Archive

Security Checklist

At its simplest, the security of an access control system means it prevents unauthorized persons from entering your building or zone of control. However, other aspects of that security are less visible.

At its simplest, the security of an access control system means it prevents unauthorized persons from entering your building or zone of control. However, other aspects of that security are less visible. Arguably, the most important is protection against cloning of transponders that users carry with them. This protection is achieved with highly secure encryption – of which MIFARE DESFire’s technique is among the world’s most powerful.

One method that hackers attempt is to detect and read data from the air interface between RFID readers and transponders. Another method detects data during transfer between readers and their hosts. Both methods are defeated by A.) deploying mutual security keys among your transponders and readers, and B.) encrypting data traffic between readers and hosts (OSDPv2). Combined, they defeat both hacking methods, protecting user data the entire distance from transponder to system host.

Security also means future sourcing stability, cost-effectiveness and convenience. For system integrators, open standard technologies and protocols provide the clearest future path. Why? Because an open technology with proven market longevity will invariably earn the trust, support and ongoing development of numerous manufacturers. In short, an open technology won’t vendor lock you – you can be confident of its sourcing and ongoing support.

Regarding mobile identification, its recent surge in access control has been rapid. It has not just brought access credentials to users’ phones. Additionally, many devices now provide secure, biometric fingerprint authentication for users. This feature greatly enhances the potential security a manager can hypothetically integrate into their site’s mobile identification.

Idesco can greatly simplify your integration of mobile identification into your current system. How so? Once you deploy Idesco mobile-compatible readers, our Idesco ID service lets you send mobile credentials to users’ phones directly from your own system. There is no need for a separate cloud service or parallel system to manage mobile credentials. Instead, you can store them alongside your conventional user credentials. This keeps credential management simple and convenient for you.

Tips for improving the security of your system:

  • Consider the advantages mobile phone biometrics could offer as you consider integrating mobile identification into your access system.
  • Personal pin-codes significantly enhance the security conventional transponders provide.
  • Choose a secure, ‘unhackable’ transponder technology for your cards and tags.
  • Explore the alternative strategy of ”transparent” readers for enhancing your security. Transparent readers not only create an essentially impervious ‘wall’ between hackers and your system. They also can provide you a wider range of device functionality and updating – directly from your system.
  • Consider deploying OSDPv2 for your system. OSDPv2 won’t just highly secure data flow among your system components – it can also simplify device updating and improve interaction with users on display devices.
  • For older Wiegand-based systems (with unencrypted data transfer) you can still use:
    • encrypted MIFARE® DESFire readers and transponders, and
    • Deploy either an Idesco decryption module before, or software installed in, your controller to greatly secure data transfer between your Idesco readers and their host.