Smart Card Considerations Revealed

Clinton on

Press Releases Archive

Top 4 Smart card considerations

Marc McNicholl, Senior Applications Engineer, CEM Systems talks about the “Top 4 Smart card considerations” for companies wishing to migrate from legacy technology to highly secure smart card credentials. These include:
1. Cost
2. Security
3. Compatibility and
4. Key management

With the threat of card cloning and door controller interceptions ever increasing, the industry recommendation is to use smart cards to secure credentials; but for many companies the move is daunting. For small companies the concerns are about cost, knowledge and selecting the best solution to meet their needs. Larger companies will have the additional concern of scale and how they physically manage the migration process and roll out of the new smart cards; especially if multiple sites and systems are deployed globally.

There are four major factors for companies to consider:

1. COST
While cost was a prohibitive factor in the beginning, we are now starting to see this change. The industry’s drive towards more secure technologies with multiple layers of encryption is pushing the cost of smart cards down. This not only offers a future proof technology platform for access control and other business functions but immediately protects against the growing threat of authentication breaches.

2. SECURITY
Although smart cards typically offer strong layers of security, companies must consider the entire security of their smart card solution from the credential right down to the reader level at the door. It is no good having a highly encrypted smart card when the card number is easily played back across a vulnerable Wiegand interface from a third party reader at the door. The communication channel between the card reader and controller must be secure. This can be achieved using secure RS485 communication protocol, as well as industry standard Open Supervised Device Protocol (OSDP), which also means customers are not tied to one manufacturer.

3. COMPATIBILITY
Think about more than just the physical security of your building or site. Ask yourself “Is this smart card technology compatible with my existing security systems, products and technology?” Choosing the right smart card solution is definitely not clear cut.

For example at some large organisations not all sites will have access control readers from the same manufacturer and crucially not all manufacturers can read from an encrypted area of a smart card. Every company has different challenges and questions such as “Can I integrate with other products using the new cards?” and ‘Will my secure card work with my other business systems?”. These are just some of the important questions you need to ask yourself and your solutions provider before choosing your smart card.

4. KEY MANAGEMENT
Ok, so you have chosen the smart card technology and solution that is right for your business. The next consideration is whether you should manage your own smart card keys? You can buy blank smart cards and self-manage your own keys or you can opt for pre-personalised smart cards from the manufacturer. Again there is no one size fits all answer here. The pros and cons need analysed depending on your business and resources. Carefully look at resources needed for self-key management, as well as the security considerations of storing your keys on site. For some projects the cost of managing their own cards could far outweigh any other cost savings made.

Other technical considerations also need to be made, for example do you want your solution to read the Unique Identifier (UID) of the cards or the Private Secure Number (PSN) and should you use diversified keys or static keys?

There are many benefits of opting for smart cards already pre-personalised. It’s the manufacturer who takes responsibility for ensuring compatibility of smart cards with third party readers and other security systems. They manage the key security and storage securely offsite and they absorb the costs associated with smart card key management – including the sourcing of NDA’s (Non-Disclosure Agreements) from external system providers.

In many cases however organizations consider control of their own keys for physical access control and other applications an essential element to security. If you do decide that user defined personalisation is the way to go, then speak to your manufacturer to see if they support you buying your own blank smart cards and if the cards are compatible with their products. Also ask your security manufacturer if they have a software utility or application within their security management system that enables you to create your own encrypted keysets in a manageable, intuitive and step-by-step way. This very often will eradicate any pitfalls of smart card encryption and transition.

END

Want to ask Marc a question on smart cards? Then please comment below.

About CEM Systems

About CEM Systems
CEM Systems from Tyco Security Products is now part of Johnson Controls, a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. CEM provides highly advanced security management solutions which include integrated access control, ID badging, alarm monitoring, people counting systems and the industry’s most advanced and flexible range of card readers.

From a small facility to a large multi-site facility the sophisticated AC2000 access control system and advanced CEM products provide a solution to meet even the most complex needs. Each CEM system can be customized to specifically fit the needs of each individual customer, ensuring a powerful, highly tailored level of protection that simply cannot be matched in the industry. For more information on CEM Systems access control technologies, visit www.cemsys.com.

Tyco Security Products is now part of Johnson Controls, a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. With its world-leading premium access control, video, location-based tracking and intrusion solutions, Tyco Security Products employs over 2,800 employees globally, including research and development, marketing, manufacturing, sales, service and logistics teams in the Americas, Europe, the Middle East, Africa, and Asia Pacific. Our products, built by developers from all product disciplines, consistently allow customers to see more, do more, and save more across multiple industries and segments including healthcare, government, transportation, finance, retail, commercial and residential. Worldwide, Tyco Security Products helps protect 42% of Fortune 500 companies, transportation systems on five continents, 37% of the world’s top 100 retailers, over two million commercial enterprises, thousands of students in more than 900 educational facilities, and over five million private residences.

In this section