HID Global has been continually receiving inquiries regarding the trend towards converged physical and logical access control, but what does it take to make this increasingly important technology a reality for government and enterprise organizations?
While converged access projects can often leader to broader identity management initiatives, a basic converged access solution requires only four key elements to get a project started.
1.The first required element is a credential management system that provides a single platform for issuing and managing devices and credentials over the course of their lifecycle.
2.Second, the credentials themselves are most certainly a necessity. Most organizations initially require multi-technology cards in order to more seamlessly support multiple reader technologies while they move toward a more standardized reader type or the use of PKI at the door.
3.The third vital element is the card reader. Options are available for desktop/laptop, general-use and multi-technology smart card applications. HID's pivCLASS readers are also available to enable U.S. government agencies to support Personal Identification System (PIV) cards as part of the Federal Information Processing Standards Publication 201 (FIPS 201) program, without a wholesale "rip-and-replace" of their existing system.
4.The last required piece of a converged solution is the ability to create customized photo IDs and encode smart cards for physical and logical access control, typically through a choice of high-definition and direct-to-card printer/encoders.
For a full, converged solution with all the 'bells and whistles', there are a few more options which can provide a well-rounded solution that is second-to-none, including an authentication server that eliminates the vulnerabilities associated with static passwords while supporting compliance with industry and government regulations covering multi-factor authentication, authorization and auditing.
Previously a mandatory component in a converged access solution, smart card middleware for handling the secure communications for PKI transactions is also useful as it allows government organizations to easily use smart cards and USB tokens for a variety of desktop, network security and productivity applications. Many operating systems are also now including basic inherent drivers for cards that have a PIV-compliant card edge.
A final consideration is for organizations to future-proof their solutions and investments for deploying converged physical and logical access control on mobile platforms. The ability to put a secure credential on NFC-enabled phones for permission-based access control makes smartphones an ideal platform for carrying multiple types of physical and logical access credentials.
Together, these elements comprise the key ingredients of a forward-thinking and fully comprehensive physical and logical access control solution that is designed to improve user convenience while enhancing security, reducing cost, streamlining management, and simplifying policy compliance and associated auditing requirements.
It is no surprise that airports look to HID Global when challenged to deploy multiple layers of access control for restricted areas, while providing a flexible solution that is convenient and accommodates high volume traffic with large numbers of users.
In Latin America, HID Global is the trusted brand for major airports, including the International Airport of Mexico City, which one of the world's 30 most active airports in terms of passengers, operations and cargo. Located six miles east of Mexico City, the airport is Mexico's primary international and domestic hub with direct flights to more than 300 worldwide destinations.
A major airport construction is underway at another one of the most important hubs in the region (that is also ranked among the world's top 50th busiest airports for passengers). The airport also selected HID Global for their access control needs. As one of the most is politically and economically important airport in the region, it serves as its nation's primary international gateway, accounting for 49% of the total air traffic in the country. HID iCLASS credentials and readers were the access control solution of choice to meet the airport's security requirements. In certain areas where additional security was necessary, a dual factor authentication solution was implemented the iCLASS RK40 reader plus keyboard combination and bioCLASS readers for biometrics. The project included delivering secure access to over 120 doors.
Even though each airport in the region has its unique set of requirements, HID is able to deliver on a range of solutions, from systems that enable the use of multiple types of credentials on one reader, to providing a solution that utilizes readers designed to match specific risk levels by incorporating PIN and biometric verification for higher security.
This particular airport modernization project also includes a demolition plan of the current airport and construction of a completely new airport, which will undoubtedly be the largest infrastructure project in the city. When completed in the summer of 2014, it will be the largest and most modern airport in Latin America.
All of Latin America is also full of airport success stories where HID has been the brand of choice in access control. In Brazil, as the country prepares for a major infrastructure investment in airports to accommodate the major events such as World Cup in 2014 and Olympic Games in 2016, I am sure we will also be seeing a lot of HID Global products and solutions deployed as an important part of this major project for the country as well.
