CONVERGANCE STRATEGIES (SPECIAL REPORT): An 8 Step ID Card Plan
Technologies like RFID and smart card printers, which can both print information and encode security data on a card, mean security-conscious organizations can centralize their security systems to reduce errors and streamline the credential management process. Some card printer manufacturers are offering built-in Ethernet capabilities, making integration of the card printer into the existing security network faster and easier.
Here are eight steps to putting a dual-use smart card system to work, according to Mike Eneberg of Zebra Card Printer Solutions, Camarillo, Calif.
Policies and Levels
Enlist a Champion to Drive the TransitionThe role of Chief Security Officer is an emerging position in many security-sensitive organizations and is natural driver for this process. Alternatively, the IT department is an excellent choice because of its knowledge of technology, and its ownership of computer and network access security. In any case, adopting a converged system will include new hardware and support of networked card printers, making IT involvement and support essential.
Develop an Implementation PlanAn analysis of the required financial resources, and the organization’s internal planning and implementation competency should be conducted. System integrators can offer experience in assessing and implementing the right system – from smart card readers in computer workstations and network points of entry, to RFID readers at all doors.
Choose Your Access TechnologyNew developments in card technology and access control systems make this a critical decision. Smartcards (see sidebar) offer the best flexibility and security, but organizations can also choose magnetic stripe or barcode-based systems. Access control should be based on the level of security that best suits the organization.
Choose the Card PrinterThe printer is integral to the success of a dual-card system and deserves an extensive review. In addition to integrated encoding and printing capabilities, Ethernet networking capabilities are increasingly important to facilitate access to multiple networked security databases and to allow IT departments to use standard network management applications when maintaining the printer. Printers with dual-sided printing capabilities improve visual identification by reducing the amount of non-essential information on the front of the card, leaving more room for a larger photo. When selecting a printer, it is best to evaluate the organization’s needs for the next two to three years and ensure the printer is future-proofed to meet those needs.
Train the Help Desk
Staff on Password and Access Card Issues
Implement a Pilot ProgramSelect a group of people within the organization that will thoroughly test the new access system and will give good feedback. Tech-savvy team members from the engineering or IT departments should be included, but non-technical staff also should be represented to ensure the system is usable by the entire organization.
CommunicateThe entire organization should know the importance of the system and how it ties into corporate security policy. Training and security rule enforcement is essential, but communicating the importance of the system can also help engage employees to properly use the system. People must believe that it’s the right thing to do or they will find a way around it.
Following these eight steps will help an organization get the converged access system that is best suited to its needs. Once the system is up and running, the end user must pay attention to ongoing credential management considerations, such as reviewing policies for retiring badges or replacing lost badges to ensure that any new smartcard unique numbers are linked to proper employee data.
FIPS 201 connectionThe Security Industry Association has a report, The Roles of Authentication, Authorization and Cryptography in Expanding Security Industry Technology, which has impact on convergence and ID cards. This report, part of SIA’s Quarterly Technical Update series, explains key technological requirements for FIPS 201 compliance, as well as the major drivers for physical and IT convergence within the federal government: interoperability, enterprise-wide access control, increasing reliance on IP networks and adoption of digital certificates.
The 32-page report is available as a free download from SIA (www.siaonline.org) and CoreStreet (www.corestreet.com). Other Quarterly Technical Updates from SIA are also available on the SIA Web site for a relatively modest fee. SIA also offers a daily e-mail-delivered news services – also available at www.siaonline.org.
Getting Smart on Smart CardsContact standard ISO 7816 defines physical characteristics of a card, including dimension and contact position of the card and the electrical signals and transmission protocols.
Contactless standard ISO 14443 outlines contactless interface communications protocol, message sets, data dictionary and security protocols between the card and card interface devices.
De facto standards: Many de facto or vendor-specific standards are widely implemented. An example is Philips’ MIFARE, a contactless smart card technology that is used by many government agencies and companies. Before investing in a card printer, check to make sure that it will support the standards you’re working with.
Dual-technology cards: Two types of dual-technology cards are available. Hybrid smart cards consist of both a contact and contactless microchip for storing cardholder data, providing faster transaction speed and improved card reader reliability. Combi-cards have a single chip with separate contact and contactless interfaces. Generally, hybrid cards have a higher cost, but offer a higher security level due to the separate processors.