Physical Access End-to-End Security Smart Card Alliance Smart Cards in Government-2003 July 16, 2003 Physical Access 3:45 PM Robert Merkert Director, Strategic Accounts All Company and/or product names are trademarks and/or registered trademarks of their respective owners.
Historical Perspective - 1 1999 Dr. John Hamre, Deputy Secretary of Defense issues a memo to create a Common Access Card for Physical and Logical Access 2000 - GSA Smart Card Contract awarded 2000 - First Smart Card Interoperability Document issued 2001 Awareness of our vulnerability to attack on strategic infrastructures 2002 NIST issues Government Smart Card Interoperability specifications for contact smart cards 2002 Physical Access Interoperability Working Group (PAIWG) set up by Government agencies
Historical Perspective - 2 2002 State Department Contact Card Physical Access system put in place 2003 GSA Buildings begin installation of smart card physical access systems 2003 - NIST issues GSC-IS v2.1 to include interoperability of contactless smart cards DoD begins investigation of contact/contactless CAC card to integrate physical access control function 2003 Department of Homeland Security created. TSA and TWIC programs leading to pilot phase of physical access control for airport and seaport security 2003 - Smart Card Alliance initiates Physical Access Smart Card white paper
System Overview Main Players Access Control System Developer, Servers, Control Panels Readers and Cards Door Locks and Entrance Control System Integrator and System Installer
Simplified System Overview Access Control Badging Guard Workstation Servers LAN/WAN LAN/WAN TCP/IP MODEM MODEM RS-485 LAN/IF RS-485 Control Wiegand 1 to 32 Readers Panels Access Control Readers and Controlled Doors
System Requirements PAIWG Interoperability NIST GSC-IS v2.1 compliance Contact and Contactless Smart Card interfaces Contact card ISO 7816 Contactless card ISO 14443, parts 1-4 with a FIPS 140-2 approved algorithm Three factor authentication on exterior entrances Card, PIN, Biometric Two factor authentication on interior doorways (except some high security areas)
System Authentication Three factor authentication Smart Card (something you have) PIN (something you know) Biometric (something you are) Two-factor authentication Smart Card and PIN Smart Card and Biometric Copyright, SCM Microsystems. All rights reserved.
Security = Personal Authentication levels of authentication for an ID System Graph Relative Security Level Something You Have + Something You Know + Something You Are + + Something You Have + Something You Are + Biometric Something You Have + Something You Know ID Card + Something You Have Key or Card Something You Know PIN, Password Solutions
System Desires Compatible with currently installed controlled panels using the Wiegand (tm) communications channel and protocol. Secure channel capability. Authentication of the card and reader. Bi-directional RS-485 or TCP/IP communications channel to the control panel and/or server. Multi-level authentication modes under the control of the Acces Control Server Programmable Card Reader to extract SEIWG-12 data string or other ID string from the card.
Power Wiegand System Interface Wiegand Unlock ID Number Status * ** Interfaces between Control Panel and Access Control Readers and Controlled Doors
Full Duplex Secure Channel Concept Power Full Duplex Secure Unlock Channel Status * ** Full duplex intelligent interface between Control Panel and Access Control Readers
Secure Channel Concept Access Control Control Card Smart Server Panel Reader Card Secure authenticated Secure encrypted channels Communication ISO 7816 or ISO 14443
Programmable Security Levels Security Level Severe High Significant Guarded Low Access requirement example Contact Card, PIN, and Biometric Contact Card and Biometric Contact Card and PIN Contactless Card and PIN Contactless Card
Alternate Secure Channel Approach ADMINISTRATIVE CONTROL Access Control Server TCP/IP or RS-485 RS-485 Control Panels DOOR ACCESS CARD ID Access Control Readers with Server interface
Images courtesy of Gemplus Smart Cards for Access Control Diagrams courtesy of Atmel Corporation Contact Smart Card Contactless Smart Cards Hybrid Smart Cards a card with both a contact chip and a contactless chip Dual Interface Smart Card a single microprocessor smart chip with both a contact interface and a contactless interface.
Available Combined Technologies Different technologies can be combined: 125 khz Proximity 14443A & 14443B, 15693 13.56MHz Smart cards Contact smart cards Magnetic stripe Bar Code Photo Printing Holograms Special inks ISO/IEC 7810, 7811, 7816, Diagram courtesy Of HID Corporation
Typical three-factor Card Reader LCD display Smart Card Reader Fingerprint sensor Secure Pinpad Status LEDs indicating Security Level Acoustic alarm Contactless reader Dimensions: 175x135x45 mm (indication concept measurements)
Typical interior Card Readers Contact/RF PINPAD PINPAD/ Biometrics
Interior Portals
Exterior Installation
Entrance Portals Photo Courtesy of Gunnebo Omega
Entrance Portals Photo Courtesy of BOON EDAM
Summary Many factors are converging to provide cost-effective interoperable Physical Access Systems for both Government and Industry There is a movement towards secure channel Physical Access Systems Homeland Security will be greatly increased through the use of these improved Physical Access Systems
Contact Information For more information, contact Bob Merkert 856-784-7177 rmerkert@scmmicro.com Visit us at our SCA Booth