Secure authentication methods in access control systems

Today, new requirements are being presented to identification technologies in the security systems market, the main ones of which are: maximum identification protection and safety of use in a complex epidemiological environment.

"

Identity Protection

Provide a high level of identification protection new technologies: protection of access cards from copying, the use of campus and bank cards, identification by smartphone and biometric data, face recognition.

Access by contactless cards



Using EMM / HID formats as identifiers has long been the most popular solution due to the affordable cost of such identifiers. However, the main problem with their use was the simplicity of counterfeiting. Copying is carried out by writing a known number to a new card with the option of rewriting the number (UID, Unique Identifier). Tools are now available on the market for creating any duplicate cards operating at a frequency of 125 kHZ.

This problem served as the main incentive for the widespread distribution of cards of the Mifare format, which have reliable protection against hacking. The main difference between the Mifare card format is the presence of internal memory. Access to memory may be limited by key. For example, for Mifare DESFire cards, the key length is 32 characters. For this type of card, the AES / 3DES encryption algorithm is applied to the key, which excludes any possibility of gaining access to the application. Copy-protected Mifare cards solved the problem of forging badges, but they can easily be stolen, lost or transferred to another person.

In educational institutions, the problem with the transfer of passes was resolved by campus cards. The principle of operation is that the student’s personal bank card also acts as a pass to the territory and into the university building, an attendance accounting tool, a grade book and an electronic library card.

At other sites, registered bank cards can be used as an identifier - modern readers allow using bank cards with PayPass technology in ACS.

Mobile access



Every year, mobile technologies occupy an increasingly important place in human life, which contributes to the use of smartphones as identifiers in access control systems. The security level is also increased: if the smartphone is stolen, the attacker will have to first crack his protection. It is not possible to copy the identifier from a smartphone to another. The reader only recognizes the identifier that was transferred to the system by a particular smartphone.

For Android smartphones with NFC, you need to install and run a free application on your phone. For Apple smartphones with NFC, application installation is not required - Token is attached to the system as an identifier, tied to one of the bank cards emulated on the smartphone. When using both Android smartphones and Apple smartphones, a specially generated identifier is transmitted to the system, but not information about the smartphone or bank card, which ensures the security of user data.

Biometric identification



Modern methods of biometric identification include recognition of faces, retinas, and even heart rate. But the most popular solution today is fingerprint scanning and face recognition. Face recognition in ACS is a global trend: the average annual growth of the market for such systems is estimated by analysts at 20%.

To organize access to face recognition, blocking devices are supplemented by a special terminal. The face recognition terminal and the PERCo-Web access control system interact online. Visitor data can be quickly added to the system as a primary or secondary identifier.

To enhance access control at the facility, several identification methods can be used at once, for example, face recognition with confirmation by an access card or barcode.

Safety of use

Recently, in connection with the COVID-19 pandemic, there has been a growing demand for contactless identification methods that minimize the risk of infection.
Contactless access cards still retain their position as the most popular identifier in access control systems, but their use in objects of mass stay of people in the current conditions is not safe.

If we are talking about the office of the company, where each employee has their own card, this identification method does not pose a risk of infection. However, if contactless cards are transferred from visitor to visitor, this method can hardly be called safe.

For business centers and company offices with a large number of visitors, access by smartphone is suitable as an identification method. When using a smartphone as an identifier, there is no need to issue access cards to employees and visitors as passes, it is enough to transfer a unique smartphone identifier to the system. Virtual passes are issued and canceled remotely.

Personal bank and campus cards can also be used as identifiers for access to company offices, business centers and educational institutions.

For places of mass stay of people a convenient solution is access by barcode. Barcode identification allows you to organize controlled access to the territory of places of mass stay of people and is suitable also for paid access systems. Visitors to sports, entertainment, cultural facilities purchase tickets with a barcode printed on their smartphone and presented to the reader at the entrance.

Barcode access can also be used in business centers, where the barcode acts as a guest identifier. In this case, the barcode is sent to the visitor in the messenger or by e-mail and is used during the passage.



Under current conditions, an access control system with the ability to recognize faces will be the best solution. To enhance control at transport facilities, integrated solutions can be used, for example, a turnstile with a boarding pass barcode scanner and a face recognition terminal. This will minimize the contacts of passengers and employees of the facility.