Today’s security system specifiers, designers and integrators face the constant challenge of maintaining their technical knowledge base so they can evaluate, recommend, and deploy new products to better solve their client’s problems. The speed at which technology enables new products to be introduced into the marketplace compounds this challenge. Often times the result is a period of confusion and/or misunderstanding while industry professionals work through the noise in an effort to identify the applicable features and attributes that truly matter. This is true today with the increased use of 13.56 MHz contactless smart card technology in physical access control - the important features and attributes of the technology are not yet fully understood, making it difficult to properly evaluate product offerings.
Obviously, there are inherent attributes of 13.56 MHz contactless smart card technology that make it the only choice for certain applications (e.g. read/write applications). But for the purpose of this discussion, the focus will be on comparisons of the two technologies exclusively for use in physical access control applications. Fundamentally, contactless smart card technology is superior to 125 kHz proximity in two primary areas relevant specifically to physical access control: data security and flexibility of formats. 125 kHz proximity does not offer any effective level of security in regards to the transmission of card data from the card to the reader. Essentially, once the proximity card is activated within the field of the reader, card data is transmitted to the reader (basically a free read). With contactless smart card technology, the computing power of the contactless smart card chip may be leveraged to increase card data security through the use of cryptography, and encryption.
For example, HID Global’s iCLASS has optimized the security features offered by the contactless smart card technology. The card format data is stored in a secure memory location within the contactless smart card IC. This access control data may only be accessed by using 64-bit diversified security keys based on a unique card serial number. By using diversified unique keys, and industry standard encryption techniques, the risk of compromised data or duplicated cards is virtually eliminated.
Even if an unauthorized person obtains a reader, without the keys, the reader will not authenticate with the card and data will not be transmitted. RF data transmission between the card and reader is also encrypted using a secure algorithm so that the transaction between the card and reader cannot be “sniffed” and replayed to a reader. In addition, the cards and readers authenticate each other using a symmetrical key-based algorithm. For even higher security, card data may also be protected with DES or triple-DES encryption. It is important to note that although contactless smart card technology offers various levels of data security, not all suppliers enable and/or optimize them. If not deployed properly, the user may not experience any increase in security over that of 125 kHz proximity.
When purchasing a card for physical access control, the visible object is a piece of plastic that contains an antenna and electronics to allow storage and transmission of data. The tangible benefit that is being purchased is the actual data format itself. The data stored in the card essentially consists of a string of numbers. A format explains what that string of numbers mean and how they are used in the access control system. Back in the era of magstripe technology, the length of the format was limited by the physical length of the magnetic stripe (e.g. Track 2 is encoded at 75 bits per inch and with 5 bits per character including parity, offers a maximum of 37 numeric characters). The typical HID 125 kHz proximity format can be up to 84 bits long. Therefore, considering the data capacity of any given technology, there is an finite number of unique numbers that can be stored. With contactless smart card technology providing options for much larger memory capacities, the size of formats can be greatly increased. This is becoming increasingly important as the population of access control systems increases, making unique card numbering increasingly difficult with some of the limited format structures. Therefore, the scalable memory structure of contactless smart cards allows extended format styles to be deployed as the market changes.
Those that do not consider contactless smart card technology for their design solutions because “Our client is not that sophisticated”, may not have recently analyzed the performance enhancing attributes inherent to the technology. Further, they may be unaware that this increased security and performance can now be provided at the same price as legacy 125 kHz proximity. Today, it is quickly becoming the expected standard to specify and deploy contactless smart card technology in physical access control cards and readers.