`Smart Card Integration
`into
`Physical Access Control Systems
`
`Presented by: Dwayne M. Pfeiffer
`Northrop Grumman Information Technology
`July 16, 2003
`
`USR Exhibit 2022, page 1
`
`
`
`Smart Card Alliance Conference 2003
`
`• Summary
`– What is a Physical Access Control System?
`– Why Integrate Smart Cards into Physical Access
`Control Systems?
`– Physical Access Control System Security
`Considerations
`– Smart Card Technology Choices
`– Biometrics, PINs, and Smart Cards
`– Key Questions to be Considered in Planning the
`Integration of Smart Card Technology
`– Example Integration Scenarios
`– Conclusion
`
`2
`
`USR Exhibit 2022, page 2
`
`
`
`Smart Card Alliance Conference 2003
`• What is a Physical Access Control System?
`– A physical access control system is a coordinated
`network of identification tokens (magnetic stripe
`cards, proximity cards, key fobs, smart cards, etc.),
`electronic door readers, control panels, specialized
`databases, software and computers designed to
`monitor and control traffic through access control
`points.
`
`3
`
`USR Exhibit 2022, page 3
`
`
`
`Smart Card Alliance Conference 2003
`• Sample Physical Access Control System Network
`
`Access
`Control
`Server
`
`Badging
`
`Guard
`Workstation
`
`Other
`Servers
`
`
`LAN/LAN/
`
`WANWAN
`
`RS-485
`
`TCP/IP
`
`LAN
`Interface
`
`RS-485
`
`
`ControlControl
`
`PanelPanel
`
`
`ControlControl
`
`PanelPanel
`
`
`ControlControl
`
`PanelPanel
`
`
`ControlControl
`
`PanelPanel
`
`Modem
`
`Modem
`
`
`ControlControl
`
`PanelPanel
`
`Wiegand
`
`
`
`ReaderReader
`
`
`DoorDoor
`
`LockLock
`
`
`
`ReaderReader
`
`
`DoorDoor
`
`LockLock
`
`ReaderReader
`
`
`ReaderReader
`Readers
`
`
`DoorDoor
`
`DoorDoor
`
`StrikesStrikes
`
`LocksLocks
`
`
`
`ReaderReader
`
`
`DoorDoor
`
`LockLock
`
`ReaderReader
`
`
`ReaderReader
`Readers
`
`
`DoorDoor
`
`DoorDoor
`
`StrikesStrikes
`
`LocksLocks
`
`4
`
`USR Exhibit 2022, page 4
`
`
`
`Smart Card Alliance Conference 2003
`• Why Integrate Smart Cards into Physical Access
`Control Systems?
`– Improve security
`– Add PIN and/or biometrics
`– Implement more efficient identification processes
`– Reduce the number of ID cards carried
`– Add new applications
`
`5
`
`USR Exhibit 2022, page 5
`
`
`
`Smart Card Alliance Conference 2003
`• Physical Access Control System Security
`Considerations
`–Card Security: Smart cards can help to deter
`counterfeiting, thwart tampering with an ID card and
`prevent usage of an unauthorized card
`–Card to Card Reader Communications: Smart
`cards support encryption and security techniques that
`enable card and reader authentication methods that
`can secure communication between the card and the
`reader
`–Card Reader to Control Panel Communications:
`Providing secure channels neutralizes the most
`serious threats because the reader and the card are
`the two elements that are exposed and physically
`available to an attacker.
`
`6
`
`USR Exhibit 2022, page 6
`
`
`
`Smart Card Alliance Conference 2003
`• End-to-End Security in a Smart Card-Based Physical
`Access System
`
`Smart
`Card
`Reader
`
`Access
`Control
`Panel
`
`Access
`Control
`Server
`
`Secure Authenticated Communication
`- Contact or Contactless Interface
`
`Secure Encrypted Channels
`
`7
`
`USR Exhibit 2022, page 7
`
`
`
`Smart Card Alliance Conference 2003
`• Smart Card Technology Choices:
`– Contactless Smart Card Technology
`–ISO/IEC 14443 is a 13.56 MHz contactless
`technology with an operational range of up to
`about 4 inches (10 centimeters)
`–ISO/IEC 15693 is a 13.56 MHz passive RF
`technology designed to operate at ranges of up to
`3 feet (1 meter)
`– Contact Smart Card Technologies
`–ISO/IEC 7816 contact smart cards are currently
`used for a wide variety of applications, including
`physical and logical access
`
`8
`
`USR Exhibit 2022, page 8
`
`
`
`Smart Card Alliance Conference 2003
`• Biometrics, PINs, and Smart Cards
`– Smart cards can store biometric information for an
`individual against which the individual can be
`authenticated in real time.
`– Smart card chips, depending on memory size, can
`store virtually any type of biometric information, either
`as a compressed digital template (e.g., fingerprint
`minutiae), or as a complete digital representation of
`the biometric feature (a digital image).
`– Smart cards can also store a PIN that can be
`matched at the reader and can be used with or
`without implementing biometrics.
`
`9
`
`USR Exhibit 2022, page 9
`
`
`
`Smart Card Alliance Conference 2003
`• Biometric Smart Card Devices Available for
`Integration into Physical Access Control Systems
`– Fingerprint
`– Iris
`– Hand Geometry
`
`10
`
`USR Exhibit 2022, page 10
`
`
`
`Smart Card Alliance Conference 2003
`• Some Key Questions to be Considered in Planning
`the Integration of Smart Card Technology
`– Legacy Systems
`–What is the desired timing to replace legacy
`systems?
`–How many legacy systems are in place?
`–Are different legacy systems in place at different
`locations?
`–Are there new locations that must be considered?
`– Access Points
`–What access points require new readers?
`–Do some or all access points require new
`functionality (e.g., biometrics or PIN pads) or is
`new functionality only required at selected sites?
`–Can a new multi-technology smart card meet
`security requirements at some access points
`without requiring the reader to be changed?
`
`11
`
`USR Exhibit 2022, page 11
`
`
`
`Smart Card Alliance Conference 2003
`• Some Key Questions (Continued)
`– ID Cards
`–Which employees require new ID card
`functionality?
`–Is it desirable to replace all ID cards to improve
`security and add functionality throughout the
`organization or are new ID cards only required for
`a subset of employees?
`– Data Format
`–Will the ID system numbering scheme or data
`format change?
`–How will legacy systems be modified to
`accommodate these changes? ?
`– Are there new security requirements that will require
`replacement or upgrades of the physical access
`system architecture or components, such as cabling?
`
`12
`
`USR Exhibit 2022, page 12
`
`
`
`Smart Card Alliance Conference 2003
`• Example Integration Scenarios
`– Multiple Cards, Multi-Technology Readers, Multiple
`Access Control Systems
`– Single Multi-Technology Card, Multiple Single
`Technology Readers, Multiple Access Control
`Systems
`– Single Multi-Technology Card, Multiple Single
`Technology Readers, Legacy Access Control System
`– Single Technology Card, New Single Technology
`Readers, Multiple Access Control Systems
`
`13
`
`USR Exhibit 2022, page 13
`
`
`
`Smart Card Alliance Conference 2003
`
`• Conclusion
`– It is critical for an organization to define the long-term
`objectives for a new smart card-based physical
`access control system
`– Develop a careful integration strategy and plan that
`implements the system in a logical, convenient, timely
`and cost-effective way
`– Integrating smart card technology into a physical
`access control system can be economical and
`relatively straightforward if it is well planned.
`
`14
`
`USR Exhibit 2022, page 14
`
`