Smart Technology in Access Control

March 1, 2004
Smart devices bring a new dimension to access.
My first exposure to smart credentials was using public telephones in Europe. Before the widespread use of cell phones, the easiest and cheapest way to make phone calls from public phones?without stuffing unfamiliar currency into unfamiliar coin slots?was to use a telephone debit card. Today, cell phones that use the secure GSM network use smart technology in the form of the subscriber information module (SIM) card to store and maintain user information. Financial and services access remain the major uses of smart cards; however, their memory and processing ability add new dimensions to physical access control.

Surprisingly, a small market segment of the builders' hardware industry, considered to be a mature business, led the way in access control applications of memory credential technology. Intellikey ' smart locks and keys were developed more than 10 years ago. They use infrared communication technology to exchange information between two microprocessors, one in the lock cylinder, and the other in the key. A security administrator programs the keys with unique user ID codes, access levels, activation dates and special functions such as toggle codes or dual custody.

To ensure security, Intellikey's electronic restricted keyway ensures that only the keys issued for a site will be granted access to that facility's doors. The electronic keyway is similar to a conventional access control facility code. It is a unique encryption code programmed into the memories of the keys and locks. The encryption serves the same purpose as the custom keyways in mechanical keying systems, but provides higher security. If the key's facility code doesn't match that of the controller, the lock will not grant access. Likewise, the key and lock programming unit must use the same electronic keyway before any key can be read or lock updated. This prevents an unauthorized individual from stealing a key and attempting to compromise a keying system by examining the information in the key. This same read, write and process concept has found applications in smart credentials for physical access control.

How Smart Is Smart?
Smart credentials are commonly thought of as cards that send and receive data from a reader. However, there are varying degrees of ?smart.? A ROM (read-only memory) credential contains data that remains in the card for its entire service life.

The codes in EPROM (erasable programmable read-only memory) credentials can only be changed with special equipment that erases existing codes with ultraviolet light. These credentials are difficult to replicate and offer greater security than magstripe cards. EEPROM (electronically erasable programmable read-only memory) credentials can send, receive, and store information in computer chip memory.

Microprocessor credentials process information on board. It is this ability to read, write and process information that makes them the ?smartest? of credentials and makes them ideal for access control applications.

Read/Write Technology
Microprocessor smart cards, which allow for read/write capability, fall under two main categories: contact and contactless. The contact, or chip, card (ISO 7816) includes an integrated circuit chip on its face. The reader connects to the card through contacts in the chip. Contact cards are primarily used for debit transactions, though they can have applications in access control.

Contactless smart cards vary considerably and are often combined with magstripe, contact chip or bar code technology, allowing the holder to use multiple services with a single credential. The microprocessors in contactless cards communicate with the reader through radio frequency technology. These cards typically use oscillators to draw power from the magnetic field of a reader, though battery-powered cards read at greater distances than the typical zero- to 10-centimeter range. Mifare' cards and HID's iClass cards both meet ISO standards for contactless smart credentials.

To maintain security, read/write cards have a ?key,? an encryption algorithm that must match between card and reader before data transfer. Honeywell's DESfire credentials maintain a high degree of security through triple encryption with a built-in encryption processor on the card.

Access control functions that were once only available in fully networked systems have become more accessible with microprocessor cards. These include the ability to void other credentials and reprogram the reader to accept a new card, require a PIN entry with the read, carry a descending count code that limits the number of uses without revalidation, and maintain photo or signature files for user verification. Perhaps the greatest value of smart credentials is their ability to be used for secure transactions (banking, time and attendance, access to services) while allowing card access systems to function on their own dedicated networks.

Manufacturers of smart cards and readers offer development kits that designers can use to build security applications. In addition, several companies have expertise in designing software for smart cards, and many of them will develop software under contract with clients that may choose not to maintain a full-time staff of software designers. Security applications are limited only by the imagination of software developers.

One unique application of smart cards stores a photo image of the holder on the card. When the user presents a card at a stationary or portable reader (embedded in a PDA), his or her photo appears on a screen for visual verification.

Another significant security application integrates biometric technology with smart cards to verify the user's identity without having to manage biometric template data in the background. The template is the biometric user profile that the access system creates when each user enrolls. This template from enrollment is compared against the user's live biometric information whenever that user attempts to gain access. Networked biometric access systems share template data so that a user's template is ready for comparison when he or she attempts access. However, it is not always possible or practical to manage biometric templates through a network. Users with large databases or with readers that do not connect directly to a network can benefit from biometrics integrated with smart cards. By encoding the biometric data on user cards, the terminal verifies the user's identity by extracting template information from the card before sending the user's ID number to the access control system.

Government and private security professionals are increasingly considering ?process-on-the-card? concepts. Access decisions and biometric verification take place on the credential, thus the biometric template never leaves the card. Precise? Biometrics uses this process in some of its products.

Emerging technologies will revolutionize how biometric and access information are stored and processed. Following the ?dot-bomb??the crash of so many Internet-based businesses in Northern California's Silicon Valley?investors and civic leaders alike anxiously await the next new technology wave to revive the valley. Many analysts believe the next new thing in the Silicon Valley will likely be nanotechnology, the miniaturization of processes to the molecular level. Computer chip makers have already reduced the size of their processors to microscopic levels. Nanotechnology will embed enormous computing power into access credentials at ever-lower cost.

Microprocessor cards are more costly than other credential technologies, but the cost is coming down as manufacturers refine their processes. Axalto (Schlumberger) is a major producer of multiple ISO smart cards and the leading manufacturer of microprocessor cards. This market is continually expanding as security professionals demand higher performance in access control and debit applications.

Smart cards bring a new dimension to access control. Mifare, iClass, DESfire and similar encrypted credentials offer the highest level of security against tampering and replication. The read/write, memory and processing capability of smart credentials offer advanced access control functions that broaden the functionality of both networked and stand-alone systems. Biometric integration ensures the cardholder is indeed the authorized user. Card memory can store audit trail information that security administrators can retrieve from the card. This is particularly valuable with stand-alone or fragmented network access controls.

Technology watchers have said for years that the smart card revolution that started in Europe and Japan will eventually find a home in the United States. That day has come.

Dick Zunkel is a frequent contributing writer for ST&D.