Limiting the number of people who could authorize additional card purchases eliminated the unauthorized procurement of cards that could be used to grant access to all the systems in place.
Cirillo reduced the types of badges to two: employee and contractor. Employees were given 24/7 access to all general areas, and specific location access could be added based upon need. Contractors were given access only during normal business hours, but could also add additional access times based on need. Mirant has 27 locations in the United States, but all card access privileges are granted by the office in Atlanta. Offices in the Philippines, Bahamas and Jamaica use stand-alone systems but are the same in configuration so that all employee badges can access any facility in the corporation.
"The biggest benefit that came out of the effort was getting us out of carrying the seven or eight cards around all day and night to just do your job. A big waste of time and additional costs to maintain different systems was eliminated," Cirillo added.
There are cards on the market to support most applications. The main issue is to identify what functionality you wish the card to address and create a matrix of all the issues, actions and environments you want the card to function or work within. Remember, it's easier to take a little more time in developing a needs assessment that addresses your requirements than to go back to management and ask for more money to fix an issue that wasn't researched properly. With the market saturated with one-card and multi-functional solutions, there is no reason for anyone to carry multiple cards.
Robert F. Lang is the director of homeland security at Georgia Tech University. Mr. Lang's more than 30 years in security have taken him from the FBI to the Lockheed Corporation, where he was the plant protection manager prior to joining Georgia Tech.