printer friendly version

Card migration

Current technology enables smooth migration to high frequency access control systems.

Dramatic leaps forward in technology and heightened security concerns over the past several years are moving many organisations to upgrade their access control systems. Migration pays off in a much higher level of security for people and property, as well as operational efficiencies and cost-effectiveness, especially for organisations that add other applications to their access control cards.

Fortunately, as technology advances, it also becomes more affordable. Today, a personal computer is a fraction of the cost it was when the technology was first introduced; while at the same time it has dramatically greater speed, and more memory and advanced capabilities. The same is true in the security industry. Likewise, for a comparable price to older, more vulnerable access control technology, a company can have a secure system that also serves as a platform for everything from cashless vending to logical access.

Although migration does involve change, advanced technology is a benefit here also. With multitechnology cards and readers plus field-programmable cards and systems, disruption to the day-to-day workflow is limited and manageable. And the benefits serve both employees and the organisation, not only in the immediate term, but also for years to come through a more secure environment that will serve as a platform for future applications.

The goal of this paper is to help security professionals find the best solution for their organisation, and ensure that they take full advantage of the opportunities that migration affords. To that end, the paper addresses aspects of migration that every organisation should consider. This includes:

Why migrate?

Although this may be obvious to security professionals, this may be an area in which they will need to do the most work in educating decision-makers within their organisations.

Old technology is vulnerable

Like all technology, newer systems tend to be more secure and sophisticated. Just as old, outdated personal computer software is more subject to viruses, hackers and the like, old security technology is also vulnerable.

For 15 or 20 years, low frequency cards were the standard in the security industry, offering efficient and effective access control. At their simplest, these cards allowed a person access to a building. Whoever had a company-issued card in their possession could enter the building; this could be an employee who was issued a card or a perpetrator who gained access using a lost or stolen card. Over time, companies began adding visual security, such as a photograph to the card to provide a basic form of authentication. Best security practices would require employees to wear their photo ID/access cards and security staff were trained to challenge anyone without proper identification.

These low frequency cards, often known as proximity cards, or just prox cards, are now subject to cloning. There are devices available that allow someone to make a duplicate card, giving them unfettered access to a building. Unless the building also has security cameras or someone witnesses this person entering the building, there would be no way to know an unauthorised person had access.

An investment is required to migrate, but there is also a return on that budget commitment. The ROI may be tangible, such as through improved insurance premiums due to better risk management. It could also be intangible, such as the cost savings associated with not having a disaster – something that could impact the organisation’s workforce or customers, and present long-term legal and reputational issues that would take years to overcome.

High-frequency access control is the new standard

Today, high frequency cards are the standard in access control. Often known as contactless smartcards, this new technology has multiple layers of security embedded in the chip.

Two common high frequency technology brands used in physical access control are iCLASS contactless cards and MIFARE. MIFARE cards are available as both MIFARE Classic and MIFARE DESFire EV1, and many customers are choosing the new MIFARE DESFire EV1 card in order to take advantage of the more advanced security features.

These cards can identify the individual, authenticate their access rights via encrypted keys that are unique to each organisation and each card, and can store data for cashless vending or the management of personnel records. For an organisation that is still using Weigand or magnetic stripe access control technology, it may be tempting to upgrade to a low frequency system. While this will provide a higher-level of security, it still leaves an organisation vulnerable and with minimal or even no cost savings.

Multiple applications on a single card

Open anyone’s wallet and it seems there is a card for everything, from the grocery store to the parking garage. Industry is no different. Many organisations are using various card technologies, from magstripe to smartcards, to manage everything from building access to snack-vending machines. These can all be combined in a single card, providing centralised management for the organisation and ease-of-use for employees.

In addition, there are new applications that can be added to contactless access control cards to do everything from turning on the air conditioning so that resources are managed better to tracking company vehicles via GPS.

When to migrate

Merger or acquisition

Mergers and acquisitions often involve rebranding and/or the merging of administrative and other systems. Usually at some point in the process, the organisation will need to issue new credentials. With the cost of new technology being competitive with legacy systems, this would be a perfect time to migrate to a more secure and sophisticated system.

Standardisation

Due to rapid growth, decentralised administration systems and/or multiple physical locations, an organisation may end up with several different access control systems. Since new technology offers the ability to issue or change credentials remotely, it is now possible to integrate access control into one system that is centrally managed. Standardising all locations and employees into one system can increase security and improve resource management.

New locations

If a company is moving or adding a building to its existing infrastructure, new credentials will have to be issued for that location. This is an ideal time to look at access control for the entire organisation. It may be time to standardise all locations into one system.

Reissuing of credentials

As new employees join, many organisations manage costs by purchasing additional cards that work with their old technology. Some organisations may also need to change their cards due to a new brand image (ie, new logo) and at that point decide to upgrade to newer technology. So, at some point, either due to a growth spurt or other tipping point, it will make more sense to move to current technology.

One card for multiple functions

Organisations that want to add time and attendance or cashless vending functions for their employees will need to issue some type of card for this. They can migrate to a contactless smartcard that combines access control with these other functions.

Change in security requirements

As a result of new legislation or regulatory requirements, an organisation may be required to increase their security. Similarly, if a company gets a new client that requires a high level of security, such as a government contract, it may need improved access control. A new building tenant may also trigger the need for greater security, either to protect the parent organisation or to comply with the tenant’s legal or regulatory requirements.

