Idesco explains about future-proofed access control

There has been talking about ‘future-proofed’ access control systems over the years. But what do those words mean? Simply, it means the system will remain secure, and provide enough capacity for future data transfer needs and additional devices. More to the point, it protects users' freedom to develop and expand their systems how they want. 

Users' reader choice has the greatest influence on the future functionality and expandability of their system. So, below, Idesco identifies factors users must consider to make the best RFID reader choice.

MIFARE DESFire readers

Idesco’s MIFARE DESFire readers are already based on the latest technologies, and provide the most secure data protection, all the way from the user to the host. They are also mobile-compatible, to simplify the future migration to mobile access.

Robust, durable, outdoor-compatible Idesco readers are designed to build a long-lasting, energy-saving access control system with minimal maintenance costs.

Secure technology

Secure access cards and their readers will often be assigned and programmed to a shared mutual security key

In many countries, RFID’s dominant access control technology has lagged in so-called UID, with most cases using low frequency, 125 kHz proximity technologies. Such technologies use nothing more than a card’s unique serial number (UID) to identify users. Since the cards don’t protect data, they can be easily read and cloned with readily-purchased devices.

So, users' obvious first task for future-proofing is to choose a secure technology. The best ones differ greatly from UID by providing highly-secure AES128-bit encryption. Such encryption is essentially unbreakable –  the same used to protect digital payments.

Secure access cards and their readers will often be assigned and programmed to a shared mutual security key. That is how they recognise each other during their ‘conversation’, which is technically referred to as the ‘mutual authentication process.

Proprietary or open technology 

Another important factor is that some secure technologies are proprietary, or ‘closed’, while others are referred to as ‘open’ technologies. A closed, proprietary technology only allows readers, cards, and their programming to be purchased from a single supplier.

This leaves users vulnerable to, not just their price and product availability, but also constrained delivery times, the long turnaround for service and support, and whatever product development roadmap they prefer. In short, users end up being vendor-locked to a sole source.

Open or closed technology?

By contrast, open technologies subscribe to common standards. However, they also provide an array of remarkable benefits only available in a common standard. For example, MIFARE devices from different manufacturers remain compatible with each other: a valuable benefit to purchasers.

By choosing open standard MIFARE DESFire for a system, users remain free to purchase future devices from any manufacturer they prefer.

Users can be confident in MIFARE’s market stability even if a particular supplier can’t deliver or stops manufacturing. There always remain other manufacturers continuing to develop their MIFARE offering. In short: open MIFARE DESFire is more than just the most secure but also the most reliable and cost-effective technology in the market.

Open technology vs. vendor lock

Before a user chooses a device manufacturer, they should also decide who will own and manage their security keys

Security keys and their programming are the core of a secure access control technology. Closed technology suppliers automatically deny users any security key flexibility with their readers and cards: all are factory-programmed, known only by them. Indeed, an open technology issue that often gets overlooked is that even a DESFire supplier can ultimately ‘vendor-lock’ users. How so?

It is because ownership and management of users' site security keys and their programming are often ignored. That means, before the user chooses their device manufacturer, they should also decide who will own and manage their security keys. Some manufacturers will withhold the security keys if they discontinue sourcing from them. Users will once again be prevented from getting compatible readers and tags despite using MIFARE DESFire for the system.

DESFire readers

That is why Idesco DESFire readers also protect the freedom to decide who will manage their security keys. Idesco often manages sites’ security keys according to the latest information security practices. Equally often, however, its customers will manage security keys, program readers, and cards themselves.

If users have enough resources and MIFARE DESFire expertise, it can be a beneficial option. Nevertheless, many other system installers opt to outsource it to us. With Idesco’s in-house coding, users always retain a secure, future-proofed option if they later change how they want to manage their security keys. This further maximises the flexibility of sites and systems.

System Security

Although encrypting the data traveling from card to reader (as in DESFire), powerfully enhances security, traditional Wiegand lines may still create a vulnerability for the system. Why?

Because Wiegand cables transferring data from readers to hosts are forced to strip away that protection. Consider carefully whether that portion of the data’s journey could be a hidden hazard to the system’s security.

OSDP

OSDP is a bi-directional communication protocol it also supports sending data ‘downstream’ from hosts to readers

If so, the best solution is to implement OSDP over the RS485 cable. OSDP is a highly secure, open standard data protocol for mediating reader-host data transfer.

OSDPv2 provides robust encryption, equal to DESFire, but it also possesses other benefits. Since OSDP is a bi-directional communication protocol it also supports sending data ‘downstream’ from hosts to readers. It means the user can push fast, convenient reader updates ‘downstream’ from the hosting system.

Mobile-compatibility

Using a mobile phone to access doors continues to grow popular. If users anticipate implementing mobile access at some point, consider implementing a gradual migration into Idesco’s mobile-compatible MIFARE DESFire readers.

In addition to their mobile phone reading capability, they remain fully compatible with traditional MIFARE DESFire tags.

Robust, updatable devices

Users’ interaction with a system is always via its deployed readers. Therefore, the user-friendliness of the readers powerfully shapes how users will feel about the system. That is why Idesco pays a lot of attention to small details in the readers’ design. Cumulatively, these details help minimise system maintenance costs.

For example, optical tamper alarms are more reliable than vulnerable mechanical tampers for notifying when the reader is violated. High IP and IK ratings mean the readers’ resistance against moisture, dust, and impacts keeps them robustly reliable, for installation outdoors or in public places. Finally, their fast and easy installation combined with convenient reader updating will help keep users' overall system costs to a minimum.

Future-proof the system:

• Choose the latest security technologies; UID cards and tags can be copied.
• Secure the system and business by choosing open standards that maximise choices.
• Remember security keys; don’t be vendor-locked.
• Always carefully consider the system’s interface; is the data transfer truly secure?
• Mobile access has begun arriving. Prepare the system with secure, flexible mobile-compatible readers.
• Robustly-reliable devices will lower the system’s maintenance costs and extend its lifespan.