As access control card readers have evolved, they’ve become able to play an increasingly more important role in the level of security offered. Today, they even have the ability to become transparent. So, not only can they read the information supplied by multiple types of identifiers, they keep this data encrypted until it reaches the door controller so it can’t be read by hackers.
Before we look at making readers transparent, let’s look at how access control cards and card readers have changed in recent years.
Access control card readers – from magstripe to smartcards
Card technology has evolved a lot since the early iterations of access control. Initial cards developed for electronic systems were magstripe, which could only store a limited amount of data and needed physical contact with the reader. This resulted in wear and tear to both the card and reader, often resulting in a high turnover of replacements for both.
Contactless door access readers were then introduced thanks to RFID (radio frequency identification) technology. This allowed the door card reader to transmit a small amount of power, which activated the chip inside the card and transmitted the number stored on it to the reader.
As technology improved so did RFID. Smartcards have enabled more than one number to be stored on a card, which means they can be used for more than just access control. They can be used to, for example, pay for lunch, use the photocopier and more.
End-to-end security combats cybercrime
A fundamental change in the evolution of access control cards is the security of the data stored on them, because encryption methods have vastly improved. As cyber criminals have become increasingly more skilled, access control systems have had to become more sophisticated at preventing them intercepting data.
This not only applies to a system’s physical devices like cards and card readers, but also to its door controllers and operating software. Hackers can attack any part of an access control system, physically or digitally. So we’ve addressed this challenge by focusing on the complex journey that takes place every time an identifier such as a card is presented to a card reader – and we’ve secured the entire process, end-to-end.
Transparency increases security in access control readers
By doing this, we’ve been able to make our card readers transparent when used with AEOS access control – a quality that’s unique to this system. DESFire keys and digital certificates are stored in a Secure Access Module (SAM) inside door controllers. Which means that, rather than the door card reader decrypting the card, as it does in other systems, it simply passes the encrypted data to the door controller which then decrypts it.
This significantly increases security as card readers are positioned on the unsecure side of the door, whereas door controllers are on the secure side. So, if a criminal gets access to a reader or takes one from the wall to interrogate it, they can’t gain anything from the reader itself. Even with many access control systems that use DESfire technology, the decrypting is still done by the card reader on the unsecure side of the door and therefore poses a potential risk.
With AEOS end-to-end security, however, every element of AEOS is secure. And so is communication between all elements because storing digital certificates in the same SAM ensures secure communication between the controller and server too.
What can we expect in the future?
We’ve already seen NXP release DESfire EV3 card reader technology, which offers increased reading speed and distances on DESfire EV2. This will improve convenience for users and accuracy for access control readers.
We also expect mobile credentials to play a more important role once a standard protocol has been created and adopted. Currently, mobile credentials are in their infancy and many manufacturers are working with proprietary protocols. The market will eventually move away from these, however, in the same way it moved away from non-standard technologies for physical cards.
Growing popularity for multi-technology door card readers
Many readers are now multi-technology, which means a single card reader can read several types of badges and cards. These will continue to grow in popularity, as it means that when you’re upgrading your system you can enable a smooth transition between old and new cards.
People can continue to use their existing cards before being issued with a new card at some time in the future – there’s no hard cut when switching over systems. We see that customers are already thinking about this when buying card readers. They’re buying ahead of time to enable them to upgrade in the future, when they are ready.
A word of caution
Of course, one thing to remember is that access control card readers, and even access control systems themselves, are only one part of a security strategy. Having a system that can adopt the most advanced security features is a significant help in protecting against criminal activity, for example card cloning. But the human element of security is also crucial. If a security operator doesn’t check that people aren’t sharing or loaning cards, for example, the card and card reader technology lose their protective power.
The top 3 features to consider for access control readers
- Secure communications
Currently, OSDP is thought of as the most secure protocol. We take this a step further with end-to-end encryption using our transparent reader.
- High quality technology
DESfire EV2 has been proved as the gold standard for cards and readers, and DESfire EV3 has now been released.
- Can read multiple identifiers
As technology progresses, readers need to be able to read multiple card technologies at once, mobile credentials, QR codes and more.