Security breach

The reality is that sometimes it takes a security breach to move an organisation to make the investment in a new access control system. Ideally, an organisation should migrate before there is a problem, especially if the system is still low frequency, which can be easily cloned.

How to migrate

Flexibility is key when considering a migration partner. The right partner can create a solution that makes the technology work for the organisation and does not force the organisation to settle for any limitations of its technology. Due to multiple physical locations or a large employee population, the best way to migrate to a new access control system is in phases. It is difficult, or often impossible, for all the readers and badges to be changed simultaneously or even over the course of one day.

Fortunately, high frequency smartcards and readers have the technology that allows a secure, phased migration from an old to a new system. The important thing is to work with a vendor with technology that assures interoperability with legacy and future systems.

Multitechnology cards

Multitechnology cards bridge the gap between just about any legacy system and today’s secure contactless technology. A single smartcard can securely house up to four different access control technologies, including Weigand, magstripe, low frequency, high frequency or a contact chip.

Multitechnology cards work well if an organisation only wants to upgrade security for a specific department or group of professionals. For example, an organisation with buildings protected primarily by low frequency cards could issue a combination high/low frequency card to executives, IT professionals or others who need access to more sensitive areas. The low frequency readers can remain at all the standard building entrances, but a high frequency reader (possibly with biometrics) can be installed at the entrance to a secure laboratory within the building. By doing this, those employees with the higher levels of security clearance can use their badges to enter the secure areas, but the low frequency chip in their cards will still let them use the standard access points in the building.

Multitechnology readers

Another way to handle migration is to install readers that use both the old, low frequency and new, high frequency technologies. This provides a high level of flexibility for an organisation to develop a migration plan that serves its unique requirements.

For example, the multitechnology reader is useful for an organisation with a mix of card technologies. For organisations that want to upgrade from low to high frequency, for example, the company can replace all of their low frequency readers with combination low and high frequency readers. Then, rather than switching out all of the cards at once, high frequency cards can be issued as replacement cards or for new employees. This will offset the cost of swapping out all of the cards at once.

Just like the multitechnology cards, the readers can also work well if an organisation needs higher security in specific departments or areas. In this case, a biometric reader for example can be used to access more sensitive areas as the reader may offer multiple levels of security such as card, fingerprint and personal identification numbers (PIN).

When an organisation is using multiple card technologies, a multitechnology reader can be set to dictate which technology will be read first. Once the migration is completed, the reader can be configured to ignore the old cards, thereby offering security at the level of the new technology.

Migration options

Technology for today and the future

As part of the migration, an organisation should choose a technology that supports its complete needs today as well as what it will need in the future.

While most organisations are motivated to migrate primarily for security purposes, if additional technology is desirable in the near term or even several years out, it could be more efficient to add functionality and capacity to enable future applications. And while an organisation could purchase only the security level needed for today’s environment, it may be better to invest more now, anticipating industry changes towards greater security requirements.

Read range, security level, programming requirements, memory capacity and applications support are all considerations that a strong partner should cover when setting up a new security system.

Enhanced security

High-frequency cards provide a higher level of security than traditional proximity (125 kHz) cards. This is accomplished by using diversified keys and mutual authentication to deter anyone from gaining unauthorised access to the card or reader, and encrypted data storage to add an incremental level of protection to the information on the card. In addition, some vendors may be able to provide a proprietary format to large organisations, including monitored card numbers to provide an additional level of security.

Credential flexibility

High-frequency readers can provide access to multiple types of credentials, including the ones you are moving from and the ones you are moving toward. When choosing readers, ensure that they are supporting the older technology, for instance, 125 kHz HID Prox or Magstripe, and the new RFID technology, iCLASS. Additional readers in the market are able to support more than just one type of high frequency technology. Example, HID’s high frequency migration readers provide compatibility with both iCLASS contactless and DESFire EV1 credentials. This provides the support for both cards simultaneously and more potential to support new credential technologies introduced in the future.

Visual security

Technology has advanced more than just the inside of the card. Numerous technologies are available to prevent counterfeiting. These include optically variable inks (OVI) and holograms – tools the government uses in currency and credentials.

Combined logical and physical access control

High-frequency smart cards offer combined physical and logical access control in one card, which can be issued only to those employees requiring this additional level of security or to the entire employee population. Rather than having two separate cards – or requiring an additional device such as one that generates an RSA token – everything can be in one unit.

This can be accomplished with a contactless smartcard or a combination card that combines contactless and contact technologies in one. With a contact chip, it is possible to do perform functions such as encrypt files or add a verified signature to an e-mail.

While migrating from old to new systems is always a significant undertaking, it is affordable and manageable thanks to new technology. Companies and institutions have the opportunity to move from 20-year-old physical-access controls, to cutting-edge, secure, contactless technology platforms that not only offer greater security, but can also serve as a conduit for everything from cashless vending to logical access.

The key to success is finding a vendor partner that offers innovative, flexible technologies to make migration seamless. The ideal partner will serve two critical functions. First, they will provide a comprehensive access control solution that addresses current requirements. Second, of equal importance, their solution will also provide enhanced security, as well as a platform for future applications that meets an organisation’s evolving requirements for increased functionality and convenience.

Share this article:

Further reading: