Key Considerations for Smart Card Access Control Deployments

0
1105

Smart card technology allows a user to carry specific computing power in their wallet. A smart card is a small plastic card with an embedded computer chip. The built-in chip can either be a microprocessor with internal memory or a memory chip with non-programmable logic. They can be customized and programmed for receiving, storing, processing and transmitting data.

A contactless smart card is a variation of smart cards. It contains a chip and radio frequency identification (RFID) antenna (copper or aluminum) attached to the chip for reading and writing information from the chip’s memory.

To complete any transaction, contactless cards do not have to be swiped or inserted into a smart card reader. Instead, they only need to be waved over within range of the electromagnetic field of the reader to read and store information in the chip. ISO/IEC 14443 defines the standard for contactless smart card communications. It allows for communications at distances up to 10 cm (3.9 feet). The range of operation of the contactless smart card can typically vary from 63.5 mm to 99.06 mm (2.5 feet to 3.9 feet) depending on the range of the reader.

Contactless smart cards have a wide-range of applications in payments solutions, identity management solutions, transport and ticketing, among others. Below we’ll concentrate on smart card applications in enterprise access control and identity management solutions.
Smart cards can be used for implementing both logical and physical access control solutions in organizations in combination with other authentication mechanisms as required.

Physical Access Control is the process of identifying employees or other personnel when they physically enter the premises. Smart ID cards are being increasingly used by businesses, government and educational institutions to restrict physical access to their offices or different zones within a office/campus. Security professionals can implement sophisticated organization level security policies using smart cards.

Logical Access Control refers to the process of identifying a user on the network and providing access to the networked resources used by the organization. Employees use wired and wireless networks to access resources such as printers, scanners and other equipment. A simple password-based authentication may not be enough to provide the required levels of security. Smart cards can be used in combination with other authentication methods to provide multi-factor authentication and strengthen the logical access security.

A single ID card can be used to provide both physical access to the premises and support logical access to various applications and network resources thereby reducing cost and increasing end-user convenience.

Implementation Considerations
The process of implementing access control solutions using contactless smart cards across an organization is not simple. There are multiple factors that need to be considered to ensure that an enterprise-wide solution can be deployed seamlessly and effectively.
Policy makers need to decide the level of personalization required for each card. Many organizations print the user’s photo and designation on the smart card. But personalizing smart cards increases the complexity of card life-cycle management systems.

The life cycle for a card would start from the moment the user becomes a part of the organization and is given a new card and ends when he leaves the organization and returns the card. Policies should be implemented in the access control systems to prevent card misuse and manage the overall life cycle of a user + card.

For large enterprises with multiple branches, compatible card readers should be physically installed at all locations and a distributed access control system should be in place to ensure that employees based in one physical location may or may not access specific resources at other locations.

The access control and card management solution may also be used to track users in/out time and intermediate activities on the network. Attendance and leave management and payroll calculation solutions may interface with the access control solution to determine the employee work hours. Since employees may tap-in and tap-out multiple times during the day, determining the most relevant in and out time for the day is a challenge for many organizations.

Emergency access procedures should be in place for situations like lost or forgotten cards, fires, or fault in access control software. Contactless smart cards can offer an efficient, sophisticated, secure and cost-effective solution to the identity management and access control problem. An initial investment is required to get everyone in the organization on board, set up relevant policies and procedures and identify or build a solution that satisfies all the security needs of the organization.However once implemented, it is convenient and time-saving reducing the time spent by gate-keepers, and/or receptionists who are responsible for ensuring the physical access control as well as network administrators who are responsible for logical access control in the organization.