Tag Archives: levels of security

Levels of Security: 5, Biometric Authentication

Welcome to the fifth, and final, installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID cards, and biometric authentication.

biometric authentication is the highest level of access control securityBiometric authentication uses a reader to scan and verify identity using a unique physical attribute. The most common are fingerprints, palm prints, facial scans, and iris scans. New technologies include scans of the shape of the skull and of the interior of the ear canal.

For access control, these methods of authentication are most often used with another method, playing on the security adage that the most secure “key” is “something you have, something you know, and something you are”.  An ID card (of any level) or key serve the purpose of being an exclusive item one has. Biometric markers, which are unique to the person seeking entry, is something they are. Often keypads or password encryption serve as “something you know”. Verifying identity through biometrics prevents security breaches based on theft of cards or other access devices or recreation of credentials using stolen data, as the person who uses the device is as important as the device itself.

Companies also use biometrics to help protect data and to provide appropriate access. Many devices use fingerprints instead of passwords as an unchanging piece of data that restricts access to the appropriate user. This technology provides the option for targeted, instead of widespread, use of biometric authentication. Some programs require the input of a password and verification of a user’s biometric data before allowing access to secure information. This solution can provide an incremental security increase, rather than outfitting an entire facility for biometric scanning.

Certain industries have also begun using biometric scans to store user data. For example, some hospitals have begun to use palm scans to ensure that medical records are accurate and secure. Many school systems have begun using thumbprint scanners to link student lunch accounts. These methods replaced use of a card (which students often lose) or student PIN-code (which students sometimes forget, and slows down the lunch line).

Concerns about Biometric Authentication

The use of biometrics is still controversial. Many people worry about someone stealing or hacking into this secure information, extending the privacy problems that plague technology companies. Companies address this concern in multiple ways. Many do not store biometric information. Instead, they use a computer algorithm to create a unique identifying number derived from the biometric scan. This number is then associated with the user. Others keep the biometric information stored on a device rather than in a database. Banks that use biometric authentication in mobile apps store the user’s information on the device rather than in a database. The same can be done with smart cards. The chip in a contact or contactless smart card has enough storage space to store the data required to verify the cardholder’s identity, which eliminates the need to keep information in a centrally controlled (and thus target-rich) access control database.

Thank you for following along with our series on access control security. As always, feel free to contact one of our experts for more information at +1 704.535.5200.

Levels of Security: 4, Contact and Contactless Smart Cards

Welcome to the fourth installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID or smart cards, and biometric authentication.

Contactless Smart Cards

Contact and contactless smart cards are the second highest level of authenticationContactless smart cards use high-frequency radio frequency identification, or RFID, and afford stepped-up security (vs. standard proximity cards) by employing a memory chip that can store more information. These larger capacity chips allow users to store and encrypt more data than before, making it more secure. While typical applications use readers limited to 1 foot or less, the technology can read card data from as far as 30 feet. Like standard proximity devices, RFID credentials do not need a direct “line of sight” from the reader. As a result, readers can access these devices through clothing, and even packaging (such as in a box, pocket, wallet or purse).

A few examples of common applications for contactless RFID devices include:

  • use of RFID-enabled ID cards or fobs for access-control through secured doors or vehicle access to controlled parking areas;
  • storage of computer-network access credentials and authorization levels;
  • access to pharmaceutical cabinets and dispensaries;
  • medical and healthcare applications vary from tracking inventory and patients, to confirming correct medication dispensing, and out-of-bed/fall detection;
  • tracking of retail goods for stock/inventory control, and anti-theft systems;
  • contact-less payment systems, linked to your credit-card or bank-account (i.e. – Apple Pay(TM) )

If you are considering use of RFID credentials, be aware that there are privacy concerns regarding their data storage. Because these devices are compatible with long-range scanners, they are susceptible to reading without the holder’s knowledge. This opens the door (pardon the pun!) for duplication and for skimming of information that should remain private. As a result, some users wrap their cards in aluminum foil or use RFID blocking wallets to prevent unauthorized reading.

Contact Smart Cards

Contact-type smart cards carry a chip with exposed contacts, which a user must insert into a reader for data to be read or retrieved from the memory chip. This type of card is slightly more secure in that it prevents skimming in the manner described above. Access control applications can use these devices, but they are still more common in payment application. In fact, if you live in the United States and have bank-issued credit- or ATM-cards, you most likely now have a card of this type today, as all US institutions were required to adopt these more-secure cards within the past year.

Check back soon for our next post in the series, regarding the highest level of access control security: biometric authentication.

Levels of Security Series: 3, Proximity Access Devices

Welcome to the third installment in our series on Levels of Security! In this series we will be investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID cards, and biometric authentication.

Proximity Access Devices are a mid-level security measureClients whose facilities need a moderate degree of security may find their best solution in proximity access devices. Organizations issue these devices, which take the form of cards, key-fobs, or stick-on (adhesive) disks, to individual users. Each device includes a tiny computer chip that houses a small amount of data custom-programmed for a facility. These credentials allow an installed access control system to determine if the device holder has the required permission to access a facility.

Prior to the introduction of access-control systems, organizations would provide key copies to their employees, or have full-time receptionists, or employee security guards as ways to manage access.

