Access Control – Your life made simpler
by BQT Solutions Limited

Historically, security has been the bane of many company executives as it is sometimes difficult to justify the costs against the potential risks.

However with Health and Safety legislation together with good practice Business Continuity Planning, the protection of people, buildings and intellectual property has become a board room issue. Usually physical security matters are the responsibility of the security department whilst network or computer security sits with the IT director. Seldom do these two departments have the same reporting line, objectives or business requirements. However, times are changing and more and more large corporations are seeing the benefit of combining physical and logical security in a number of ways. With IT networks becoming more robust and bandwidth issues a concern of the past it is easier to use the LAN as the communication bus for the security data of both building and PC’s. This approach enables huge savings on installation and future maintenance costs.

 

Controlling access to a facility can be complex. Staff require access to the right facilities at the right time whilst keeping unauthorised people out. Controlling access to computer systems can also be challenging. Staff need access to the right applications without being burdened with an “over the top” password system whilst also keeping unauthorised people out. Similar goals, very disparate systems.

 

Future access control systems, whether they are for physical or logical access, need to be flexible enough for the multi-function environment we work in today and be able to control access to data ranging from “public” to the highly sensitive. It is imperative that companies adopt an approach that will enable an overarching access control strategy that can utilise a variety of authentication methods (cards, PINs, biometrics or a combination thereof).

 

Controlling access to a computer system historically has been with the use of a password. For most people, a password is simply a spouse’s name, favourite food, song title or pet’s name and can easily be broken or deciphered. Physical access control is often worse in that it often employs a simple unencrypted mag-stripe or prox card, which (if lost or stolen) can be easily used by unauthorised persons.

 

Both the access control and computer systems need a cost effective and appropriate level of security. The good news is that this can be achieved be using a smart card.

 

But, choosing the right card is vital. It should be:

  • A card that can be personalised.
  • A card that is easy to use.
  • A card that is easy to manage.
  • A card that can be implemented on current applications and supports future requirements.
  • One card that is capable of being used in many ways; such as access control, time and attendance, computer and application logon or storage of personal data for e-cash payments.
  • A card that is secure.

In order to combine “physical” access and “logical” access the most appropriate token is a Mifare® (manufactured by Philips Semiconductors) contactless smart card. This allows a user to “show” their card to the reader and the system will read the cards credentials and pass this information onto the back-end system which holds that individuals access rights. There are no contacts to wear or get damaged on the card or reader; this means a longer life for both card and reader adding further savings.

 

As Mifare® smart cards have no contact plates for data exchange; communication with a reader is achieved using wireless technology, commonly referred to as RF. The phase signal and the energy to power the card are transmitted via a high frequency signal from the reader to the card, securely sending data bi-directionally and providing a fast and very efficient data exchange. Mifare® is a close read range technology, up to 10cm, and is ideally suited for security applications.

 

As with all technologies there are a variety of solutions on the market, ranging from the cheap and cheerful to the extremely complex. Ascertaining the right solution for your specific requirements is often a daunting experience. Options range from secure or non-secure cards, reader types and the data communications between them. Choosing the right solution is critical to your company’s ability to ensure a return on the capital invested.

 

It is important to ensure that when choosing a card/system, it complies with existing ISO standards. For instance ISO 14443 and ISO 15693 are standards that define intelligent read/write devices that are capable of storing a variety of data sets and operating over specific distances. If a smart card is used to store user information it should provide enhanced privacy – the stored information is owned by the user and the user has control over access to this information. Adherence to standards could also ensure that the system you choose adopts an open standard and does not operate in a proprietary format.

 

It is also important to ensure that your chosen solution is fully scaleable and simple to upgrade, allowing cost effective changes.

 

Key areas of the business may need stronger user authentication to gain access, where proof of identity is also required as well as ownership of a smart card in this case the system should be able to use a combination of a smart card and a biometric. An example of this may be the computer centre, or bank vault.

 

Biometrics is a way of identifying or verifying the claimed identity of a person automatically by using either their behavioural or physiological characteristics. Most systems don’t normally have the luxury of being able to monitor a persons behaviour over a period of time so their physiological characteristics are used e.g. a fingerprint, face or iris scan. Adding a biometric identifier ensures that the correct user and card must be present, so eliminating the possibility of shared cards.

 

BQT Solutions Limited is an international technology company dedicated to providing high-end secure security solutions to meet the demands and requirements for security in today’s world and is a Global Leader in Mifare® Contactless Smart Card Applications, Biometric Access Control & Personal Identification Technology for both physical & network security applications.

 

BQT’s “ miPASS‘ access readers provide more than a standard proximity card, Magstripe card, personal identification number (PIN) or even proprietary smart card systems. By providing unique encryption keys, miPASS access readers will only read cards that possess those matching keys, resulting in a higher security level than systems offering standard industry or proprietary smart cards. By employing the miPASS DESFire card together with the DESFire contactless smart card access reader, triple DES encryption is used enabling the most secure card transaction process available today.

 

BQT can also offer the added biometric factor, with a range of fingerprint, 3D facial or Iris scanning technologies. BQT’s unique solution ensures the security and privacy of biometric data by encoding an algorithm of the users’ biometric template into the Mifare® smart card. The biometric authentication is managed within the reader, there is no central database, and all the transactions are processed on a one-to-one basis, improving the false accept / false reject rate substantially. This reader technology provides a highly secure environment and enables an easy and cost effective up-grade path to biometric security which fits well with today’s ever changing working practices. Where there are situations using hot-desking or other multi-user environments, such as hospital wards, military installations or government departments, differentiating between authorised and non-authorised users is possible by using BQT’s simple biometric technology.