`Access: Technology and Standards
`Choices
`
`A Smart Card Alliance Report
`
`Publication Date: October 2002
`Publication Number: ID-02002
`
`Smart Card Alliance
`191 Clarksville Rd.
`Princeton Junction, NJ 08550
`www.smartcardalliance.org
`Telephone: 800-556-6828
`
`Smart Card Alliance © 2003
`1
`
`SAMSUNG 1016
`
`1
`
`
`
`
`
`
`
`About the Smart Card Alliance
`The Smart Card Alliance is the leading not-for-profit, multi-industry
`association of member firms working to accelerate the widespread
`acceptance of multiple applications for smart card technology. The Alliance
`membership includes leading companies in banking, financial services,
`computer, telecommunications, technology, health care, retail and
`entertainment industries, as well as a number of government agencies.
`Through specific projects such as education programs, market research,
`advocacy, industry relations and open forums, the Alliance keeps its
`members connected to industry leaders and innovative thought. The Alliance
`is the single industry voice for smart cards, leading industry discussion on the
`impact and value of smart cards in the U.S. For more information, visit
`www.smartcardalliance.org.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Copyright © 2003 Smart Card Alliance, Inc. All rights reserved. Reproduction or
`distribution of this publication in any form is forbidden without prior permission from
`the Smart Card Alliance. The Smart Card Alliance has used best efforts to ensure,
`but cannot guarantee, that the information described in this report is accurate as of
`the publication date. The Smart Card Alliance disclaims all warranties as to the
`accuracy, completeness or adequacy of information in this report.
`
`Smart Card Alliance Members: Members can access all Smart Card Alliance reports
`at no charge. Please consult the member login section of the Smart Card Alliance
`web site for information on member reproduction and distribution rights.
`
`Government Agencies: Government employees may request free copies of this
`report by contacting info@smartcardalliance.org or by joining the Smart Card Alliance
`as a Government Member.
`
`Smart Card Alliance © 2003
`2
`
`2
`
`
`
`
`
`Table of Contents
`About the Smart Card Alliance _________________________________ 2
`Table of Contents ____________________________________________ 3
`Executive Summary __________________________________________ 5
`Why Contactless Technology __________________________________ 7
`Types of Contactless Cards __________________________________ 7
`Benefits of Contactless Smart Card Technology for Physical Access
`Control ___________________________________________________ 8
`History of Contactless Technology ____________________________ 9
`Physical Access Control Systems _____________________________ 11
`Access Control System Components _________________________ 11
`Access Control Process ____________________________________ 12
`The ID Credential _________________________________________ 12
`The Door Reader _________________________________________ 13
`The Control Panel_________________________________________ 13
`The Host System _________________________________________ 13
`Access Control System Formats _____________________________ 14
`Operational Range_________________________________________ 14
`Contactless Technologies for Physical Access___________________ 16
`125 kHz Technology _______________________________________ 16
`The Card________________________________________________ 16
`The Door Reader _________________________________________ 16
`Conclusion ______________________________________________ 17
`Key Features of 125 kHz Proximity Technology__________________ 17
`ISO/IEC 14443 and ISO/IEC 15693 Technologies ________________ 17
`ISO/IEC 14443_____________________________________________ 18
`State of the Market ________________________________________ 19
`Reader Technology _______________________________________ 20
`Key Features of ISO/IEC 14443 ______________________________ 20
`ISO/IEC 15693_____________________________________________ 20
`State of the Market ________________________________________ 21
`Reader Technology _______________________________________ 21
`Key Features of ISO/IEC 15693 ______________________________ 21
`Key Implementation Considerations____________________________ 23
`Application Type __________________________________________ 23
`Physical Access Application Solutions _________________________ 23
`Logical Access Application Solutions __________________________ 23
`Hybrid and Dual-Interface Solutions___________________________ 23
`Application Requirements __________________________________ 24
`Card Management ________________________________________ 24
`Security Policy ___________________________________________ 24
`Legacy System Considerations ______________________________ 24
`Multiple Technology and Application Support____________________ 25
`Interoperability ___________________________________________ 25
`Reader Requirements _____________________________________ 26
`
`Smart Card Alliance © 2003
`3
`
`3
`
`
`
`
`
`Two-Factor Authentication Requirements ______________________ 27
`Organizational Issues ______________________________________ 27
`Implementation Cost _______________________________________ 28
`Conclusion ________________________________________________ 29
`References_________________________________________________ 31
`Publication Acknowledgements _______________________________ 32
`Appendix A: Contactless Standards ___________________________ 33
`Basic Standards for All ID Cards _____________________________ 33
`Contactless Standards _____________________________________ 33
`ISO/IEC 10536 – Identification cards – Contactless Integrated Circuit(s)
`Cards – Close Coupled Cards _______________________________ 34
`ISO/IEC 14443 – Identification Cards - Contactless Integrated Circuit(s)
`Cards - Proximity Cards ____________________________________ 34
`ISO/IEC 15693 - Identification Cards - Contactless Integrated Circuit(s)
`Cards - Vicinity Cards______________________________________ 36
`Appendix B: Glossary of Terms & Acronyms ____________________ 38
`Appendix C: Frequently Asked Questions ______________________ 41
`
`Smart Card Alliance © 2003
`4
`
`4
`
`
`
`
`
`Executive Summary
`
`Contactless Cards Provide Advantages for Physical Access
`Contactless cards are increasingly accepted as the credential of choice for
`controlling physical access. They are both robust and flexible, giving security
`professionals the ability to reduce maintenance costs, improve employee
`productivity and increase security.
