Consultant Corner

Integrate HID products into your project design solution

consultant-corner

HID understands the challenges faced by today's technology solution designers and specifiers. With that in mind, this site has been established as a tool to provide useful information so you can effectively work with your clients to migrate to new secure identification technologies. Here you will find easy access to the information necessary to efficiently integrate HID products into your project design solution.

HID also appreciates the challenge faced by industry design solution professionals to maintain their level of technical expertise as new technologies are introduced into the marketplace. Here too, the Consultant Corner website will provide a continuous series of tools and informational articles to help you sift through the changing technology landscape in search for the salient aspects of technology that differentiate the products being considered for your clients. But the efforts to support your in-house knowledgebase do not stop on-line. Consultant Corner also provides product and technology informational sessions regionally or at your location. Sessions can be tailored to meet your unique team requirements.

The Consultant Corner program is committed to working hard to earn the role of Trusted Advisor to industry design and specifying professionals. We will strive to continually improve the tools, resources, and services that we offer. We also welcome any feedback you may have regarding how we can better support you in developing effective solutions for your clients (what we are doing right, and more importantly, where can we improve). We look forward to working with you.


iCLASS - The New Prox: Beyond the Technology

Today’s security solution specifiers and designers face the constant challenge of maintaining their technical knowledgebase so they can evaluate, recommend, and deploy new products to better solve their client’s problems. The speed at which technology enables new products to be introduced into the marketplace compounds this challenge. Often times the result is a period of confusion and/or misunderstanding while industry professionals work through the noise in an effort to identify the applicable features and attributes that truly matter. This is true today with the increased use of 13.56 MHz contactless smart card technology in physical access control: the important features and attributes of the technology are not yet fully understood, making it difficult to properly evaluate product offerings.

Validating the Technology

In the case of 13.56 MHz contactless smart card technology, it is widely agreed that the industry is well beyond validating the technology itself. This ISO standard-based technology is being widely deployed worldwide and is here to stay. The industry is being barraged with contactless smart card market drivers meant to explain this trend:

  • Demand for higher level of personal authentication (e.g. HSPD-12 and resulting FIPS-201).
  • Demand for increased protection of personal data.
  • Demand for read/write functionality.
  • Demand for single card use across multiple business applications.

Although all of the above listed market drivers are accurate, the simple truth is that contactless smart card technology has matured to the point where contactless smart card products can offer users superior performance at little or no increase in cost over that of 125 kHz proximity technology. This statement requires qualification in that the increased performance users will enjoy depends largely upon on how the technology was deployed within the product offering. Contactless smart card capabilities such as mutual authentications, encryption, security key management, memory allocations, and access control formats, can be deployed improperly, or in some cases not at all. When this happens (and it does) the inherent benefits of the technology become moot and the user suffers.

13.56 MHz Contactless Smart Cards Vs 125 kHz Proximity

Obviously, there are inherent attributes of 13.56 MHz contactless smart card technology that make it the only choice for certain applications (e.g. read/write applications). But for the purpose of this discussion the focus will be on comparisons of the two technologies exclusively for use in physical access control applications. Fundamentally, contactless smart card technology is superior to 125 kHz proximity in two primary areas relevant specifically to physical access control: data security and flexibility of formats.

125 kHz proximity does not offer any effective level of security in regards to the transmission of card data from the card to the reader. Essentially, once the proximity card is activated within the field of the reader, card data is transmitted to the reader (basically a free read). With contactless smart card technology, the computing power of the contactless smart card chip may be leveraged to increase card data security through the use of cryptography, and encryption.

For example, HID iCLASS has optimized the security features offered by the contactless smart card technology. The card format data is stored in a secure memory location within the contactless smart card IC. This access control data may only be accessed by using 64-bit diversified security keys based on a unique card serial number. By using diversified unique keys, and industry standard encryption techniques, the risk of compromised data or duplicated cards is virtually eliminated. Even if an unauthorized person obtains a reader, without the keys, the reader will not authenticate with the card and data will not be transmitted. RF data transmission between the card and reader is also encrypted using a secure algorithm so that the transaction between the card and reader cannot be “sniffed” and replayed to a reader. In addition, the cards and readers authenticate each other using a symmetrical key-based algorithm. For even higher security, card data may also be protected with DES or triple-DES encryption. It is important to note that although contactless smart card technology offers various levels of data security, not all suppliers enable and/or optimize them. If not deployed properly, the user may not experience any increase in security over that of 125 kHz proximity.

When purchasing a card for physical access control, the visible object is a piece of plastic that contains an antenna and electronics to allow storage and transmission of data. The tangible benefit that is being purchased is the actual data format itself. The data stored in the card essentially consists of a string of numbers. A format explains what that string of numbers mean and how they are used in the access control system. Back in the era of magstripe technology, the length of the format was limited by the physical length of the magnetic stripe (e.g. Track 2 is encoded at 75 bits per inch and with 5 bits per character including parity, offers a maximum of 37 numeric characters). The typical HID 125 kHz proximity format can be up to 84 bits long. Therefore, considering the data capacity of any given technology, there is an finite number of unique numbers that can be stored. With contactless smart card technology providing options for much larger memory capacities, the size of formats can be greatly increased. This is becoming increasingly important as the population of access control systems increases, making unique card numbering increasingly difficult with some of the limited format structures. Therefore, the scalable memory structure of contactless smart cards allows extended format styles to be deployed as the market changes.

