High-security smart cards, originally designed for logical access for government employees, are now being used for physical access as well. |
The convergence of logical and physical access control has taken longer than some stakeholders had expected. But several key factors have changed, paving the way for more businesses and government entities to use a single credential for physical access to entry doors and logical access to enterprise-wide computer systems. A new environment has even enabled convergence to go a step further by enabling physical and logical access to function as a single, seamless system.
Together, these factors in physical and logical convergence point to seven trends — developments that are generating new opportunities in this area for security systems integrators.
1 - FEDERAL MANDATES DRIVE ADOPTION IN CERTAIN INDUSTRIES
Logical access control is a much newer concept than physical access control. But increasingly, organizations in certain industries today are required to have logical access control. Diane Robinette, vice president of product marketing for Sunnyvale, Calif.-based software developer Proximex, points to the example of the petrochemical industry where logical and physical access control are included in Chemical Facility Anti-terrorism Standards (CFATS).
2 - GOVERNMENT USER REQUIREMENTS
Several years ago, a new standard for a high-security smart card credential known as FIPS-201 was created to control access by government employees to government computer systems. More recently, requirements for FIPS-201 cards have been expanded to include physical access to doors used by the same government employees.
ActivIdentity, a unit of HID Global based in Freemont, Calif., offers a product that enables a reader from a traditional physical access control system to accept a FIPS-201 card.
3 - SMART CARDS GO MAINSTREAM
In large part because of the increased use of smart cards for government applications, smart card costs have been decreased, making them a viable alternative to traditional proximity cards for businesses. Decision-makers in corporate information technology departments tend to be more receptive to the idea of using smart cards rather than prox cards for logical access.
“The cards used in physical access really aren’t that secure,” comments Bill Spence, vice president of transaction systems for Lumidigm, an Albuquerque-based manufacturer of biometric technology used for physical and logical access control. Traditional proximity communication methods have been hacked, he says, which means that until recently, when IT decision-makers asked if there was a credential conforming to the standards that they were accustomed to, “the answer was no.”
High-security areas may use two-factor authentication (such as a fingerprint and a scan of veins in the hand) before granting physical or logical access. |
But several sources interviewed pointed to the Ed-1 smart card standard as one that meets IT security requirements at a price that corporate users can afford. Bonsall, Calif.-based Innometriks, for example, offers smart cards using Ed-1 technology that cost less than $10 apiece, notes Innometriks’ CEO John Cassise. In comparison, Cassise says, the types of smart cards used by the government would cost commercial users about $150.
Jennifer Toscano, marketing manager for Carmel, Ind.-based Ingersoll Rand Security Technologies, points to another advantage of smart cards. The ones that Ingersoll Rand makes, she says, have areas on them that can be used for an additional credential. “You can have part of the card reserved for physical access, and only readers that communicate with that part of the card can communicate with and access that information,” she explains. “You could have a different section for logical access or use the same credential for both, depending on the system.”
Like the Innometriks offering, Ingersoll Rand’s corporate smart card is based on Ed-1 technology. Ingersoll Rand also offers a reader that can work with prox cards or smart cards, enabling an organization to continue to use existing prox cards today, but to transition to smart cards in the future.
4 - THE OPACITY STANDARD
In the past, a higher level of security in access control systems came with a time penalty. Systems took longer to approve a user for entry — and in high-traffic areas that could be a problem. But a new standard for access control credentials, known as OPACITY (for Open Protocol for Access Control Identification and Ticketing) aims to offer a high level of security without adding delay by using a faster algorithm, explains John Worrall, vice president of marketing for ActivIdentity.
“People want millisecond response times for the door to open,” Worrall describes.
5 - ADVANCES IN BIOMETRIC TECHNOLOGY
Some organizations prefer to use biometrics for physical and logical access control, eliminating the need for users to carry a card, as well as eliminating the possibility of one person using another person’s credential. Alternatively, some customers may want to enforce a higher level of security by using biometrics in combination with a smart card or proximity card — an approach known as two-factor or, depending on the number of technologies involved, multi-factor authentication.
But traditional biometric control systems have had certain drawbacks. While fingerprint-based systems were the most economical, they traditionally have had a high reject rate and some people cannot even be enrolled in the system because the technology cannot capture an adequate record of their fingerprints, Spence explains. This might be tolerable for physical access control, where companies may be able to devise a work-around such as allowing a guard to buzz in a person. But for logical access control, it’s more problematic.
Several companies, however, have made advances aimed at improving both the enrollment rate and the reliability of biometric technology.
6 - TIGHTER INTEGRATION OF PHYSICAL & LOGICAL ACCESS
Some enterprise customers are content to operate separate physical and logical access control systems that share a single credential. But others take integration a step further and have physical and logical access control operate as a single, seamless system.
Fujitsu Frontech offers converter boxes for traditional access control equipment to enable that equipment to communicate using IP, and as Christer Bergman, vice president of biometric solutions for the company, explains, “Once you have physical access solutions that support the Internet, real convergence will be very simple down the road.” True convergence, Bergman says, can provide an extra level of security by, for example, generating an alert if a person logs onto an organization’s computer system without first passing through a physical access control reader.
7 - CLOUD-BASED COMPUTING DRIVES GREATER INTEREST IN LOGICAL ACCESS
Also driving greater interest in logical access is increased use of cloud-based computing where an organization uses software or computing infrastructure housed in a remote data center and accessed over the Internet. Many organizations are turning to cloud computing as a way of reducing IT costs by minimizing the IT personnel resources required at each location.
But because cloud resources can be accessed from multiple locations, some organizations may want an extra level of security beyond simple password protection, Bergman suggests.