Access Readers and Tokens
Jump to navigation
Jump to search
Identification and Authentication Methods
Overview
Identification in this context means uniquely identifying each user who presents at an access terminal or reader. Since the point of access control and physical security is to enforce a security policy, it is important to know which exact user is attempting to gain access to the resource in question. Some typical identification methods include:
- Token ID
- Username/user ID
- Biometric
Authentication means verifying that the user is who they claim they are. It is important to logically separate these, as our system may present different choices or use different methods for different users. Authentication methods for users include:
- Something they have (a token)
- Something they know (a password)
- Something they are (biometrics/facial recognition)
Considerations for Access Control
- Method must be simple and reliable
- Users tend to bypass controls that are too burdensome
- Must not lock out legitimate users frequently
- Must not allow unauthorized users in to the extent possible
- Two-factor authentication an option (Token+PIN, PIN+Thumbprint, etc)
- SMS messaging/one-time PIN
- Tokens with unique ID that changes after each use
- Interactive applications (Smart phones, tablets)
- Protect against common failure modes
- Tailgating (multiple users entering on one token)
- Pass-back (Users passing their token to the outside so that someone else can use it)
- Doors left open/propped open
Types of tokens
Contactless (RFID)
Advantages
- No electrical connection to the outside world
- Can be mounted behind glass or inside a secure perimeter
- No keypad or contacts to require maintenance
Disadvantages
- Tokens can be interrogated be a third party
- Transactions can be snooped with RF listening gear.
Types of RFID Tokens
- Mifare
- Have read/write capability
- Basic encryption on-board
- Come unconfigured, all 'F' values
- Blocks of data are stored with encryption key after first write
- 1K,4K version available