Benefits of Using Proximity Access Devices

  • Unlike keys, access control systems can operate on schedules. For example, a key-card or fob can allow access to buildings only Monday thru Friday from 8:00am to 6:00pm. Other devices and individuals can have their own unique schedules.
  • Also unlike keys, with proximity access devices, you can immediately and remotely “turn off” or modify access areas and times. This means that if an organization needs to change an individual’s access, it can do so quickly, without affecting any other device holder. This includes restricting access to certain facilities or to certain days or times. In the “old days”, if  an employee’s access need to be changed, locks were changed and new keys issued. As you can imagine, this was a considerable expense!
  • If the proximity access device is a printable ISO card, it can double as the employee’s photo ID. This provides both a visual identity check and a physical access-control check, further enhancing security.
  • Proximity access device readers can work with optional modules, such as numeric key-pads, requiring input of a second-form of authentication. Often used on exterior doors, these combinations help to prevent unauthorized entry should someone find a lost credential.

As technology has developed, more secure options have been introduced which can store more data and are more difficult to be scanned and copied. We will explore those options in coming installments. But, for organizations with a need for flexible security controls, while maintaining relatively low or moderate costs, the access-control systems and proximity devices are the perfect solution.

 

Levels of Security Series: 2, Barcode and Magnetic Stripe Cards

Welcome to the second installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode and magnetic stripe cards, proximity devices, contact and contactless RFID cards, and biometric authentication.

Barcode and Magnetic Stripe Cards are an easy way to add security elements to your IDsFacilities in need of a low-moderate security solution may find that ID cards printed with a bar-code, or with an encoded magnetic stripe, fill their needs. Like the previous level’s solution, these options are still relatively easy to implement and low cost. Facilities that do not require this level of security should refer to the first post in this series: Printed PVC Cards.

Often our clients can meet other needs by making enhancements to their regular ID cards. Some commonly available technologies allow for many uses of these enhanced cards.

  • Restaurants and factories, for example, often use time-clock applications. Employees clock in and out by “swiping” card through a reader connected to the payroll system.
  • Many schools, colleges and universities have moved to a “one-card” system. This system allows students to obtain meals in cafeterias, access a library, or make purchases by presenting an authorized card.
  • Medical service providers’ EHR (electronic health-record) systems often require dual-factor authentication to log in. By equipping system computers with readers for barcode and magnetic stripe cards and appropriate access control software, the employee’s ID card can double as the required second-factor authority.

Barcode Cards

The barcode category includes traditional “1D” bar-codes, “2D” bar-codes, or QR codes. These codes created by selecting a font that transforms an alphanumeric code into a lined or pixelated image. These images are printed onto the card and can be scanned by specialized readers or by smartphone applications. This solution requires a database of some kind that associates the unique graphical code with the pertinent information. A significant limitation here is that barcodes can be photocopied. This can result in unauthorized access if secondary security measures are not put in place.

Magnetic Stripe Cards

Magnetic Stripe CardsThe magnetic stripe card can store a very limited amount of information, such as an account, employee, or student ID number, dollar amount (or other financial balance), & other encoded information. These early versions of modern smart cards are less secure than newer options due to technological advances. The technology used in them makes these a slightly higher-cost option than “plain” PVC cards. In addition, they require specialized readers and a computer program to interpret and act on the stored data.

Customers who print larger quantities of cards or who would like to be able to issue cards immediately may find that an investment in a printer and supplies is beneficial. For small organizations or those who do not want to maintain cards themselves, our service bureau is able to print cards on demand for a reasonable fee.

Barcode and magnetic stripe cards are excellent solutions for organizations with modest functional needs and low to moderate security requirements. Both options provide a way for customers or patrons to recognize the authority of the person wearing the card. And all ID badge solutions add the benefit of a sense of visual cohesion in any work, school, or healthcare environment.

Levels of Security Series: 1, Printed PVC Cards

Printed PVC Cards are the first measure many business take in ID security.Welcome to the first installment in our series on Levels of Security! In this series we will be investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity devices, contact and contactless RFID cards, and biometric authentication.

Facilities in need of a minimum security solution may find that a simple ID badge fills their needs. This solution is relatively easy to implement at low cost. This category contains two distinct levels of security: a non-photo card and a photo ID badge.

Non-Photo Printed PVC Cards

The non-photo card offers the lowest level of security, but still provides a quick method to identify a holder’s credentials. These cards can offer an organization’s seal or logo, card-holder’s name and/or title or position, or simply feature color coding. For example, a school or assisted living facility may issue a pink card to volunteers and blue cards to staff. This quickly allows staff, students, parents or residents to identify an authorized individual.

Photo IDs on Printed PVC Cards

Example of a Printed PVC CardThe photo ID badge can include any of the above elements, but then adds an additional security layer: a photo of the cardholder. This provides an additional confirmation that the person carrying a card is the person to whom it was issued. Photo IDs are commonly used for students, teachers, healthcare professionals, and employees at a variety of businesses & government entities.

Both of these entry-level ID solutions help the wearers and organizations project a professional appearance, giving confidence to clients. They help organizations meet minimal security guidelines required by regulators that are prevalent, for example, in the healthcare field.

The limitation of these simple ID solutions is that a person must confirm the identity of the cardholder, rather than an automated system of access control. For many organizations, however, they provide a cost-effective solution to their most basic needs.

Printed PVC Cards: A Low-Cost Solution

Whether the design includes a photo on an ID or not, printed PVC cards have similar, relatively low costs. For small organizations, or for those who do not want to design, maintain and issue cards themselves, our service bureau is able to offer professional design and printing of cards on demand, and for small relative fees. Customers who print larger quantities of cards or who would like to be able to issue cards in-house and immediately will find that an investment in a printer and supplies is beneficial.

Basic ID cards are an excellent solution for organizations that do not operate in access-controlled facilities. Either option for printed PVC cards provides a means by which clients or patrons can recognize the authority of the wearer, and can provide a sense of visual cohesion in any work, school, or healthcare environment.