Securing your access control system with improved cards and readers technology

Access control systems come in different types to answer diverse security needs. While choosing an online access control system is often a more secure option than a standalone system, both can have advantages depending on the situation and environment of the installation.
Knowing the different technologies available on the market allows for informed choices to be made.

What level of security is needed
Standalone systems are considered less secure because they are less manageable than online access control systems. However, they could be what your installation needs or requires, depending on the number of doors, the level of security wanted, the users’ turnover...
If your installation has a higher security and management need, then an online access control should be considered. The ATRIUM system offers many security features: from allowing or denying access, to managing users’ rights and accessing their location in the event of an emergency.

The important step here is truly to decide what security is needed for the installation. One good way to do this is to do a risk assessment before specifying or installing a product.
For example, does the system administrator need to be able to duplicate credentials? Should credentials be individually secured? How willing are you for credentials to be copied? Does your data and credentials require a higher level of security?
Simple questions will help in deciding which access control systems to install and what reader and card technologies should be used alongside.

Securing credentials
In a secure, post-GDPR world, credentials and personal data are highly discussed. A credential is an attestation of someone’s competence and authority. When it comes to building management, a credential would hold information such as the person’s contact details and level of security (which areas they are allowed in, when they are allowed access or not...). Typically, tags and cards are used as credentials within an access control system.
Simple steps should be taken to secure credentials, such as discouraging the sharing of credentials between employees, ensuring the fast removal from the system of a stolen or lost credential, requiring two-factor identification or requiring a dual key or dual custody of sensitive areas...

On top of those steps, the credentials should be stored in secure devices. Manufacturers can add processes and systems to ensure credentials remain confidential and not accessible in the event of a cloning. While we aim to do so at CDVI, it is challenging to add securing to open standard hardware (such as most of the proximity cards and tags using 125KHz technology).

Different reader and card technologies
Proximity readers and cards were the very first version of contactless smart cards introduced on the market in the 1980s.
A proximity card contains a transponder (computer chip). The proximity reader used will transmit a radio frequency energy to the card or tag which will then transmits its identification number to the reader. If the card number is recognised, meaning the card is in the system, and the access levels are verified, the person carrying the card will be allowed access.
While efficient and cost effective, proximity readers and cards transmit information using low frequency (125KHz), employing an unencrypted frequency and making them easily cloneable.

To avoid this and as best practices solidified, more proficient technologies were introduced in the last ten years. Using 13.56MHz, MIFARE® and DESFire® cards and readers offer extra security, thanks to a different encryption protocol.
Those technologies are superior to traditional proximity has they offer a faster processor, more rewritable and lockable data memory, the ability to store software applications (such as secure computer log-ons) ... Most importantly, they are far more secure because the encrypted technology used makes it harder to clone credentials data.

Why choose the MIFARE® technology?
MIFARE® is different than the standard 125kHz proximity card because it is a read-write technology (as opposed to the read-only technology in proximity cards).
MIFARE® cards can be used for other applications than access control such as cashless vending, library membership, printer management...
MIFARE® is generally more secure than standard proximity.

Why choose the DESFire®technology?
DESFire® is an evolution of MIFARE®, offering a higher level of security and a greater operational flexibility.
The security of the card is improved by using encryption and the amount of data storage on the card is multiplied by four (compared to standard MIFARE®).
DESFire® EV1 & DESFire® EV2 are projected to remain the most secure RF technology until 2030 based on current technological trends.

Check out the full range of MIFARE® and DESFire® readers available at CDVI here.
Including the SOLSYS, our stylish new DESFire® EV1 reader.