Access Readers and Tokens: Difference between revisions

From ACCX Products Wiki
Jump to navigation Jump to search
Line 20: Line 20:
**Tailgating protection
**Tailgating protection
**Pass-back protection
**Pass-back protection
====End to end session protocol====
=====Considerations=====
*Ideally, session is encrypted and authenticated at all levels
**User should know they are interacting with a legitimate terminal
**Token should know that it is talking to a legitimate reader
**Reader should not leak any secrets during transaction
**Secrets should not be subject to interception between reader and server/panel
***Physically secure wiring/network
***Secure/encrypted protocols
*Messages should be not be able to vulnerable to session replay
**Time stamping/serializing of messages
*Messages should not be subject to intentional or accidental alteration in transit
**Message CRC and cryptographic signing/MAC protocol
=====Protocols and Session Flow=====
*[[Example Message Flow]]


====Types of tokens====
====Types of tokens====

Revision as of 23:59, 25 November 2011

Identification and Authentication Methods

Overview

  • Identification in this context means uniquely identifying each user who presents at an access terminal or reader
    • Token ID
    • Username/user ID
    • Biometric
  • Authentication means verifying that the user is who they claim they are
    • Something they have (a token)
    • Something they know (a password)
  • Identification and authentication may be combined, but need to be considered separately.

Considerations for Access Control

  • Method must be simple and reliable
    • Users tend to bypass controls that are too burdensome
  • Must not lock out legitimate users frequently
  • Must not allow unauthorized users in to the extent possible
    • Tailgating protection
    • Pass-back protection

Types of tokens

Contactless (RFID)
Advantages
  • No electrical connection to the outside world
  • Can be mounted behind glass or inside a secure perimeter
  • No keypad or contacts to require maintenance
Disadvantages
  • Tokens can be interrogated be a third party
  • Transactions can be snooped with RF listening gear.
Types of RFID Tokens
  • Mifare
    • Have read/write capability
    • Basic encryption on-board
      • Come unconfigured, all 'F' values
      • Blocks of data are stored with encryption key after first write
    • 1K,4K version available