Access Readers and Tokens: Difference between revisions

From ACCX Products Wiki
Jump to navigation Jump to search
(Created page with "===Identification and Authentication Methods=== ====Overview==== *Identification in this context means uniquely identifying each user who presents at an access terminal or reade...")
 
Line 22: Line 22:


====End to end session protocol====
====End to end session protocol====
Considerations
*Ideally, session is encrypted and authenticated at all levels  
*Ideally, session is encrypted and authenticated at all levels  
**User should know they are interacting with a legitimate terminal
**User should know they are interacting with a legitimate terminal
Line 33: Line 34:
*Messages should not be subject to intentional or accidental alteration in transit
*Messages should not be subject to intentional or accidental alteration in transit
**Message CRC and cryptographic signing/MAC protocol
**Message CRC and cryptographic signing/MAC protocol
Protocols and Session Flow
*[[Example Message Flow]]


====Types of tokens====
====Types of tokens====

Revision as of 23:53, 25 November 2011

Identification and Authentication Methods

Overview

  • Identification in this context means uniquely identifying each user who presents at an access terminal or reader
    • Token ID
    • Username/user ID
    • Biometric
  • Authentication means verifying that the user is who they claim they are
    • Something they have (a token)
    • Something they know (a password)
  • Identification and authentication may be combined, but need to be considered separately.

Considerations for Access Control

  • Method must be simple and reliable
    • Users tend to bypass controls that are too burdensome
  • Must not lock out legitimate users frequently
  • Must not allow unauthorized users in to the extent possible
      • Tailgating protection
      • Pass-back protection

End to end session protocol

Considerations

  • Ideally, session is encrypted and authenticated at all levels
    • User should know they are interacting with a legitimate terminal
    • Token should know that it is talking to a legitimate reader
    • Reader should not leak any secrets during transaction
    • Secrets should not be subject to interception between reader and server/panel
      • Physically secure wiring/network
      • Secure/encrypted protocols
  • Messages should be not be able to vulnerable to session replay
    • Time stamping/serializing of messages
  • Messages should not be subject to intentional or accidental alteration in transit
    • Message CRC and cryptographic signing/MAC protocol

Protocols and Session Flow

Types of tokens

Contactless (RFID)
Advantages
  • No electrical connection to the outside world
  • Can be mounted behind glass or inside a secure perimeter
  • No keypad or contacts to require maintenance
Disadvantages
  • Tokens can be interrogated be a third party
  • Transactions can be snooped with RF listening gear.
Types of RFID Tokens
  • Mifare
    • Have read/write capability
    • Basic encryption on-board
      • Come unconfigured, all 'F' values
      • Blocks of data are stored with encryption key after first write
    • 1K,4K version available
Retrieved from "https://www.accxproducts.com/wiki/index.php?title=Access_Readers_and_Tokens&oldid=197"