The Bring Your Own Device (BYOD) mobility deployment phenomenon - where you're allowed to use your smartphone for work -- is growing in popularity as today's smartphones simultaneously grow in capabilities.
We can use our phones to access computers, networks and associated information assets, and to open doors and enter secured areas. Deploying these applications in a BYOD environment requires security assessment, proper planning and the right technology and provisioning infrastructure.
Physical access control is among the most recent capabilities added to today's smartphones. This requires a new identity representation that operates within a trusted boundary so that BYOD devices and their transactions can be trusted within the access control managed network. The boundary provides a secure communications channel for transferring information between NFC-enabled phones, subscriber identity module (SIM) cards, and other secure media and devices.
Using this framework, organizations can issue digital cards and keys to mobile devices via an internet portal (similar to the traditional model for purchasing plastic credentials, but connecting the BYOD via a USB or Wi-Fi- enabled connector), or from an over-the-air from a service provider (akin to how today's smartphone users download apps and songs). Digital ID's representing cards and keys can also be shared with authorized users via NFC "tap-n-give" provisioning, depending on the organization's security policies.
This secure mobile provisioning model eliminates the traditional risk of plastic card copying and makes it easier to issue temporary credentials, revoke or cancel credentials when they are lost or stolen, and monitor and modify security parameters if required, such as when the threat level increases. Organizations also can offer dynamic, context-based rule-setting, such as invoking two-factor authentication, and they can support variable security levels and use additional data elements. For instance, two-factor authentication could be dynamically invoked when there is an elevated threat level, and an application could be pushed to the phone that requires the user to enter a 4-digit pin or to gesture-swipe before it sends the message to open the door.
Smartphones can also generate One Time Password (OTP) soft tokens for securely logging on to another mobile device or desktop computers for accessing the network. As physical and logical access control applications move to BYOD smartphones, there are several issues to address. First, all applications and other ID credentials must be containerized between personal and enterprise use. Apps also must be enabled for use with digital keys and cards (i.e., to support PIN entry to "unlock" key usage for authentication or signing). Additionally, middleware APIs must be standardized so that ID credential functionality can be exposed to the application.
It is an interesting time in the industry as the coming generation of BYOD mobile access control solutions are sure to deliver improved convenience and management flexibility while ensuring highly secure transactions between smartphones, computer and networking resources, the physical access control system, and new cloud-based and over-the-air identity delivery infrastructure.
The goal of the Department of Homeland Security for the U.S. Green Card is to stay years ahead of counterfeiting techniques.
In a card designed to last 10 years, this is vital. This objective has driven breakthroughs in micro imaging and printing, visual security and optically variable devices, as well as in construction and manufacturing techniques. These techniques are so difficult to counterfeit and mass-produce that they have effectively put large scale counterfeiting out of the reach of criminal forgers.
When undertaking large-scale ID programs, planners are confronted with difficult choices. First, every project is a custom project. What works for one program may lead to difficulties in another, and there are no set rules to follow. Customers find themselves facing a bewildering array of ID technologies and suppliers, while misguided choices have frequently led to delays or even suspension of projects before they can start, or unexpected problems after implementation has begun.
For this reason, many countries about to embark on major programs seek to emulate the successes of other high profile projects. The U.S. Green Card has formed the model for a number of current programs such as the Costa Rica Foreign Resident Card, the Angola National ID Card, Italy's Carabinieri (police force) Card and Saudi Arabia's National ID Card. Each of these programs specified the need to be secure, durable, resilient, compliant, counterfeit resistant and tamper-proof. At the same time, no two government programs are alike; each is highly customized and meeting the needs of national ID program decision-makers is more challenging than ever before.
With the additional need for future-proofing and integration with national systems, the industry must continue to innovate on all fronts to deliver new programs to specification, on time and on budget. At HID Global, we are addressing these requirements by leveraging our continually growing expertise to add unique value to new programs.
Learn more about other key trends shaping the future of government and national ID card market here, and I am also interested in hearing what you see as important drivers in this growing industry. Please add your comments below.