July 2011


I'm sure you've witnessed the culture clash that occurs...

...between the engineering and marketing departments before. If not in real life, surely you've read the comic Dilbert® by Scott Adams before, right? Well, recently I have had the opportunity to step away from my role as a Materials Engineer at HID Global on a part-time basis to work in Product Marketing on the introduction of a Secure Proprietary Consumables System for end users of HID FARGO® Card Printer/Encoders.

Having worked on numerous cross-functional project teams for the last eight years, I've had plenty of opportunity to gain an understanding of customers' varied needs for security. For example, look at the FARGO HDPii Card Printer/Encoder with additional security features such as a lockable housing and data encryption support, developed to address the specific hardware and data communications security needs of the financial card issuance industry. Another example is the FARGO Visual Security Solutions program that offers customers peace of mind by enabling them to issue cards with the right amount of security for their organization.

Solutions from HID Global have to satisfy a wide array of customers, from the small 20-person organization all the way to the large government organization looking to issue 250,000+ drivers license, military ID or national ID cards. HID meets these challenges well, and customers continue to look to HID for new solutions to their organization's problems. These requests mean a lot to HID and help us to develop even better products and solutions.

That's why I am excited to have helped define the new Secure Proprietary Consumables System for FARGO printers. With the rollout of the consumables system, HID offers customers a means of wrapping another layer of security around their entire large card issuance projects: using contactless technology to create a proprietary link, HID pairs one organization's FARGO consumables and FARGO card printer/encoders, minimizing their risk of fraudulent card production if protected consumables are stolen.

As for me, my tenure with the Product Marketing department is set to continue for a few more months. While I have enjoyed my journey so far, it hasn't been without challenges. But still, my Engineering colleagues suddenly seem to think that I am being lured by the market-facing dynamic of the Product Marketing role...and being even closer to the voice of the customer.

I can't say they are wrong.


In the early days of the Internet...

...Public Key Infrastructure (PKI) was touted as the most secure way to authenticate users, devices, and documents. Excitement built, IT decisions makers began to investigate, and many articles were written. Then, quite suddenly, there was a large media backlash against PKI. It was a sledge hammer used to kill a fly. It was arbitrarily complex and required labor-intensive key ceremonies with other organizations to deliver some features such as encrypted or digitally-signed email. It was overly complex for mere mortal IT professionals, and surely there were simpler methods of authentication such as OTP that enterprises could use. PKI became almost an IT boogie man.

Then a funny thing happened. Two things, actually. First, PKI was adopted by governments and powerful credential management software (CMS) was created to automate much of the credential issuance, update and revocation process. Ecosystem vendors such as Microsoft, Juniper, and Cisco built PKI support into their offerings. CMS software eventually made its way into appliances that could provide a much simpler "sweet spot" PKI solution for "closed-loop" PKI (Issuer and Authenticator are part of the same organization hence greatly reducing the number of parts in the system). Second, security threats began to attack aspects of the most common OTP (e.g., the RSA breach and subsequent Lockheed Martin attack), causing enterprises to wonder what better authentication methods are out there.

Today, PKI is getting a second look. Many people still have a knee-jerk suspicion that PKI was designed to make them feel stupid, but modern closed-loop PKI managed by an appliance does just the opposite. New CMS appliances make it so IT doesn't even have to understand PKI to deploy a military-grade smart card solution.

In retrospect, as an Internet Meme, PKI suffered from hype before the tools were in place to manage it, and from security experts getting over excited and describing the ultimate PKI solution possible, even though few Enterprise users needed some of the more esoteric, complex and labor-intensive features. When PKI vendors got carried away educating users about every possible use case, they turned potential users off of the most high-value, low-cost use cases. If I were to tell you I could give you a device that you just plugged into your PC, it worked like an ATM card and gave you secure access to PCs, networks, cloud applications, and VPNs, you would probably think, "Hey that sounds easier for users than clunky OTP tokens, how do I get that?." This is not your father's PKI.


New technologies and heightened security concerns...

...are prompting many organizations to migrate their access control systems since migration can improve security. While migrating to newer technology requires an investment, it also delivers a return on that expenditure, including reduced insurance premiums due to better risk management and cost savings associated with averting a crippling security disaster. Migrating to newer, high-frequency technologies also offers the opportunity to combine multiple applications on a single card for building access, vehicle tracking, energy management, time and attendance, cashless vending and other applications.

A number of other situations can trigger the decision to migrate, including mergers and acquisitions, facility and staff expansion, and the desire to move to multi-application cards. Additional migration drivers include risk-management requirements, new contract-related or regulatory mandates, or a security breach.

A major part of the migration process is identifying a migration partner. Flexibility is the key, and a phased approach is most effective. It can take days or weeks to change all readers and badges, but high-frequency smart cards and readers incorporate the necessary technology to make this easier while simultaneously ensuring interoperability with legacy and future systems. Multi-technology cards and readers are a particularly effective tool for simplifying the migration process, by helping to bridge the gap between legacy and new technology. These cards and readers also enhance deployment options while enabling employees to use a single card for many functions. A multi-technology strategy offers the ability to use existing cards, deploy multi-technology cards, and transition to new, contactless, smart-card technology without having to change the access-control system cardholder database.

Moving to advanced access control technology is a significant undertaking but improves security while enabling multi-technology card capabilities. A critical key to success is finding a vendor partner capable of meeting today's needs while providing a solid, scalable platform for the future.


Over the years, Korean organizations such as the army, other government agencies, financial institutions and other enterprise organizations have been using legacy, low frequency technology cards for physical and logical access control.

In addition and due to rapid growth, decentralized administration systems and/or multiple physical locations, an organization may end up with several different access control systems. Since new technology offers the ability to issue or change credentials remotely, it’s now possible to integrate access control into one system that is centrally managed. Standardizing all locations and employees into one system can increase security and improve resource management, thus driving the desire to migrate to high frequency smart card technology.

In response, today’s platforms have evolved to support the convergence of multiple technologies and applications in the single reader-credential solution. Multi-technology cards bridge the gap between just about any legacy system and today’s secure contactless technology. A single smart card can securely house up to four different access control technologies, including Weigand, magstripe, low frequency, high frequency, or a contact chip.

Another way to handle migration is to install readers that use both the old, low frequency and new, high frequency technologies. This provides a high level of flexibility for an organization to develop a migration plan that serves its unique requirements. New multi-technology readers combine a wide variety of low frequency technologies with high frequency contactless smart card and reader technologies into one platform, enabling the use of existing credentials, deployment of multi-technology cards, and the transition to new, contactless, smart-card technology without having to change the access control system cardholder database.

Solutions such as HID Global’s 13.56 MHz contactless smart card readers and credentials provide versatile interoperability while also supporting the convergence of multiple applications, such as biometric authentication, cashless vending and secure PC logon.

All of these factors are continually driving the increase demand for migration solutions; this increase is also reflected in recent access control deployments in Asia, including the Postal Savings Bank of China and others.  As government and commercial organizations continue to follow this trend, migration to high frequency credential and reader technologies are expected to fuel the next phase of growth in Korea.