What future-proofed access control means
We have talked over the years about ‘future-proofed’ access control systems. But what do those words really mean? Simply, it means your system will remain secure, provide enough capacity for future data transfer needs and additional devices. More to the point, it protects your freedom to develop and expand your system how you want. Your reader choice has the greatest influence on the future functionality and expandability of your system. So, below, we identify factors you must consider to make the best RFID reader choice. Idesco’s MIFARE DESFire readers are already based on the latest technologies, and provide the most secure data protection, all the way from user to host. Now, they are also mobile-compatible, to simplify your future migration to mobile access. Robust, durable, outdoor-compatible Idesco readers are designed let you build a long-lasting, energy-saving access control system with minimal maintenance costs.
In many countries, RFID’s dominant access control technology has lagged behind in so-called UID, with most cases using low frequency, 125 kHz proximity technologies. Such technologies use nothing more than a card’s unique serial number (UID) to identify users. Since the cards don’t protect data, they can be easily read and cloned with readily-purchased devices.
So, your obvious first task for future-proofing is to choose a secure technology. The best ones differ greatly from UID by providing highly-secure AES128 bit encryption. Such encryption is essentially unbreakable – the same used to protect digital payments. Secure access cards and their readers will be often be assigned and programmed to a shared mutual security key. That is how they recognize each other during their ‘conversation’, which is technically referred to as the ‘mutual authentication process’.
Another important factor is that some secure technologies are proprietary, or ‘closed’, while others are referred to as ‘open’ technologies. A closed, proprietary technology only allows readers, cards and their programming to be purchased from a single supplier. This leaves you vulnerable to, not just their price and product availability, but also constrained delivery times, long turnaround for service and support and whatever product development roadmap they prefer. In short, you end up being vendor-locked to a sole source.
Open or closed technology?
By contrast, open technologies subscribe to common standards. However, they also provide an array of remarkable benefits only available in a common standard. For example, MIFARE devices from different manufacturers remain compatible with each other: a valuable benefit to purchasers. By choosing open standard MIFARE DESFire for your system, you remain free to purchase future devices from any manufacturer you prefer. You can be confident in MIFARE’s market stability even if a particular supplier can’t deliver or stops manufacturing. There always remain other manufacturers continuing to develop their MIFARE offering. In short: open MIFARE DESFire is more than just the most secure – but also the most reliable and cost-effective technology in the market.
Open technology vs. vendor lock – what to know about security keys
Security keys and their programming are the core of a secure access control technology. Closed technology suppliers automatically deny you any security key flexibility with their readers and cards: all are factory-programmed, known only by them. Indeed, an open technology issue that often gets overlooked is that even a DESFire supplier can ultimately ‘vendor-lock’ you. How so? It is because ownership and management of your site’s security keys and their programming is often ignored. That means, before you choose your device manufacturer, you should also decide who will own and manage your security keys. Some manufacturers will withhold your security keys if you discontinue sourcing from them. You will once again be prevented from getting compatible readers and tags despite using MIFARE DESFire for your system.
That is why Idesco DESFire readers also protect your freedom to decide who will manage their security keys, whether you or your end-user. We often manage sites’ security keys according to the latest information security practices. Equally often, however, our customers will manage security keys, program readers and cards themselves. If you have enough resources and MIFARE DESFire expertise, it can be a beneficial option. Nevertheless, many other system installers opt to outsource it to us. With Idesco’s in-house coding, you always retain a secure, future-proofed option if you later change how you want to manage your security keys. This further maximizes your flexibility with sites and systems.
Although encrypting the data traveling from card to reader (as in DESFire), powerfully enhances security, traditional Wiegand lines may still create a vulnerability for your system. Why? Because Wiegand cables transferring data from readers to hosts are forced to strip away that protection. Consider carefully whether that portion of your data’s journey could be a hidden hazard to your system’s security.
If so, the best solution is to implement OSDP over RS485 cable. OSDP is a highly secure, open standard data protocol for mediating reader-host data transfer. OSDPv2 provides robust encryption, equal to DESFire, but it also possesses other benefits. Since OSDP is a bi-directional communication protocol it also supports sending data ‘downstream’ from hosts to readers. It means you can push fast, convenient reader updates ‘downstream’ from your hosting system.
Using a mobile phone to access doors continues to grow popular. If you anticipate implementing mobile access at some point, consider implementing a gradual migration into Idesco’s mobile-compatible MIFARE DESFire readers. In addition to their mobile phone reading capability they remain fully-compatible with traditional MIFARE DESFire tags.
Robust, updatable devices
Users’ interact with a system is always via its deployed readers. Therefore, the user-friendliness of your readers powerfully shapes how users will feel about your system. That is why we pay a lot of attention to small details in our readers’ design. Cumulatively, these details help minimize your system maintenance costs.
For example, optical tamper alarms are more reliable than vulnerable mechanical tampers for notifying when your reader is violated. High IP and IK ratings mean our readers’ resistance against moisture, dust and impacts keeps them robustly reliable, for installing outdoors or in public places. Finally, their fast and easy installation combined with convenient reader updating will help keep your overall system costs to a minimum.
Future-proof your system:
- Choose the latest security technologies; UID cards and tags can be copied
- Secure your system and business by choosing open standards that maximize your choices
- Remember your security keys; don’t let yourself be vendor-locked
- Always carefully consider your system’s interface; is your data transfer truly secure?
- Mobile access has begun arriving. Prepare your system with secure, flexible mobile-compatible readers
- Robustly-reliable devices will lower your system’s maintenance costs and extend its lifespan