With hands-free access, security becomes more important because the signal transmitted by the user’s token becomes easy to intercept. It’s important that such a system should be encrypted and not susceptible to replay attacks where the signal is covertly recorded at the time of use and played back at a later time to gain entry. The future for hands-free is very promising. In addition to the sheer convenience of the technology, carrying a traceable hands-free token offers other benefits.
By Drew Hoggatt
The best access control system imaginable is invisible. Its doors are firmly locked to those who have no right to access, but free and open to authorized people. Nobody has to think about it, or perform any special action to gain entry. Unfortunately, my ideal is a long way from any real system on the market today. It does make me think, though, that some of the trends as plotted by industry ‘experts’ are wide of the mark.
The problem with industry experts is that they listen too much to other people. This kind of consensus opinion forming is notoriously unreliable. For example, it predicted the success of WAP browsing on mobile phones, but refused to recognize the appeal of the text message until it was being used by practically everybody in Europe under the age of 19. Expert opinions are formed at trade shows by talking to exhibitors and colleagues and picking up the common view. The common view then becomes reported fact.
At the IFSEC show in Birmingham, UK in May 2006, there were a lot of products using biometric technology. So many in fact that a colleague in the industry remarked to me that he thought that the cost of exhibiting those devices at the show exceeded the total value of the market for biometrics in the U.K. for the year. I don’t know if he was right, and nor does he, but I do agree that the emphasis on selling biometrics is a little out of proportion to the benefits today.
At this point, I’d better make clear that I’m not an anti-biometrics person. I think my ideal system outlined earlier will use biometric technology. I will not have to offer it my eye or my fingerprint, it will just recognize me. It will also remind me that I have left my briefcase in the car and that my visitor (whose metrics it also knows accurately from a casual scan) is in reception. Today, however, we are some way away from that kind of functionality. The technologies are currently struggling against the boundaries of cost, weather, processing power, lighting and reliability amongst others.
3 FUNDAMENTAL METHODS
There are three fundamental aspects to identifying individuals in order to admit them through an access control system. They can possess a token, for example, a proximity card, they can have knowledge such as a PIN, and they can have physical attributes like a fingerprint, which can be compared with a reference copy in a database. One or more of these aspects can be used to gain access at an access point; card and PIN combined is currently quite common for higher security doors.
There are advantages and disadvantages for each aspect. So for example, fingerprint identification is very good where the cost of the token is important and is convenient in that there is no token to forget or lose. It’s also more secure than a PIN that can be divulged to a third party and used in their absence. Fingerprint reading is not so good in the rain, however, and a high proportion of access points are external. User acceptance is still a problem for a number of reasons. For instance, people are worried about their identity being protected thoroughly and hygiene is perceived as another issue among some users.
Token-based identification does overcome some of the problems of biometrics. It can be used without contact and it is very fast and extremely reliable. Users like it because they know that if they are not carrying the card, they can shed that part of their credentials: it’s an intuitive way of protecting identity. Interestingly, another consensus opinion is that we all want to carry just one card. In fact real people like to have a number of cards, and add and remove functions at will by accepting new cards or cutting up unwanted ones they are in control.
The ergonomics of token recognition have developed in a very interesting way. Fifteen years ago, 20% of the tokens used in access control were of the non-contact proximity type and 80% were the traditional magnetic stripe cards as used by the banking industry for decades. It took less than ten years for those figures to reverse. Magstripe today is firmly a legacy or low cost technology for niche markets. Consensus thinking at the time was that magstripe would die because security was poor. In fact, it died because proximity cards are more convenient. You don’t have to take them out of a wallet to use them, and the rather awkward need for a precise swipe of a magstripe card has been replaced with an easier presentation. Proximity is not necessarily more secure than magstripe but many access control applications do not require security at a high level. It is more expensive than magstripe, but buyers are willing to pay for ease of use.
I believe that this trend will continue and that there is a proven market for even more convenient identification, namely hands-free technology. However, many implementations of this have problems. Readers are traditionally much more expensive than their proximity counterparts and can be very sensitive to their surroundings. These disadvantages have held back technology to date.
A hands-free reading technology that overcomes these problems is Net2 hands free from Paxton Access. It uses the same standard 125 kHz proximity readers that the company has been supplying for some years, with an additional component inserted between the reader and the door controller. The read range is from 1 to 5m, depending on the reader type. A reader 50mm wide will achieve a range of around 1.5m. This means that the hands-free function can be retrofitted to a building equipped with one of Paxton’s systems even if it has been installed for a number of years.
With its systems, the proximity cards and doors, and hands-free tokens and doors are all mutually compatible. This means that where hands-free is required for a small group of users on a small proportion of doors, it’s not necessary to pay for all other users and doors to be equipped with hands-free. With hands-free access, security becomes more important because the signal transmitted by the user’s token becomes easy to intercept. It’s important that such a system should be encrypted and not susceptible to replay attacks where the signal is covertly recorded at the time of use and played back at a later time to gain entry.
The future for hands-free is very promising. In addition to the sheer convenience of the technology, carrying a traceable hands-free token offers other benefits. For example, location sensing of personnel is potentially very useful in a fire. Other efficiencies can be achieved in companies where the location of all employees is known from when they enter the building until they leave, possibly useful in high security applications.
Drew Hoggatt is Managing Director of Paxton Access Limited (www.paxton-access.co.uk).
For more information, please send your e-mails to firstname.lastname@example.org.
ⓒ2007 www.SecurityWorldMag.com. All rights reserved.