Showing posts with label iClass card. Show all posts
Showing posts with label iClass card. Show all posts

Thursday, February 1, 2024

Useful Measures to Prevent Unauthorized Access

Useful Measures to Prevent Unauthorized Access 

Causes of Physical Security Breaches

Unauthorized access may be gained by an outsider as well as by an in-house employee. Both physical access to a building by a stranger or entry to a server room by a staff member with no permission are examples of unauthorized physical access. Although a security system may have various loopholes, most commonly unauthorized access is gained thanks to:

·        Tailgating – i.e. an act when unauthorized people follow through a door someone who has an access card

·        Weak doors that can be easily levered or broke in through

·        Smart cards which can be easily hacked

·        Lost or stolen keys

·        Portable devices such as laptops, mobile phones and USB drives

·        Unlocked server room doors

·        Insider threat, etc.

 

Any of the above mentioned loopholes create security gaps which can be taken advantage of. Because of an unauthorized access companies may be subjected to physical theft of devices and equipment, compromise of electronic information, identity theft and vandalism. What’s more, human lives can be endangered too. Therefore, it is important that a company addresses any of the existing loopholes and prevents possible threats.

How to Combat Unauthorized Access

First and foremost, you need to define how unauthorized access can occur at your company and develop a program aimed at eradicating any possible loopholes.

Different levels of security are crucial to prevent unauthorized access. Robust access control system, employee control and emergency response help prevent unsanctioned access to facilities, devices and information.

·        Begin with perimeter security. Make sure you use fences, gates, guards and video surveillance around the perimeter.

·        By installing motion detectors and alarm systems you can attain an additional level of security.

·        Implement identification cards to verify people entering the premises, including visitors, contractors and personnel.

·        Lock up areas with sensitive information. It is also advised to enforce delay control on server room doors. Check out our guide for server room requirements.

·        Conduct background check of employees before onboarding. "Onboarding" is the process of integrating a new employee into an organization, training and orienting them.

·        Make sure you have a new hire forms checklist thanks to which you can verify your new employee’s work eligibility.

·        Set up different access control levels. Each employee should be granted permission to enter facilities depending on their role within an organization.

·        Use cable locks for computers in order to prevent theft of electronic devices.

Desktop locks are aimed at protecting computer equipment from theft.

·        Lock up sensitive files or USB drives in safes or drawers.

·        Develop an emergency plan and train employees to troubleshoot possible security issues and inform of any suspicious behavior they notice.

It is important to remember that security starts at a physical level. By implementing measures aimed at preventing unauthorized access you can protect your assets, information and personnel from internal and external security threats which otherwise might have a detrimental impact on your business.

Friday, August 5, 2016

Facility Code or Site Code

What is a Facility Code ?
There are many different proximity card formats, but the proximity cards that we sell are encoded with a "Standard" 26-Bit Wiegand format.  Like other proximity and RFID cards, an HID card is simply an ID card which enables proximity technology in its everyday functions. HID cards, as well as other types of RFID cards and smart cards, are popular for access control, as well as other functions like public transportation and employee ID.This format actually contains two sets of numbers:
  •         A 3-digit "facility code", which can range from 1-255
  •         A 5-digit "card number", which can range from 1-65,535.

