Access Readers and Tokens: Difference between revisions
| Line 38: | Line 38: | ||
====Types of RFID Tokens==== | ====Types of RFID Tokens==== | ||
Most of the commercial RFID vendors require an NDA and/or purchase commitment to get access to their detailed specifications. | |||
There are at least two systems with widely-published specifications and products available from multiple vendors. | |||
*EM4100/TK4100 | |||
**[http://www.yzrfid.com/download/ic%20cards/EM4100.pdf Vendor Spec Sheet] | |||
**125Khz (Low Frequency) tags | |||
**Read-only and read-write versions available | |||
**26-64bits of data typical | |||
**Writing tends to be slow | |||
*Mifare | *Mifare | ||
**13.56Mhz (High Frequency) tags | |||
**Have read/write capability | **Have read/write capability | ||
**Basic encryption on-board | **Basic encryption on-board | ||
***Come unconfigured, all 'F' values | ***Come unconfigured, all 'F' values store in data blocks | ||
***Blocks of data are stored with encryption key after first write | ***Blocks of data are stored with encryption key after first write | ||
**1K,4K version available | **1K,4K version available | ||
**NXP, other vendors sell token and reader chips | |||
***[http://www.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/ NXP Mifare site] | |||
Revision as of 10:46, 13 May 2012
Identification and Authentication Methods
Overview
Identification in this context means uniquely identifying each user who presents at an access terminal or reader. Since the point of access control and physical security is to enforce a security policy, it is important to know which exact user is attempting to gain access to the resource in question. Some typical identification methods include:
- Token ID
- Username/user ID
- Biometric
Authentication means verifying that the user is who they claim they are. It is important to logically separate these, as our system may present different choices or use different methods for different users. Authentication methods for users include:
- Something they have (a token)
- Something they know (a password)
- Something they are (biometrics/facial recognition)
Considerations for Access Control
- Method must be simple and reliable
- Users tend to bypass controls that are too burdensome
- Must not lock out legitimate users frequently
- Must not allow unauthorized users in to the extent possible
- Two-factor authentication an option (Token+PIN, PIN+Thumbprint, etc)
- SMS messaging/one-time PIN
- Tokens with unique ID that changes after each use
- Interactive applications (Smart phones, tablets)
- Protect against common failure modes
- Tailgating (multiple users entering on one token)
- Pass-back (Users passing their token to the outside so that someone else can use it)
- Doors left open/propped open
Types of tokens
Contactless (RFID)
Advantages
- No electrical connection to the outside world
- Can be mounted behind glass or inside a secure perimeter
- No keypad or contacts to require maintenance
Disadvantages
- Tokens can be interrogated be a third party
- Transactions can be snooped with RF listening gear.
Types of RFID Tokens
Most of the commercial RFID vendors require an NDA and/or purchase commitment to get access to their detailed specifications. There are at least two systems with widely-published specifications and products available from multiple vendors.
- EM4100/TK4100
- Vendor Spec Sheet
- 125Khz (Low Frequency) tags
- Read-only and read-write versions available
- 26-64bits of data typical
- Writing tends to be slow
- Mifare
- 13.56Mhz (High Frequency) tags
- Have read/write capability
- Basic encryption on-board
- Come unconfigured, all 'F' values store in data blocks
- Blocks of data are stored with encryption key after first write
- 1K,4K version available
- NXP, other vendors sell token and reader chips