Campus Cards Are Getting Smarter

April 10, 2014
Smart cards will eventually revolutionize campus-based access control

Did you know that 76 percent of colleges still use a magnetic stripe card, even though students are the leading first adapters for new technologies? Only 31 percent of these campuses are using proximity cards, 16 percent are using proximity fobs/tokens, 10 percent are using biometrics and just 9 percent are using smart cards.

These numbers were culled from “Effective Management of Safe & Secure Openings & Identities,” a report that was the result of Allegion hiring independent research groups to conduct three research projects among 1,300 students and decision makers across 980 U.S. colleges and universities, both public and private. In other words, the results say a great majority of colleges and universities still deploy picture ID cards, magnetic stripe cards, mechanical keys and barcodes for access control on campus vs. newer, more secure technologies such as proximity and, especially, biometrics and smart cards.

As with other access control users, though, smart cards will eventually become the credential of choice on campus. Today, a smart credential, for approximately the same price as a proximity card, provides a higher level of security, more convenience and far greater functionality. Smart credentials manage access, payments and many other functions much more securely.

Preparing Customers for the Switch

If your customer’s campus is already using electronic access control, it is very important that they be prepared for smart credential deployment — even if the facility wants to continue to use the proximity, magnetic stripe or keypad readers that are already installed. One way to help them start preparing for the migration to smart cards is to deploy multi-technology credential readers and electronic locks that combine the ability to read both proximity cards and smart cards using a single device as new installations take place.

This way, when the organization makes the transition to smart cards, they won’t have to replace all of their current devices when the move takes place. During the transition, current staff members will be able to use their current credentials and new employees can be issued and start using the new smart card credentials. This allows them to transition the rest of the staff on a reasonable timeline and according to budgets.

Case in Point

For these and other reasons, Miami University (Oxford, Ohio) — a residential campus with approximately 16,000 students — recently replaced an assortment of mechanical locks on more than 4,300 interior doors and 900 exterior doors with electronic locks and smart card credentials. Card readers are also being used at some point-of-sale locations such as dining areas and vending machines with additional locations being added.

As the campus has grown over the past 200 years, five different types of mechanical locks had been installed when various buildings were built or renovated. Rekeying for lost keys was costly and challenging, and the locks allowed students to toggle them to an unlocked position that compromised resident room security and raised concerns about potential incidents.

These concerns for student safety led to the formation of a study group to find a solution that would improve security across campus for students, faculty and staff while also enhancing ease of access. The most effective approach identified was to replace the different key systems completely and manage access privileges electronically. The university also wanted a system with which resident room doors always would be locked when closed to ensure a secure living environment. Converting the dorm rooms to electronic locks and card readers provided this assurance.

Contactless smartcard credentials would provide a “secure handshake” between the card and reader with the added ability to handle one-card point-of-sale (POS) functions such as dining, laundry and vending. In addition, they wanted the new system to monitor door props electronically and manage lockouts while also providing short-term access with an audit trail for staff. Once funding was developed and several proposals were evaluated, the university selected Schlage AD-400 wireless locks and aptiQ contactless smart card credentials together with CBORD CS Access software.

“We were making a huge investment and wanted to put in the technology where we thought the technology was headed,” explains Larry Fink, who retired recently as assistant vice president for housing and auxiliaries finance at the university.

The choice of credentials was an essential element of providing the desired level of security. Magnetic stripe technology has been around for many years but they are prone to wear and damage. Proximity cards are more durable but they can be hacked. Contactless smart cards appeared to meet the university’s tough criteria. The smart cards selected provide a two-way dialogue between the card and reader instead of just reading a card serial number (CSN).

“The ‘secure handshake’ of information between the aptiQ card and the AD-Series wireless lock makes this format very difficult to hack or copy,” Fink says.

Important Fact for Integrators to Explain

This point must be underscored. To heighten security, make sure your customers use a contactless smart credential armed with mutual authentication and encrypted with Advanced Encryption Standard (AES) 128-bit diversified keys. The technology behind AES has been approved by the NSA (National Security Agency) for classified information. A message authentication code (MAC) further protects each transaction between the credential and the reader —with it, the card and reader verify that they are authorized to communicate bi-directionally.

Additionally, 128-bit keys virtually ensure no one can read or access credential information without authorization. This security feature ensures complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks.

Also, make sure that your customers also use an open solution smart credential, one built to adhere to ISO 14443, a four-part international standard for contactless smart credentials. This results in faster data transfer between credential and reader, up to 848 kbps baud rate (1K baud = 1,000 bits of data per second). ISO 14443 technology — the same standard used by the U.S. government — is especially recommended for customer applications requiring large amounts of data such as biometric templates.

Jeremy Earles is Allegion’s Portfolio Manager for Credentials and Readers. To request more information about Allegion, please visit www.securityinfowatch.com/10215684.