Entry standard

Who’s who?

Amer Hafiz, Technical Director at Nortech Control Systems, reviews the evolution of identity credentials in access control

Access control is defined as ‘the selective restriction of access to a place or other resource’. For an automatic access control system to function, it requires a means of identifying individuals to determine their access rights. The form of identification can be anything from a memorised password or Pin (personal identification number) to biometrics (measurement of a human characteristic).

Since the early days when access was granted once an authorised Pin was entered into a keypad, access control systems have evolved to support many forms of ‘physical’ credentials. Generally referred to as ‘pass cards’, these credentials have taken many forms.

A barcode involves an identity number printed on the card in the form of a machine-readable series of variable-width bars. Although more secure than a memorised number, a barcode can be easily copied or reproduced. A magnetic stripe on the card can be used to store an identity number within a designated track – a special magnetic card reader is used to read the number from the track. An electronic chip on a proximity card holds the identity number, and a built-in antenna enables a compatible proximity card reader to read the identity number using radio frequency technology. The card simply needs to be held within a few centimetres of the reader.

Finally, smart cards use a radio technology similar to proximity cards – they can hold a variety of data within the chip. The data can be read or written to the card using compatible readers or writers depending on the application. For access control applications, an identity number can be stored on the card and read by a compatible access control card reader.

In each of these technologies, it is necessary to issue a uniquely numbered card (or key fob) to each authorised person. The unique number on the card serves as their identity on the access control system. Without the card, they would not be able to gain access to the restricted areas. This makes it necessary for them to keep their identity cards with them whenever they need to move around the building or installation.

Recent technological advances, however, have made the need to carry identity cards unnecessary. Two completely different approaches have been used.

Biometric readers identify individuals based on unique human characteristics such as fingerprints or retina patterns. To support these systems, authorised users must ‘enrol’ on the system, where their biometric data is read and stored in a database. Whenever the user needs to access a restricted area, they must present themselves to a biometric reader at the access point (placing their finger on a fingerprint reader, for example). The data obtained is compared to the database to determine their identity and check their access rights before granting entry. This provides a high level of security and avoids the need to issue credentials – however, the readers are very expensive and the process of looking up complex data with a large database can be slow and limiting.

Smartphone-based virtual credentials can replace physical cards and fobs. A virtual credential is a unique identity code that can be securely sent from a cloud-based server to an app on the user’s smartphone. Several virtual credentials can be stored on the smartphone for different access applications. A smartphone with the right virtual credential can be used to gain access to restricted areas, making it unnecessary for the user to carry cards or fobs. As most people now carry their smartphones everywhere they go, they are far less likely to lose their credentials or forget to keep them handy.

The app can present the credentials to readers using one of the smartphone’s built-in communication technologies, such as low-power Bluetooth, NFC or QR code. The technology used would depend on the capabilities of the reader and the type of smartphone being used. If Bluetooth is used, it can offer a further benefit as it can be used at distances of up to 15 metres from the reader, effectively replacing long-range, hands-free reader technologies.

WHAT NEXT?

In the short to medium term, identity cards will continue to be used, with contactless smart cards gradually replacing older technology proximity cards. Virtual credentials on mobile devices will become far more widespread. The ever-increasing levels of security required will most likely lead to a wider use of facial recognition as the main biometric credential.

With advances in Bluetooth technology providing increased bandwidth, more information can be quickly retrieved from smart devices, making the combination of high-security biometrics and smartphone apps a real possibility for controlling access.