SecurityWorldMarket

21/10/2022

The importance of future-proof access control

Oulu, Finland

According to Idesco in Finland, reader choice has the greatest influence on the future functionality and expandability of an access control system. So, here, the company identifies factors that must be considered to make the best RFID reader choice.

Idesco’s Mifare Desfire readers are already based on the latest technologies, and offer secure data protection, all the way from user to host. Now, they are also mobile-compatible, to simplify any future migration to mobile access. Robust, durable, outdoor-compatible Idesco readers are designed to allow the user to build a long-lasting, energy-saving access control system with minimal maintenance costs.

Secure technology

In many countries, RFID’s dominant access control technology has lagged behind in so-called UID, with most cases using low frequency, 125 kHz proximity technologies. Such technologies use nothing more than a card’s unique serial number (UID) to identify users. Since the cards don’t protect data, they can be easily read and cloned with readily-purchased devices.

Thus, the first task for future-proofing is to choose a secure technology. The best ones differ greatly from UID by providing highly-secure AES128 bit encryption. Such encryption is essentially thought to be unbreakable – the same used to protect digital payments. Secure access cards and their readers will often be assigned and programmed to a shared mutual security key. That is how they recognise each other during their ‘conversation’, which is technically referred to as the ‘mutual authentication process’.

Open or closed technology

Another important factor is that some secure technologies are proprietary, or ‘closed’, while others are referred to as ‘open’ technologies. A closed, proprietary technology only allows readers, cards and their programming to be purchased from a single supplier. This can leave users vulnerable to, not just price and product availability, but also constrained delivery times, turnaround delays for service and support and whatever product development roadmap they prefer. In short, the user becomes vendor-locked to a sole source.

By contrast, open technologies subscribe to common standards. However, they also provide an array of remarkable benefits only available in a common standard. For example, Mifare devices from different manufacturers remain compatible with each other: a valuable benefit to purchasers. By choosing open standard Mifare Desfire for a system, users remain free to purchase future devices from any manufacturer they prefer without constraint. 

Even Desfire can lock in users

Security keys and their programming are the core of a secure access control technology. Interestingly, an open technology issue that often gets overlooked is that even a Desfire supplier can ultimately ‘vendor-lock’ a user. How so? It is because ownership and management of a site’s security keys and their programming is often ignored. That means, before a  device manufacturer is chosen, users should also decide who will own and manage their security keys. According to Idesco, some manufacturers will withhold security keys if users discontinue sourcing from them. So, once again, users can be prevented from getting compatible readers and tags despite using Mifare Desfire for their system.

In contrast, the Idesco Desfire readers also protect the user's freedom to decide who will manage their security keys. The company often manage sites’ security keys according to the latest information security practices, but equally as often, however, customers will manage security keys, and programme readers and cards themselves.  With Idesco’s in-house coding, users retain that flexible, secure, future-proofed option if they later decide to change their approach to security key management.

System security

Although encrypting the data travelling from card to reader (as in Desfire), powerfully enhances security, traditional Wiegand lines may still create a vulnerability for a system, because Wiegand cables transferring data from readers to hosts, are, according to Idesco, forced to strip away that protection, potentially causing a security risk.

In this case, Idesco the option to implement OSDP over RS485 cable as a solution. OSDP is a highly secure, open standard data protocol for mediating reader-host data transfer. OSDPv2 provides robust encryption, similar to Desfire, but it also possesses other benefits. Since OSDP is a bi-directional communication protocol it also supports sending data ‘downstream’ from hosts to readers. It means reader updates can be pushed fast and conveniently ‘downstream’ from the host system.

Mobile-compatibility

Using a mobile phone to access doors continues to grow in popularity. If a user anticipates implementing mobile access at some point, Idesco recommends that users consider implementing a gradual migration into Idesco’s mobile-compatible Mifare Desfire readers. In addition to their mobile phone reading capability they remain fully-compatible with traditional Mifare Desfire tags.

Robust, updatable devices

For users, interaction with a system is always via its deployed readers. Therefore, the user-friendliness of the readers powerfully shapes how users feel about the system.  This means that the more attention paid to small details in reader design is  essential. Cumulatively, these details help minimize system maintenance costs.

For example, Idesco offers, optical tamper alarms which according to the company are more reliable than vulnerable mechanical tampers for notifying when a reader is violated. High IP and IK ratings also mean Idesco readers offer resistance against moisture, dust and impact to keep them robustly reliable, for installing outdoors or in public places. Finally, their fast and easy installation combined with convenient reader updating will help keep the overall system costs to a minimum.


Tags


Product Suppliers
Back to top