Most HID proximity cards and key fobs have the 5-digit card number printed on the card.  The 3-digit facility code, however, is printed only on the box in which your cards are shipped.
Gate Keeper can be configured to interpret the Wigand data as either a 16-bit number or a 24-bit number.  The 16-bit number will contain only the 5-digit card number.  The 24-bit number will contain the facility code and card number for a total of 8 digits.  For example, if the facility code for a card is "123" and the card number is "56789" then the 24-bit (8-digit) number read from the card will be "12356789".
A Facility Code is a number encoded on access cards that is intended to represent a specific protected facility or building. Not all card formats support a Facility Code, but the most common card data format in use today does support it — the industry’s original open (i.e. non-proprietary) 26-bit format. The 26-bit format has two data fields: a Facility Code (8 bits) and a Card Number (16 bits), plus two parity bits; thus, the Facility Code number can be a number be between 0 and 255, and the Card Number can be between 0 and 65,535.
With only 65,535 card numbers available across the cards of all customers using the 26-bit card data format, duplicate card numbers are inevitable; therefore, the first purpose of the Facility Code was to enable customers in close proximity to each other to differentiate their set of cards from another customer’s cards. Ideally, each manufacturer would try to manage the facility numbers it issued to various customers in a specific area to minimize the occurrence of duplicates. A card with a Facility Code not matching those used by that specific customer would be denied access, typically generating “Access Denied – Wrong Facility Code” messages.
The 26 bit Wiegand standard format is the industry standard. Card manufacturers such as HID, Indala and AWID sell cards with this format to any dealer. This 26 bit format is recognized by all access hardware.

Over the years, formats with a higher number of bits (33, 37, 48, 50)  have been added to increase card security.


However, some of the higher bit formats are  "proprietary", and usually carry a higher price tag. One exception is the HID 37 bit proprietary format, priced similarly to a 26 bit card.


As an example, if Company A has cards numbered from 1 to 1000, with facility code 230, they would be programmed as follows:

230 - 00001

230 - 00002
230 - 00003 .......up to 230 - 01000

Company B could have the same serial numbers, but with facility code 180, and their cards would be:
180 - 00001
180 - 00002
180 - 00003........up to 180 - 01000

To grant access, an access control system validates the facility code AND the serial number.  Company A will reject Company B cards, and viceversa, even if they have the same serial number, because the facility code does not match.
The HID 37 bit Wiegand format with Facility Code is H10304.  The format consists of 2 parity bits, 16 bit Facility Code and 19 bit Cardholder ID fields.
PFFFFFFFFFFFFFFFFCCCCCCCCCCCCCCCCCCCP
EXXXXXXXXXXXXXXXXXX..................
..................XXXXXXXXXXXXXXXXXXO
P = Parity
O = Odd Parity
E = Even Parity
X = Parity mask
F = Facility Code, range = 0 to  65,535
C = Cardholder ID, range = 0 to 524,287


HID recently announced that the standard format for their Corporate 1000 proximity cards has changed from a 35 bit card format to a new 48 bit card format.

Originally, all Corporate 1000 format cards offered the 35 bit structure (“Corporate 1000 – 35”). The Program’s success created the need for a new format (“Corporate 1000 – 48”).  The larger 48 bit structure change allows for an increased number of individual cards numbers available, from just over 1,000,000 individual card numbers per format for Corporate 1000 – 35 to over 8,000,000 individual card numbers for the new Corporate 1000 – 48 format.
IMPORTANT NOTE: Prox cards are custom programmed with the facility code and start numbers requested by you. For this reason it is important to have the correct numbers at the time an order is placed.

Friday, February 19, 2016

Compare HID 13.56MHz Credentials

Compare HID iClass Credentials - 13.56 MHz Contactless

HID iCLASS Credentials offer iCLASS 13.56 MHz contactless read/write smart card technology along with the ability to add a magnetic stripe, barcode, and anti-counterfeiting features including custom artwork or a photo identification directly on the credential.
An HID iCLASS card, keyfob, or tag can be utilized for diverse applications such as:
  • Access control
  • Network log-on security
  • Automotive vehicle identification
  • Cashless vending
  • Time and attendance
  • Biometric verification
Below, we compare the read ranges and other select features of our most popular HID iClass contactless credentials, tags, and keyfobs.


With so many variables, ordering HID iClass cards, tags and keyfobs can be a technical and confusing process. We're here to help - and we'll make it easy for you!

