SECURITY FEATURE | WHAT TO KNOW ABOUT CONTACTLESS CARDS AND READERS FOR ELECTRONIC SYSTEMS

What to Know about Contactless Cards and Readers for Electronic Access Control Systems

ore and more, companies but not areas such as food service that formally used only while the exact opposite holds true By Scott Lindley, President, Mkeys are now asking for food service staff. Often, too, Farpointe Data about keyless or electronic access the security system is programmed control (EAC). Whether called to limit access only during specific badges, tokens or cards, they limit time intervals, such as a few hours access to a facility to only those who before and after a scheduled event. possess one of these . This is especially important for Countless companies take this a those venues that provide access step further. In many cases, office credentials to vendors and/or workers can access their work areas delivery personnel.

A wide range of contactless cards and readers are available

54 Security Solutions Today • September / October 2016 WHAT TO KNOW ABOUT CONTACTLESS CARDS AND READERS FOR | SECURITY FEATURE ELECTRONIC ACCESS CONTROL SYSTEMS

Mullion style proximity reader with keypad

September / October 2016 • Security Solutions Today 55 SECURITY FEATURE | WHAT TO KNOW ABOUT CONTACTLESS CARDS AND READERS FOR ELECTRONIC ACCESS CONTROL SYSTEMS

However, when you start exploring be detected from farther away. wear-and-tear factor. Secondly, this world of keyless access, a whole The longer read ranges and that proximity readers can be made very new series of terms pop up - passive spherical orbit creates a problem durable or even hidden into the wall cards, active cards, proximity, smart that active cards can face. Several to make them relatively vandal- cards, long range readers, Wiegand readers and cards could end up resistant. Some are even bullet and so on. Let’s demystify them. conversing with each other, creating resistant. And, thirdly, for almost a sort of communication mayhem. 20 years, they have provided the Passive cards, the most popular, most cost efficient front-end for an are powered by What is the most important thing access control system. Thus, there is (RF) signals from the reader. They you need to know about all this? a massive installed base. do not have a battery of their own. Pick the card that works best for Normally, they have a limited range the application and make sure you Proximity card readers of typically about four inches and that you are using the right type of communicate to the rest of the must be held closely to the reader reader for the card. access control systems in various (hence, the term “proximity”). protocols, such as the Wiegand However, they can have a read range What to Know about 125 KHz protocol, a de facto wiring standard up to 20 inches. Typically, the larger Proximity Cards and Readers which arose from the popularity the reader, the longer it will read. of Wiegand effect card readers in Also, readers which are mounted The 125 KHz proximity card and the 1980s. Another popular protocol on walls are typically rectangular or Wiegand standards currently is the ABA Track II interface, a square while other readers will fit on constitute the majority of the card- holdover from a mullion, that vertical element that based keyless access. technology. Again, you don’t need forms a division between units of a to know what these protocols do window, door or screen. There are three main reasons why or how they work. You just need to proximity cards and readers are still use the interface that the rest of the The passive card and reader today’s most widely used access system uses. communicate with each other by an control technology. First of all, RF process called resonant energy there is no contact between cards When selecting a proximity card and coupling. Passive cards typically and the reader. This eliminates the reader for your customers, there are have three internal components several things to check. First of all, - an antenna, a and an make sure they comply with one or which holds the both of the afore-mentioned two user’s ID number or other data. The main interface protocols so that the reader also has an antenna which cards and readers will interface with constantly generates a short range a wide range of electronic access RF field in a spherical orbit. When control systems. Also, order readers the card is placed within range of that support several proximity card the reader, the card’s antenna and and tag technologies/brands. Check capacitor absorb and store energy to see if the reader electronics from the field and resonate. This are secured with tamper- and powers the integrated circuit which weather-resistant epoxy potting. sends the ID number to the card’s This is important as, often, the antenna which transmits by RF readers are outdoors or in wet or signals back to the reader. dusty environments not suitable for electronics. Look for a lifetime Active cards are powered by an warranty. internal lithium battery. As a result, they can produce a much longer Some customers will want what read range measured in feet and is called multi-factor verification. yards, from 4 inches to 15 feet. That means that they want a system Its integrated circuit contains a that adds more than just a card receiver and transmitter that uses (what you have) to activate the door the battery’s power to amplify the PSM-25 - ISO standard size/multi-tech lock. The most popular is the card/ signal so that the active card can proximity card keypad reader. This makes anyone

