The promise of improved card-based identification security through converged physical and logical access systems is becoming a reality. New access card technologies have improved the functionality and reliability of these systems dramatically.

Technologies like RFID and smart card printers, which can both print information and encode security data on a card, mean security-conscious organizations can centralize their security systems to reduce errors and streamline the credential management process. Some card printer manufacturers are offering built-in Ethernet capabilities, making integration of the card printer into the existing security network faster and easier.

Here are eight steps to putting a dual-use smart card system to work, according to Mike Eneberg of Zebra Card Printer Solutions, Camarillo, Calif.

STEP ONE

Assess Security
Policies and Levels

Organizational growth may necessitate upgrades to simple PIN-based computer security, or to manual credential management systems. In other cases, new government mandates like Sarbanes-Oxley are forcing change. Improved network security is often the biggest benefit of a converged access solution, because upgrading to a combination of card and a PIN code for network access makes it much more difficult for unauthorized access. However, an integrated credential management system improves physical security by reducing the possibility of errors in issuing credentials.

STEP TWO

Enlist a Champion to Drive the Transition

The role of Chief Security Officer is an emerging position in many security-sensitive organizations and is natural driver for this process. Alternatively, the IT department is an excellent choice because of its knowledge of technology, and its ownership of computer and network access security. In any case, adopting a converged system will include new hardware and support of networked card printers, making IT involvement and support essential.

STEP THREE

Develop an Implementation Plan

An analysis of the required financial resources, and the organization’s internal planning and implementation competency should be conducted. System integrators can offer experience in assessing and implementing the right system – from smart card readers in computer workstations and network points of entry, to RFID readers at all doors.

STEP FOUR

Choose Your Access Technology

New developments in card technology and access control systems make this a critical decision. Smartcards (see sidebar) offer the best flexibility and security, but organizations can also choose magnetic stripe or barcode-based systems. Access control should be based on the level of security that best suits the organization.

STEP FIVE

Choose the Card Printer

The printer is integral to the success of a dual-card system and deserves an extensive review. In addition to integrated encoding and printing capabilities, Ethernet networking capabilities are increasingly important to facilitate access to multiple networked security databases and to allow IT departments to use standard network management applications when maintaining the printer. Printers with dual-sided printing capabilities improve visual identification by reducing the amount of non-essential information on the front of the card, leaving more room for a larger photo. When selecting a printer, it is best to evaluate the organization’s needs for the next two to three years and ensure the printer is future-proofed to meet those needs.

STEP SIX

Train the Help Desk
Staff on Password and Access Card Issues

According to industry estimates, between 30 and 60 percent of help desk calls are for password resets. A recent survey of almost 1,700 U.S. enterprise technology end-users, commissioned by RSA Security, showed that 28 percent of respondents managed more than 13 passwords at work, while 30 percent juggled between six and 12 passwords. With the changes in card access processes, help desk calls will go up and training is the best way to streamline the transition the new system.

STEP SEVEN

Implement a Pilot Program

Select a group of people within the organization that will thoroughly test the new access system and will give good feedback. Tech-savvy team members from the engineering or IT departments should be included, but non-technical staff also should be represented to ensure the system is usable by the entire organization.

STEP EIGHT

Communicate

The entire organization should know the importance of the system and how it ties into corporate security policy. Training and security rule enforcement is essential, but communicating the importance of the system can also help engage employees to properly use the system. People must believe that it’s the right thing to do or they will find a way around it.

Following these eight steps will help an organization get the converged access system that is best suited to its needs. Once the system is up and running, the end user must pay attention to ongoing credential management considerations, such as reviewing policies for retiring badges or replacing lost badges to ensure that any new smartcard unique numbers are linked to proper employee data.

FIPS 201 connection

The Security Industry Association has a report, The Roles of Authentication, Authorization and Cryptography in Expanding Security Industry Technology, which has impact on convergence and ID cards. This report, part of SIA’s Quarterly Technical Update series, explains key technological requirements for FIPS 201 compliance, as well as the major drivers for physical and IT convergence within the federal government: interoperability, enterprise-wide access control, increasing reliance on IP networks and adoption of digital certificates.

The 32-page report is available as a free download from SIA (www.siaonline.org) and CoreStreet (www.corestreet.com). Other Quarterly Technical Updates from SIA are also available on the SIA Web site for a relatively modest fee. SIA also offers a daily e-mail-delivered news services – also available at www.siaonline.org.

Getting Smart on Smart Cards

Contact standard ISO 7816 defines physical characteristics of a card, including dimension and contact position of the card and the electrical signals and transmission protocols.

Contactless standard ISO 14443 outlines contactless interface communications protocol, message sets, data dictionary and security protocols between the card and card interface devices.

De facto standards: Many de facto or vendor-specific standards are widely implemented. An example is Philips’ MIFARE, a contactless smart card technology that is used by many government agencies and companies. Before investing in a card printer, check to make sure that it will support the standards you’re working with.

Dual-technology cards: Two types of dual-technology cards are available. Hybrid smart cards consist of both a contact and contactless microchip for storing cardholder data, providing faster transaction speed and improved card reader reliability. Combi-cards have a single chip with separate contact and contactless interfaces. Generally, hybrid cards have a higher cost, but offer a higher security level due to the separate processors.

Links

• Download the Report at www.siaonline.org
• Download the Report at www.siaonline.org
• Report is also available at www.corestreet.com
• Report is also available at www.corestreet.com