A Responsible and Relevant Solution to Proximity Vulnerabilities
By Stephen "Shep" Sheppard, Sales Manager Key Accounts
Recently, I had the opportunity to attend CONSULT, a technical security symposium, with some of the electronic security industry’s best and brightest specifiers. And, I must say, it was very cool being among all that industry gray matter. These consultants are amazing in their dedication to the principles of security-in-technology.
As a member of the reader and credential community, naturally, I gravitated to topics relating to the secure identity of users within an electronic access control system. A few that really resonated with me included making sure that the data stored on a credential—such as a card or fob—is secure; and that the person holding that credential is in fact the person who has been issued access rights to that door.
Back to the symposium, a market research analysis was presented, clearly showing that there is a lot of 125-kHz proximity technology deployed and still being deployed. This gave me cause to ponder the reason why. Perhaps the reason lies with the fact that end-users simply prefer to avoid proprietary solutions. Indeed 125-kHz proximity offers the option of an open supply chain for the reorder of interoperable credentials. It could also be that 125-kHz credentials simply provide a favorable user experience, with fast read times and long read ranges. The reason could also be price, as 125-kHz credentials have traditionally been priced aggressively.
But what about security? We all know 125-kHz has been cracked and credential cloning is the proverbial “elephant in the room.” Indeed, it is well known that with the right equipment and know-how, a 125-kHz proximity credential can be duplicated. So the question is, how can 125-kHz proximity, and the systems that depend upon this technology, be made more secure in an efficient and cost-effective way? One answer lies at the tip of your finger.
By installing a combination reader and keypad to the perimeter doors of an existing access control system, security is elevated by adding a second layer of identification to the access transaction. When using both a card and a personal identification number (PIN)—a numeric or alphanumeric code used to identify a user via a keypad—security is based on something you have, a card, as well as something you know, a PIN. How does two-factor authentication impact card cloning? The threat is nullified as the PIN is not contained in the credential, and therefore cannot be sniffed, copied, duplicated or cloned. The PIN number is essentially as safe as the vigilance and the conscience of the user. Isn’t this the case with all access card deployments?
Farpointe Data’s CONEKT® product line represents a comprehensive line-up of readers that combine the interoperation of mobile credentials (BLE), with a range of hard credentials (cards and fobs). These readers include variants that support 125-kHz proximity, combined with PIN/keypads in 3x4 and 2x6 designs.
At the symposium I heard another very interesting statistic: the use of mobile credentials has jumped some 60% over the past couple years. This is a strong indictor as to their future. Consultants seem to like mobile, as it utilizes some of the strongest credential security available—at the very least, equal to that of the highest levels of contactless smartcards. And, end-users seem to be favoring mobile credentials as well, as they represent a convenient way for their employees to carry and utilize a secure credential from their smartphone for entry.
The PCR-620-H and PCR-640-H are combination keypad readers that support 125-kHz proximity and transition to a secure mobile credential platform. They preserve the convenience of the installed 125-kHz proximity technology, provide a modern path forward with mobile credentials, and help make the system more secure in an efficient and cost-effective manner.
Stephen "Shep" Sheppard
Sales Manager Key Accounts