RFID Cards, Fobs & Wearables
Form-factors
RFID door access credentials, using any of the extensive range of industry standard technologies, are available in various form-factors including key-fobs, tokens, wrist-band wearables and the standard printable card format. We can also supply hybrid cards that combine multiple RFID technologies in the same card, along with PKI contact chips for IT log-on, and even OTP displays for VPN access. Learn more about hybrid cards.
Technologies
EdgeConnector works with up-to-date security-proven technologies as well as the commonest legacy standards in widespread use. This means existing cards and card reader hardware can normally be re-used, whilst allowing step-by-step migration to the most secure and more versatile card technologies.
RFID technologies supported by compatible door control hardware include: Prox, MIFARE, iClass, SEOS, and DESFire.
Security considerations
While RFID credentials do offer the most cost-effective and secure solution for physical access control, it is important to be aware of critical vulnerabilities that need to be mitigated.
Any access control system that relies on the freely readable RFID UID or CSN (with either 125kHz or 13.56MHz technologies) is vulnerable to card cloning attack. Low-cost hand-held duplication kits are readily available from familiar online retail and auction sites for anyone to buy.
Off-the-shelf standard card formats can also be purchased by anyone – which means replicated RFID cards can be obtained without even needing an original to copy.
To ensure RFID credentials are secure, we recommend the use of proven standard technologies (such as iCLASS/SEOS and DESFire) together with custom encoding. We can help you with the purchase of credentials that use custom formats or keys (such as HID Corporate 1000 & HID Elite) and even provide tools to give you full control over your own encryption keys for encoding standard DESFire cards and readers.
Mobile device credentials
NFC & Bluetooth readers
EdgeConnector works with door access readers that support iOS and Android mobile phone based credentials. NFC readers respond when a phone is held over them, just like an RFID card reader, while Bluetooth readers can respond to a phone gesture over a longer range where appropriate (high-traffic area with multiple doors / turnstiles need to operate with close proximity readers to avoid issues with authentication of another user’s credential that happens to be in-range).
Cost & manageability considerations
While mobile device based credentials can be a convenient alternative to issuing staff with access cards or fobs, they do introduce a greater burden in the management and maintenance of multiple apps / device platforms, a task that becomes even more complex as these expand over time.
Mobile credentials adoption continues to be limited by their far greater cost in comparison to the well-established RFID solutions that are compatible with a wider range of identity and access applications (including the ability to use an RFID card as a printed, wearable corporate photo ID).
PIN
PIN Only
EdgeConnector supports PIN / Passcode only authentication. However to be consistent with our identity driven security philosophy, each door-user must have their own unique passcode.
Card & PIN
Passcodes can also be used as an additional layer of security, in addition to RFID credentials, to provide higher levels of protection for access to critical areas.
Security considerations
EdgeConnector does not support PIN’s that are shared by multiple door-users ,as this does not allow an individual’s permission and access to be controlled and monitored adequately.
Biometrics
Card & biometric
Combined finger print scanner & RFID readers add biometric verification to standard RFID access controls, to ensure that the person presenting the access card is the valid holder of that card. Biometric checks are appropriate for access to the most sensitive areas within a site.
Best practise
Best practise in the use of biometric identity verification relies on a smart card to securely store an individual’s biometric profile; this can then be inserted into a biometric reader and used to quickly and reliably validate the scan taken by the reader. This approach is preferable to trying to centrally match a biometric scan to a database of profiles, which can be time consuming, or else rely on a complete database of profiles stored in a reader located outside a secure area.
Get in touch for help with access control ID credentials