Those that do not consider contactless smart card technology for their design solutions because “Our client is not that sophisticated”, may not have recently analyzed the performance enhancing attributes inherent to the technology. Further, they may be unaware that this increased security and performance can now be provided at the same price as legacy 125 kHz proximity. Today, it is quickly becoming the expected standard to specify and deploy contactless smart card technology in physical access control cards and readers.

Technology Vs Product

Most of us are familiar with the very successful Intel Inside® program. PC Products that display this sticker are communicating to potential buyers that the product has employed this well known, and trusted, technology. However, if the PC manufacturer produced a poor quality PC that was available only in a limited geographic area, in very limited quantities, with little or no after-sale support structure, it would probably not matter to potential buyers that the PC utilized a well known technology.

A technology can be described as the raw tool or machine that can be used to solve problems. A product however, is much more than simply the physical tool or machine itself. A product includes the totality of the offering that buyers perceive they will enjoy when they purchase the product. It is the sum of all of the individual elements of the product that determines the true value to the user. These elements include:

  • The benefits of use (solving problems, safety, convenience, etc.)
  • The product attributes and features (styling, ease of use, functionality, quality, brand, etc.)
  • The value-add products & services (training, installation, warranty, service & support, etc.)

For example, the marketplace has come to expect a certain level of performance when it comes to HID products. This confidence can be attributed to how well HID had augmented the 125 kHz proximity technology with all of the other aspects associated with the total product. So much so in fact, that designers of physical access control systems very often did not need to pay much design attention to cards and card readers past form factor and mounting considerations. The technology was so effectively integrated with the other product elements that there was little attention paid to “how it worked”. The product had established itself in terms of universal compatibility, quality, and support to the point that the intricacies of the technology was no longer a high-level design consideration.

The challenge for HID was to extend this established level of market confidence while deploying products based on the newer contactless smart card technology. The result was iCLASS. iCLASS provides those product features the market has come to expect from HID and wrapped them around the superior performance offered by contactless smart card technology. Attention to expected product elements has enabled iCLASS contactless smart card technology to be easily deployed; using the knowledgebase many have relied upon when designing around 125 kHz proximity products.

  • The same wiring configuration.
  • The same card formats and numbering
  • The same controller programming
  • The same form factor selection (multiple mounting applications)

Typical Misunderstandings

A good example of a misunderstanding related to a technology can be demonstrated by a common industry misperception of MIFARE. This technology was introduced back in 1994 and has been predominately used with/in transit-related products that utilize ISO 14443A technology. As a result, the term MIFARE has become misconstrued as interchangeable (or synonymous) with 14443A by those that do not fully understand the technology. The truth is that MIFARE is a closed, proprietary, encryption/conditional access protocol owned and licensed by Philips Semiconductors to multiple vendors of card and reader integrated circuits (ICs). In addition to conforming to parts 1 – 4 of the ISO 14443A standard, to read a card containing a MIFARE IC, readers must incorporate a special proprietary Philips reader chip that executes proprietary algorithms and protocols. When in fact, 14443A (parts 1 – 4) is an open standard and does not require the encryption/conditional access scheme used by MIFARE. It is easy to see that misunderstanding MIFARE as being 100% compatible with other 14443A products could present serious consequences relating to the client’s expectations of interoperability.

Another example of a serious technology misunderstanding involves the simple term “Compatible”. Several manufacturers offer readers that claim to be “iCLASS Compatible” or “MIFARE Compatible”. What exactly does that mean? A popular layman’s assumption might be that the reader can read the access control format data contained in the contactless smart card IC memory. But caution should be exhibited here. Sometimes it means that the reader product conforms to only a portion of the ISO standard, or does not incorporate the proper security features that allow access to the information stored in the card IC’s memory. In that case, the reader may only be able to read the Card Serial Number (CSN) of the IC. There have been instances where “Compatible” products were specified with the assumption that the internally programmed card format number would be read; however, it is a shock when it is discovered that the random CSN is being read instead. The result is that now a single card will transmit one number when read on the legacy reader, and another different number (CSN) when read on the “Compatible” reader. In some cases the access control software could not effectively handle two separate, and distinctly different, numbers for the single cardholder; requiring a massive database administration effort (unplanned time and expense) as a second cardholder record was required to handle this condition. Many manufacturers will qualify their “Compatible” reader as “CSN Only” in fine print. Regardless, it is good business to drill down to find out what “Compatible” will mean.

Summary

The introduction of new technologies presents a challenge for the market as they identify the salient issues to allow effective product evaluation. During this period, the market is confronted with misunderstandings, or misconceptions that can cause serious problems when the client expectations are not met. Education on the pertinent aspects of the technology will allow industry professionals to effectively evaluate, choose, and deploy the proper solution for their clients. However, a solid knowledge of the technology itself may not be enough to make a thorough evaluation. When a robust technology is poorly incorporated in a given product offering, those desired inherent benefits may not be realized. Evaluation beyond the technology to include the total product offering provides a more complete picture of what to expect when integrated into a comprehensive design solution.


Training Resources

Maximize your firm’s value to your clients by maintaining your in-house knowledgebase. iTDR provides free, customized, product and technology training at your location. Request a product overview, technology training session, or a lunch-n-learn.