Provide Clients Migration Paths by Allowing for Multiple Platforms
Despite the many benefits of mobile access control, this technology is unlikely to completely replace physical smart cards in the coming years. Instead, mobile access control solutions will coexist with cards and badges so that organizations can implement a choice of smart cards, mobile devices or both within their PACS.
Integrators will play a pivotal role in making sure their customers can navigate the migration to this hybrid access control environment, with the assurance that investments in today’s technologies can be leveraged in the future. They will need to offer their customers multitechnology readers and cards based on open standards that enable both legacy credential and new credential technology to be combined on the same card, as well as support NFC-enabled mobile platforms.
One example is HID Global’s iCLASS SE platform, which includes iCLASS Seos credentials that are pre-provisioned with the company’s Secure Identity Object (SIO) data models to simplify deployment. SIO data models represent many forms of identity information on any device that has been enabled to work in HID’s Trusted Identity Platform (TIP) communications boundary, which ensures protected transactions within an ecosystem of interoperable products.
The iCLASS SE platform supports multiple reader-to-panel communication options, including RS485 OSDP, CANBUS Hi-O, and Wiegand for legacy control panel compatibility. Plus, reader and credential upgrade options don’t require a physical change to the device. Interpreter packages are available that support specific card technologies and can be applied in the field and after the initial installation. Cryptographic operation changes or upgrades can be applied to both readers and credentials after the initial installation and card deployment. Also, customers optionally can manage their own cards and credential keys, and they can migrate to digital credentials on NFC-enabled smartphone when they are ready.
Secure Issuance: The Other Half of the Access Equation
In addition to providing a future-proofed card and reader solution, integrators can also help customers meet their current secure issuance requirements with an eye to tomorrow. According to SECURITY SALES & INTEGRATION’s latest research, 92% of security integrators are offering ID card printers and software to at least some of their access control clients.
Today’s printers, card materials and software deliver the highest levels of card security by incorporating critical visual and logical technologies for multilayered validation. There are many options for accomplishing this. Integrators should help smaller companies choose solutions that meet their need for ease of use, since few have the support of extensive IT resources. Midsize organizations will typically need intuitive solutions that are easy to use and scalable to meet evolving requirements. Large organizations need high card throughput to support growth and the ability to deploy a wide variety of risk-appropriate solutions.
Hardware choices include monochrome direct-to-card (DTC) solutions that combine quality, reliability and ease of use, as well as high definition printing (HDP) retransfer technology for contactless or contact smart cards. There are also high-throughput solutions that optimize performance and productivity. The latest desktop card printer/encoder solutions enable organizations to combine the high-volume reliability and advanced credentialing features of large centralized printers with the lower cost and smaller footprint required for the distributed printing model. For organizations that need cards to look alike whether issued in a distributed fashion or centrally, the best approach is to deploy the same retransfer print technology in both issuance environments.
Integrators should help their customers plan ahead for the most secure validation capabilities possible. Most ID card issuance systems rely on two-dimensional identity validation, comparing the person presenting credentials with identifying data that is displayed on the card. This identifying data may be a simple photo ID or sophisticated elements such as higher-resolution images, or it might be a laser-engraved permanent personalization attribute that makes forgery and alteration virtually impossible. Smart card chips, magnetic stripes and other digital components add a third security dimension. In addition, expanded data storage on the card makes it possible to include biometric and other information, which further enhances the validation process.
Proper identity validation management requires routine synchronization of pre-programmed data on the card’s electronics with personal data that is printed onto the outside of the card. In the past, organizations typically used a desktop card printer to add color and text to a card’s exterior, the card was extracted from the printer’s output bin, and the pre-printed/pre-programmed IC number was transferred to a computer database either through manual entry or by tapping the card to an external desktop reader. Today’s inline smart card personalization processes reduce this to a single step, enabling users to submit a card into a desktop printer equipped with an internal smart card encoder that personalizes the card inside and out.
Nearly all major card printer manufacturers offer the option to build card readers/encoders into their machines, and they also offer card issuance software that is compatible with the integrated system. If an organization already owns a card printer, it can usually be upgraded with an encoder in the field. By integrating readers/encoders into card printer hardware, organizations position themselves to leverage the benefits of smart card applications well into the future. And when they’re ready to maximize their smart cards’ functionality, they’ll already have the smart issuance part of the equation figured out.
Eric Widlitz is Managing Director, Identity and Access Management, with HID Global.
Page 2 of 2 pages <
Near Field Communications
Physical Access Control
Commenting is not available in this channel entry.