56 Security Solutions Today • September / October 2016 WHAT TO KNOW ABOUT CONTACTLESS CARDS AND READERS FOR | SECURITY FEATURE ELECTRONIC ACCESS CONTROL SYSTEMS

The next term you must look for products will work with each other. is “MIFARE DESFire EV1.” We Interoperability can be achieved could go into a deep technological regardless of system architecture. explanation but, suffice it to say, For instance, the specification can MIFARE DESFire EV1 has become handle smartcards by constantly the contactless digital RFID monitoring wiring to protect technology benchmark for smart against attack threats and serves as cards. MIFARE is the gateway to a solution for high-end encryption a series of security levels. That’s a such as required in federal whole new article but really not that applications. The specification complicated. Ask your manufacturer for handling LEDs, text, buzzers for a quick run-through so you pick and other feedback mechanisms the right level of security for your provides a rich, user-centric access customer. control environment.

Wall mounted proximity reader As with proximity cards, you What to Know about 433 MHz will also want to assure that the Transmitters and Receivers readers comply with the Wiegand requesting entrance to show the communication standard. Review Note that the terms “transmitters system what they have, a card, and what to look for in proximity cards and receivers” are used in place of what they know, a PIN (personal again. Basically, it’s the same list “cards and readers.” The receivers identification number). - potted, different sizes, card plus support either 2-button or 4-button keypad, and so on. transmitters from ranges up to What to Know about 13.56 200 feet. Each button outputs MHz Smart Cards and What to Know about OSPD transmitter data, the user’s ID Readers number or other data, over separate The Open Supervised Wiegand outputs yet the receiver As proximity became the Device Protocol (OSDP) is installs just like a standard proximity predominant technology a communication standard adopted reader for easy integration with over the last decades, contactless by the Security Industry Association popular access control systems. smart cards will augment proximity (SIA) that lets security equipment, over the next three to five years. At such as card and biometric readers They are a terrific solution for long often a cost comparable to proximity from one company interface easily range access control applications card systems, systems with control panels and equipment such as gates and vehicle barriers, may be more secure and can be from another manufacturer. In other moving aircraft in and out of secure used for applications beyond access words, OSPD fosters interoperability hangars, arming and disarming alarm control, such as tool checkouts, the among security devices. It also systems as well as situations calling company cafeteria and so on. adds sophistication and security for emergency duress. Instead of benefits through features such as using a card, which could activate All the leading smart card providers bi-directional communication and more than one device or door at conform to ISO standards. ISO read/write capabilities. A two-way a time, the transmitter holder 14443 cards operate from zero channel paves the way for forward- selects exactly the mechanism to be to four inches while ISO 15693 looking security applications immediately triggered. cards may provide longer ranges, such as the handling of advanced something comfortable for the smartcard technology, PKI, and Available in either a two- or four- user and assuring a positive read. mobile device access. Not only button configuration and equipped Be aware. There are proprietary, does it provide a concise set of standard with a potted proximity non-standard-based smart card commonly used commands and or module, technologies that could bind you to responses, it eliminates guesswork, the transmitter can also be used a single-supplier dependency and since encryption and authentication as a traditional, presentation-style potentially restrictive pricing and is predefined. access credential. For example, a delivery structures. Only in certain button may be pressed to activate circumstances do you want to In other words, OSDP helps ensure a long range application, such as a consider them. that numerous manufacturers’ gated parking barrier, and then be

September / October 2016 • Security Solutions Today 57 SECURITY FEATURE | WHAT TO KNOW ABOUT CONTACTLESS CARDS AND READERS FOR ELECTRONIC ACCESS CONTROL SYSTEMS

Keyfobs are also available in both proximity and smartcard technologies. They are often used in place of cards, being designed to be carried on a key ring. The most durable typically include a brass reinforcing eyelet.

What to Know about Preventing Hacking and Duping of Your Card System

The bad guys have figured out how to capture and use card-based information to fool the system and let the unauthorized in by using skimming, eavesdropping or relay attacks. Skimming occurs when the attacker uses his reader to access information on the victim’s RFID token without consent. An eavesdropping attack occurs when an attacker can recover the data sent during a transaction between a legitimate reader and a token. A successful relay attack lets an attacker temporarily possess a ‘clone’ of a token, thereby allowing him to gain the associated benefits. Using any of these relatively inexpensive methods will let an Long Range receivers and transmitters unauthorized person in.