Presently HID develop TAG. The HID iCLASS Tag can turn a plastic ID badge into an iCLASS contactless smart card credential. Effortlessly upgrade from Prox, mag stripe or barium ferrite technology to a smart card technology with more secure access control by simply attaching the small, circular iCLASS Tag to your existing card. The iCLASS Tag will also adhere to any non-metallic device, such as a cell phone or PDA, to instantly create a contactless smart card.
iCLASS was specifically designed to make access control more powerful, more versatile, and more secure. iCLASS 13.56 MHz read/write contactless smart card technology provides versatile interoperability in applications such as access control, network log-on security, cashless vending, time and attendance, event management and biometric identification.
iCLASS technology ensures high security with mutual authentication between card and reader, encrypted data transfer, and 64-bit diversified keys for read/write capabilities. Securely separated files enable multiple applications and support future growth.
Key Features of the 206x iCLASS Tag
  • Provides the convenience of HID's iCLASS contactless read/write smart card technology in a small disk-shaped package.
  • Seamlessly upgrade from magnetic stripe, barium ferrite, or proximity technologies by adhering the Tag to an existing access card for secure access control.
  • Allows users to easily and cost-effectively turn a plastic ID badge or contact smart chip card into a contactless smart card.
  • Attaches easily to cell phones, PDAs, and other non-metallic objects.
  • More powerful, versatile and secure access control.
  • Provides versatile interoperability in applications like access control, network log-on security, cashless vending and many other areas.
Specifications:

  • Typical Maximum Read Range*R10 1.0" (2.5 cm)
    R30/RW300 1.0" (2.5 cm)
    R40/RW400 1.0" (2.5 cm)
    RK40/RWK400 1.0" - 1.5" (2.5 cm - 3.8 cm)
    *Dependent upon installation conditions.
  • DimensionsDiameter: 1.285" (3.264 cm)
    Thickness: 0.070" (0.178 cm)
  • Outer Shell MaterialLexan
  • Memory TypeEEPROM, read/write
    Multi-application Memory
    2K bit (256 Bytes) tag 
    16K bit (2K Bytes) tag 
    32K bit (4K Bytes) tag

Saturday, December 25, 2010

How a Smart Card Reader Works

Smart Card Readers are also known as card programmers (because they can write to a card), card terminals, card acceptance device (CAD) or an interface device (IFD). There is a slight difference between the card reader and the terminal. The term 'reader' is generally used to describe a unit that interfaces with a PC for the majority of its processing requirements. In contrast, a 'terminal' is a self-contained processing device.
Smart cards are portable data cards that must communicate with another device to gain access to a display device or a network. Cards can be plugged into a reader, commonly referred to as a card terminal, or they can operate using radio frequencies (RF).
When the smart card and the card reader come into contact, each identifies itself to the other by sending and receiving information. If the messages exchanged do not match, no further processing takes place. So, unlike ordinary bank cards, smart cards can defend themselves against unauthorized users and uses in innovative security measures.

