The security week that was: 10/22/10 (future of access)

Insights into identity and access

Last week at the 2010 ASIS International Seminars & Exhibits, I had a chance to hear from HID Global President Denis Hebert and their CTO Dr. Selva Selvaratnam, as they presented a joint discussion about the future of identity and access control. HID Global, as you probably know from our coverage on, is being positioned as a company that can provide physical access control and network/logical access control solutions. The presentation during ASIS -- which seemed to be attended by their key customers, HID staff members and trade magazine editors -- covered a number of trends, but I want to hit on two trends that were referenced. These trends affect the entire smart card and access control industry.

Smart cards are becoming more and more prevalent. While at the tradeshow, I learned that Schlage had launched its own smart card offering (called Aptiq – see product release). And unlike old mag cards that simply matched a unique numerical identifier in order to test for granting access, the very cool thing about smart cards is that they can use high levels of encryption to store data and identity credentials – things that you wouldn’t have found on their nearest brethren: proximity cards. Because they can be secured and offer more memory on the card than you found on prox, smart cards can become the host for an identity that is shared across multiple uses.

The classic example of a multi-use smart card is using the card for the building cafeteria payment system and also for door access control, and the second model is using the same card for door access control and logging into a secure website. The concept of the future for this is one of a “federated” identity that can be shared across potential use scenarios. Today, the cafeteria application on a smart card is almost always separate from the application that unlocks doors. The only commonality is that they are on the same card. But the future could mean a single identity for everything. “You can use that same federated identity across both domains – the logical access and the physical access,” said Hebert. “This has been talked about for a long time, but it hasn’t really been acted upon.” Maybe that will change. Part of the reason for the slowness in adoption of a federated identity model, I suppose, may have been that the U.S. market has been somewhat slow in its adoption of smart cards. We need stepping stones in our technology, and adoption of smart cards is one of those stones.

For more of my look at these access control and identity trends, including the second big trend I saw, read the full column here.

Educational seminar: School Security 101
Join Paul Timm for tips on how to better your school’s security

School budgets are limited, even though some had the luck of finding stimulus dollars. Today, despite a growing risk profile, schools have to be cautious about how they spend their security and safety budgets. To help with that, Paul Timm, PSP, is presenting a webinar next Thursday on low-cost and no-cost ways schools can improve their security. Register today for this free 1-hour program. Timm is president of RETA Security and recently presented on a similar topic as part of the 2010 ASIS seminars in Dallas.

In other news
Petrow to lead Vector, Arson hits major mall, Liquid explosives detector demonstrated

Following the passing of John Murphy, Pam Petrow has been named president and CEO of Vector Security. ... IndigoVision’s Oliver Vellacott examines how IP video systems can take advantage of the myriad of options for wireless communications. ... Los Alamos labs demonstrated new technologies designed to spot liquid explosives, but the technology is still said to be years away from deployment at every airport. ... Overstepping of boundaries is credited as the reason that Toronto’s transit security officers lost the equivalent of police powers. ... A major California mall suffered extensive damage from a fire started by an arsonist; response to the fire was delayed by a suspicious bag that responders initially believed may have held explosives.