Access Readers and Tokens: Difference between revisions

From ACCX Products Wiki
Jump to navigation Jump to search
Line 24: Line 24:
**Tailgating (multiple users entering on one token)
**Tailgating (multiple users entering on one token)
**Pass-back (Users passing their token to the outside so that someone else can use it)
**Pass-back (Users passing their token to the outside so that someone else can use it)
**Doors left open/propped open


====Types of tokens====
====Types of tokens====

Revision as of 00:14, 26 November 2011

Identification and Authentication Methods

Overview

Identification in this context means uniquely identifying each user who presents at an access terminal or reader. Since the point of access control and physical security is to enforce a security policy, it is important to know which exact user is attempting to gain access to the resource in question. Some typical identification methods include:

    • Token ID
    • Username/user ID
    • Biometric

Authentication means verifying that the user is who they claim they are. It is important to logically separate these, as our system may present different choices or use different methods for different users. Authentication methods for users include:

    • Something they have (a token)
    • Something they know (a password)
    • Something they are (biometrics/facial recognition)

Considerations for Access Control

  • Method must be simple and reliable
    • Users tend to bypass controls that are too burdensome
  • Must not lock out legitimate users frequently
  • Must not allow unauthorized users in to the extent possible
    • Two-factor authentication an option (Token+PIN, PIN+Thumbprint, etc)
    • SMS messaging/one-time PIN
    • Tokens with unique ID that changes after each use
    • Interactive applications (Smart phones, tablets)
  • Protect against common failure modes
    • Tailgating (multiple users entering on one token)
    • Pass-back (Users passing their token to the outside so that someone else can use it)
    • Doors left open/propped open

Types of tokens

Contactless (RFID)
Advantages
  • No electrical connection to the outside world
  • Can be mounted behind glass or inside a secure perimeter
  • No keypad or contacts to require maintenance
Disadvantages
  • Tokens can be interrogated be a third party
  • Transactions can be snooped with RF listening gear.
Types of RFID Tokens
  • Mifare
    • Have read/write capability
    • Basic encryption on-board
      • Come unconfigured, all 'F' values
      • Blocks of data are stored with encryption key after first write
    • 1K,4K version available