Communicating with a Smart Card Reader
The reader provides a path for your application to send and receive commands from the card. There are many types of readers available, such as serial, PCCard, and standard keyboard models. Unfortunately, the ISO group was unable to provide a standard for communicating with the readers so there is no one-size-fits-all approach to smart card communication.
Each manufacturer provides a different protocol for communication with the reader.
• First you have to communicate with the reader.
• Second, the reader communicates with the card, acting as the intermediary before sending the data to the card.
• Third, communication with a smart card is based on the APDU format. The card will process the data and return it to the reader, which will then return the data to its originating source.
The following classes are used for communicating with the reader:
• ISO command classes for communicating with 7816 protocol
• Classes for communicating with the reader
• Classes for converting data to a manufacturer-specific format
• An application for testing and using the cards for an intended and specific purpose
Readers come in many forms, factors and capabilities. The easiest way to describe a reader is by the method of its interface to a PC. Smart card readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Card readers are used to read data from – and write data to – the smart card. Readers can easily be integrated into a PC utilizing Windows 98/Me, 2000, or XP platforms. However, some computer systems already come equipped with a built-in smart card reader. Some card readers come with advanced security features such as secure PIN entry, secure display and an integrated fingerprint scanners for the next-generation of multi-layer security and three-factor authentication.
Another difference in reader types is on-board intelligence and capabilities. An extensive price and performance difference exists between an industrial strength reader that supports a wide variety of card protocols and the less expensive win-card reader that only works with microprocessor cards and performs all processing of the data in the PC.
The options in terminal choices are just as varied. Most units have their own operating systems and development tools. They typically support other functions such as magnetic-stripe reading, modem functions and transaction printing.
To process a smart card the computer has to be equipped with a smart card reader possessing the following mandatory features:
• Smart Card Interface Standard – ISO 7816 is an international standard that describes the interface requirements for contact-type smart cards. These standards have multiple parts. For instance, part 1, 2 and 3 are applicable to card eaders. Part 1 defines the physical characteristics of the card. Part 2 defines dimension and location of smart card chip contacts. Part 3 defines the electronic signals and transmission protocols of the card. Card readers may be referred to as conforming to ISO 7816 1/2/3, or in its simplified term, ISO 7816.
• Driver – This refers to the software used by the operating system (OS) of a PC for managing a smart card and applicable card reader. To read a smart ID card, the driver of the card reader must be PC/SC compliant which is supported by most card reader products currently available. It should be noted that different OS would require different drivers. In acquiring card readers, the compatibility between the driver and the OS has to be determined and ensured.

Desirable Features in a Smart Card Reader
Card Contact Types refers to how the contact between a card reader and a smart card is physically made. There are two primary types of contact: landing contact and friction contact (also known as sliding or wiping). For card readers featuring friction contact, the contact part is fixed. The contact wipes on the card surface and the chip when a card is inserted. For card readers featuring the landing type, the contact part is movable. The contact "lands" on the chip after a card is wholly inserted. In general, card readers of the landing type provide better protection to the card than that of the friction type.
Smart card readers are also used as smart card programmers to configure and personalize integrated circuit cards. These programmers not only read data, but also put data into the card memory. This means that not only CPU based smart cards, but also simple memory cards can be programmed using a smart card reader. Of course the card reader must support the appropriate protocol such as the asynchronous T=0, T=1 or synchronous I2C protocols.
It won't take long before smart card readers become an integral part of every computer – and, subsequently, the lives of computer users. Computer systems with keyboards that have smart card reader/writer integration are also available.
Smart card readers are also accessible in the form of USB dongle. USB dongles are frequently used with GSM phones, which contain a SIM smart card. Additionally, phone numbers can be edited on a PC using the USB smart card dongle.

Key features and characteristics of smart cards
Cost: Typical costs range from $2.00 to $10.00. Per card cost increases with chips providing higher capacity and more complex capabilities; per card cost decreases as higher volume of cards are ordered.
Reliability: Vendors guarantee 10,000 read/write cycles. Cards claiming to meet International Standards Organization (ISO) specifications must achieve set test results covering drop, flexing, abrasion, concentrated load, temperature, humidity, static electricity, chemical attack, ultra-violet, X-ray, and magnetic field tests.
Error Correction: Current Chip Operating Systems (COS) perform their own error checking. The terminal operating system must check the two-byte status codes returned by the COS (as defined by both ISO 7816 Part 4 and the proprietary commands) after the command issued by the terminal to the card. The terminal then takes any necessary corrective action.
Storage Capacity: EEPROM: 8K - 128K bit. (Note that in smart card terminology, 1K means one thousand bits, not one thousand 8-bit characters. One thousand bits will normally store 128 characters - the rough equivalent of one sentence of text. However, with modern data compression techniques, the amount of data stored on the smart card can be significantly expanded beyond this base data translation.)
Ease of Use: Smart cards are user-friendly for easy interface with the intended application. They are handled like the familiar magnetic stripe bank card, but are a lot more versatile.
Susceptibility: Smart cards are susceptible to chip damage from physical abuse, but more difficult to disrupt or damage than the magnetic stripe card.
Security: Smart cards are highly secure. Information stored on the chip is difficult to duplicate or disrupt, unlike the outside storage used on magnetic stripe cards that can be easily copied. Chip microprocessor and Co-processor supports DES, 3-DES, RSA or ECC standards for encryption, authentication, and digital signature for non-repudiation.
First Time Read Rate: ISO 7816 limits contact cards to 9600 baud transmission rate; some Chip Operating Systems do allow a change in the baud rate after chip power up; a well designed application can often complete a card transaction in one or two seconds. Speed of Recognition Smart cards are fast. Speed is only limited by the current ISO Input/Output speed standards.
Proprietary Features: These include Chip Operating System (COS) and System Development Kits.
Processing Power: Older version cards use an 8-bit micro-controller clockable up to 16 MHz with or without co-processor for high-speed encryption. The current trend is toward customized controllers with a 32-bit RISC processor running at 25 to 32 MHz.
Power Source: 1.8, 3, and 5 volt DC power sources.
Support Equipment Required for Most Host-based Operations: Only a simple Card Acceptance Device (that is, a card reader/writer terminal) with an asynchronous clock, a serial interface, and a 5-volt power source is required. For low volume orders, the per unit cost of such terminals runs about $150. The cost decreases significantly with higher volumes. The more costly Card Acceptance Devices are the hand-held, battery-operated terminals and EFT/POS desktop terminals.

