We hear a lot about Smart cards, but why? What makes them so great in comparison to traditional access control cards? First let’s look at traditional credential based access control cards, and then see what’s so smart about Smart cards.
At the basic level traditional access control cards act as the card holder’s verification ID and allow them to gain access through a door (or not) when swiped at a card reader. Traditional access control credentials using technology like 125 KHz Proximity have a hot stamp number or public CSN (Card Serial Number) attributed to the card; which acts as the card holder’s verification ID.
But there are two major security risks within access control that makes this technology now legacy and unsecure:
• Card Cloning: Copying of card credential data onto a blank card and relaying the information directly to the card reader to compromise electronic door security.
• Signal Sniffing: Copying the wiegand signal between the access control card reader and controller.
Legacy technologies such as 125 KHz Proximity, Mag-stripe, Barcode are all vulnerable with devices to clone these technologies freely available on the internet. As a future proof solution Smart cards offer the ideal way to combat against these vulnerabilities.
Smart cards are just that, cards that are smarter than traditional access control cards. They not only store data but have the edge with processing power. They are also highly secure as the stored data can be protected against unauthorised access and cloning through the use of sophisticated encryption.
Also with multi-functionality properties, smart cards can go beyond managing access control credentials into other business areas such as cashless vending. This makes smart cards a particularly attractive choice for schools and universities, where using one access card for managing other aspects of campus life like cashless vending, library access, printing credits to name but a few, is more efficient and cost effective.
For the highest level of security, Smart cards typically offer strong mutual ‘three-pass authentication’. This enables data transmission without the need to exchange or distribute private smart card encryption keys. A session key is used to create a secure pipe for all data between the card and the access control reader to prevent eavesdropping and assure privacy. Diversification using smart card technologies such as PicoPass then create ‘card specific keys’ that transform the card encryption into a moving target that is harder to hit. Smart cards physical security also includes scrambling of RAM and CPU to hide functional blocks on-chip, ensuring there is no reading of the RAM externally by interception and its multi-layer design also helps prevent against reverse engineering.
So given the high level of security and scope offered by Smart cards why do so many legacy technology cards and applications still exist? One word: Cost. However we are starting to see this shift now. When smart cards were introduced over three decades ago they were cost prohibitive to most, but they are now becoming cheaper. Also the threats of cloning and the costs of security and authentication breaches are becoming higher and more real. The industry wants to drive people towards these secure technologies.