THE EVOLUTION OF IDENTITY CREDENTIALS
Amer Hafiz, Technical Director at Nortech Control Systems, Reviews The Evolution Of Identity Credentials In Access Control
Access control is defined as “the selective restriction of access to a place or other resource”. For an automatic access control system to function, it requires a means of identifying individuals to determine their access rights. The form of identification can be anything from a memorised password or PIN (personal identification number) to biometrics (measurement of a human characteristic).
Since the early days when access was granted when an authorised PIN was entered into a keypad, access control systems have evolved to support many forms of ‘physical’ credentials. Generally referred to as “pass cards”, these credentials have taken many forms:
- where an identity number is printed on the card in the form of a machine-readable series of variable width bars. Although more secure than a memorised number, a barcode can be easily copied or reproduced.
- where a magnetic stripe on the card stores an identity number within a designated track. A special magnetic card reader is used to read the number from the track.
– where an electronic chip on the card holds the identity number and a built-in antenna enables a compatible proximity card reader to read the identity number using radio frequency technology. The card simply needs to be held within a few centimetres of the reader.
– using a similar radio technology to that of proximity cards, smart cards can hold a variety of data within the chip. The data can be read and/or written to the card using compatible readers/writers depending upon the application. For access control applications, an identity number can be stored on the card and read by a compatible access control card reader.
In each of these technologies, it is necessary to issue a uniquely numbered card (or key fob) to each authorised person. The unique number on the card serves as their identity on the access control system. Without the card, they would not be able to gain access to the restricted areas. This makes it necessary for them to keep their identity cards with them whenever they need to move around the building or installation.
Recent technological advances have made the need to carry identity cards unnecessary. Two completely different approaches have been used.
Biometric readers - The first was the development of Biometric readers, where the recognition of unique human characteristics such as fingerprints or retina patterns are used for identification, precluding the need for identity cards. To support these systems, authorised users must ‘enrol’ on the system, where their biometric data is read and stored in a database. Whenever the user needs to access a restricted area, they must present themselves to a biometric reader at the access point (e.g. places their finger on a fingerprint reader). The data obtained is then compared to the database to find a match to determine their identity and check their access rights before granting entry. Although this provides a high level of security and avoids the need to issue credentials, the readers are very expensive and the process of looking up complex data with a large database can be slow and limiting.
Virtual credentials - The second alternative is to use Smartphone-based ‘virtual credentials’ to replace physical cards and fobs. A virtual credential is a unique identity code that can be securely sent from a cloud-based server to an App on the user’s smartphone. Several virtual credentials can be stored on the smartphone for different access applications. A smartphone with its virtual credential can be used to gain access to restricted areas, making it unnecessary for the user to carry cards or fobs. As most people now carry their smartphones everywhere they go, they are far less likely to lose their credentials or forget to keep them handy.
The app can present the credentials to readers using one of the smartphones built-in communication technologies such as low power blue tooth, NFC or QR Code. The technology used would depend on the capabilities of the reader and the type of smartphone being used.
If Bluetooth is used, it can offer a further benefit as it can be used at distances of up to 15 metres from the reader, effectively replacing long-range, hands-free reader technologies.
Where might credentials go next?
In the short to medium term, identity cards will continue to be used, with contactless smartcard gradually replacing older technology proximity cards. Virtual credentials on mobile devices will become far more widespread. The ever-increasing levels of security being required will most likely lead to a wider use of facial recognition as the main biometric credential. With advances in Bluetooth technology providing increased bandwidth, more information can be quickly retrieved from smart devices, making the combination of high-security biometrics and smartphone apps a real possibility for controlling access.