Why consider smart cards?
IF a portable record of one or more applications is necessary or desirable, AND
Records are likely to require updating over time, Records will interface with more than one automated system, Security and confidentiality of records is important
THEN, smart cards are a feasible solution for making data processing and transfer more efficient and secure.
Advantages of Smart Cards:
• The capacity provided by the on-board microprocessor and data capacity for highly secure, off-line processing
• Adherence to international standards, ensuring multiple vendor sources and competitive prices
• Established track record in real world applications
• Durability and long expected life span (guaranteed by vendor for up to 10,000 read/writes before failure)
• Chip Operating Systems that support multiple applications
• Secure independent data storage on one single card
Barriers to Acceptance of Smart Cards:
• Relatively higher cost of smart cards as compared to magnetic stripe cards. (The difference in initial costs between the two technologies, however, decreases significantly when the differences in expected life span and capabilities- particularly in terms of supporting multiple applications and thus affording cost sharing among application providers- are taken into account).
• Present lack of infrastructure to support the smart card, particularly in the U.S., necessitating retrofitting of equipment such as vending machines, ATMs, and telephones.
• Proprietary nature of the Chip Operating System. The consumer must be technically knowledgeable to select the most appropriate card for the target application.
• Lack of standards to ensure interoperability among varying smart card programs.
• Unresolved legal and policy issues related to privacy and confidentiality or consumer protection laws.

Smart Card Applications
Financial Applications
• Electronic Purse to replace coins for small purchases in vending machines and over-the-counter transactions.
• Credit and/or Debit Accounts, replicating what is currently on the magnetic stripe bank card, but in a more secure environment.
• Securing payment across the Internet as part of Electronic Commerce.
Communications Applications
• The secure initiation of calls and identification of caller (for billing purposes) on any Global System for Mobile Communications (GSM) phone.
• Subscriber activation of programming on Pay-TV.
Government Programs
• Electronic Benefits Transfer using smart cards to carry Food Stamp and WIC food benefits in lieu of paper coupons and vouchers.
• Agricultural producer smart marketing card to track quotas.
Information Security
• Employee access cards with secured passwords and the potential to employ biometrics to protect access to computer systems.
Physical Access Control
• Employee access cards with secured ID and the potential to employ biometrics to protect physical access to facilities.
Transportation
• Drivers Licenses.
• Mass Transit Fare Collection Systems.
• Electronic Toll Collection Systems.
Retail and Loyalty
• Consumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set.
Health Care
• Consumer health card containing insurance eligibility and emergency medical data.
Student Identification
• All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).