Adding to the problem is that presented to a proximity reader to thicker card appropriate for dye Wiegand, the industry standard allow entry through a door and into sublimation printing. Lastly, the over-the-air protocol commonly the building. multi-tech card is a proximity card used to communicate credential the same size as a credit card that data from a card to an electronic What to Know about can or not have a magnetic stripe access reader, is no longer inherently Contactless Cards and Fobs on it. It is commonly referred to as secure due to its original obscure an ISO standard size. and non-standard nature. Today, no The different technologies use one would accept usernames and somewhat different cards but they There are two main types of smart passwords being sent in the clear nor all tend to work in the same manner. cards. The clamshell contactless should they accept such vulnerable smartcard is an ISO14443-compliant credential data. ID harvesting has Most proximity manufacturers card with a 1K-byte memory. become one of the most lucrative provide one of three types of cards: More memory may be added. The hacking activities. In these attacks, standard light, image technology ISO contactless smartcard is an a credential’s identifier is cloned, or and multi-tech card. The standard ISO14443-compliant card with captured, and is then retransmitted light proximity card is a clamshell a 1K-byte memory. It, too, can via a small electronic device. design, meaning that there are two be ordered with more memory. connected sides sealed together Manufactured from glossy PVC, it Leading card and card reader to hold the electronics. An image is appropriate for dye sublimation manufacturers offer security technology card is a slightly imaging. options. The first is to provide a

58 Security Solutions Today • September / October 2016 WHAT TO KNOW ABOUT CONTACTLESS CARDS AND READERS FOR | SECURITY FEATURE ELECTRONIC ACCESS CONTROL SYSTEMS

higher-security handshake, or code, between the card or tag and reader to help ensure that readers will only accept information from specially coded credentials. The integrator will never provide another organization with the same code. As a result, no other organization will have this reader/card combination. Only that single company’s readers will be able to read their cards or tags and their readers will read no other organization’s cards or tags.

The second major solution is Valid ID, an anti-tamper feature available with contactless smartcard readers, cards and tags. It adds an additional layer of authentication assurance to NXP’s MIFARE DESFire EV1 smartcard platform, operating Keyfob Smart card reader independently, in addition to, and above the significant standard level of security of DESFire EV1. Valid ID lets a smartcard reader help verify at schools, universities, correctional reinforced with a bullet-resistant that the sensitive access control institutions, housing authorities, insert that is compliant with UL752 data programmed to the card or tag factories, hospitals and other locales performance level standards of is not counterfeit. where RFID proximity and smart ballistic protection. card readers can take a beating. At manufacture, readers, cards What to Know about and tags are programmed with In both types of hazard-resistant Lowering Energy Costs this fraudulent data detection readers, protection is greatly solution. The Valid ID algorithm enhanced because the electronics Some vendors provide as an cryptographically assists in ensuring are sealed in weather-and tamper- option eco-friendly readers with the integrity of the sensitive access resistant epoxy potting for both a technology that cuts energy control data stored on the card indoor and outdoor operations, costs and is an easy addition to or tag.With Valid ID, readers scan providing an IP67 rating which any company’s green initiative. through the credential’s access assures the electronics are protected In emergency power situations, control data searching for data from water, steam, detergents, dust, proximity readers using the low discrepancies, which may occur sand, tools and other elements energy option can reduce average during the counterfeiting, tampering which could be used to impede data current draw by as much as 50 or hacking of the credential. If collection. In addition, the vandal- percent, providing significantly tampering is detected, the reader resistant readers are manufactured longer up-times with their back-up reports it promptly to the access from thick polycarbonate material batteries. They can also expect long controller, identifying the credential and feature tamperproof screws. An term energy savings. in question. anti-tamper mode is also available, providing supervision of both the The Bottom Line What to Know about Vandal- reader and its cabling. Proofing the Card Reader Whatever you may need at the front Bullet-resistant proximity card end of your access control system, Vandal-resistant and bullet-resistant readers can provide the highest level you should be able to find a solution contactless card readers are ideal for of vandal resistance by featuring that meets your needs. installations where more durability a virtually indestructible exterior. is required than with a standard These readers are milled from a For more information, please visit: reader. They are becoming big hits solid block of stainless steel and www.farpointedata.com. sst

September / October 2016 • Security Solutions Today 59