`
`Contactless smart cards offer advantages to both the organization issuing
`the card and the cardholder. The issuing organization can support multiple
`applications on a single card, consolidating an appropriate mix of
`technologies and supporting a variety of security policies for different
`situations. Applications such as logical access to computer networks,
`electronic payment, electronic ticketing and transit can be combined with
`physical access to offer a multi-application and multi-technology ID
`credential. The issuer can also record and update appropriate privileges
`from a single central location. The organization as a whole incurs lower
`maintenance costs over the system life, due to the elimination of mechanical
`components and reader resistance to vandalism and harsh environmental
`conditions. With hybrid and dual-interface cards, issuers can also implement
`systems that benefit from multiple card technologies.
`
`Three Primary Contactless Technologies Support Physical Access Control
`Applications
`
`There are three primary contactless technologies considered for physical
`access control applications: 125 kHz, ISO/IEC 14443, and ISO/IEC 15693
`technologies.
`
`125 kHz read-only technology is used by the majority of today’s RFID access
`control systems and is based on de facto industry standards rather than
`international standards. 125 kHz technology allows for a secure, uniquely
`coded number to be transmitted and processed by a back-end system. The
`back-end system then determines the rights and privileges associated with
`that card.
`
`Contactless smart card technology is based on ISO/IEC 14443 and ISO/IEC
`15693 standards. Cards that comply with these standards are intelligent,
`read/write devices capable of storing different kinds of data and operating at
`different ranges. Standards-based contactless smart cards can authenticate
`a person’s identity, determine the appropriate level of access, and admit the
`cardholder to a facility, all from data stored on the card. These cards can
`include additional authentication factors (such as biometric templates or
`personal identification numbers) and other card technologies, including a
`contact smart card chip, to satisfy the requirements of legacy applications or
`applications for which a different technology is more appropriate.
`
`Cards complying with these standards are developed commercially and have
`an established market presence. Multiple vendors are capable of supplying
`the standards-based components necessary to implement a contactless
`physical access system, providing buyers with interoperable equipment and
`technology at a competitive cost.
`
`
`
`
`Smart Card Alliance © 2003
`5
`
`5
`
`
`
`
`
`Contactless Smart Cards Offer Application Flexibility
`Standards-based contactless smart cards offer organizations the flexibility to
`select appropriate technologies driven by business requirements, rather than
`implementation constraints. This allows organizations to implement and
`enforce a wide range of security policies by deploying a system best suited to
`the application. Smart card technology – both contact and contactless –
`provides a flexible platform that can address both current and future needs.
`Multi-technology, hybrid and dual-interface cards provide additional flexibility
`to help with migration from existing systems and incorporate multiple
`technologies appropriate for different applications. Additionally,
`implementation considerations, such as the impact on the organization, cost,
`and the effect on the user population, are more effectively addressed.
`
`About This Report
`This report was developed by the Smart Card Alliance to describe the
`advantages of using contactless smart cards for physical access. The report
`focuses on providing a basic tutorial of physical access system operation and
`an overview of the three primary contactless technologies in use today for
`physical access control. The report does not attempt to fully discuss contact
`smart card technology or applications other than physical access. The report
`provides answers to commonly asked questions about contactless
`technology, such as:
`• Why consider contactless technology for physical access?
`• What types of contactless technologies are available?
`• How does a physical access control system work?
`• What standards apply to contactless smart cards?
`• What implementation considerations are critical to selecting the
`appropriate technology?
`
`Smart Card Alliance © 2003
`6
`
`6
`
`
`
`
`
`
`Why Contactless Technology
`
`Smart cards are rapidly gaining acceptance as a means of addressing the
`requirement for systems that can accurately and securely verify a person’s
`identity and rights. Smart cards include an embedded chip (either a
`microcontroller with internal memory or a memory-only chip), contain the
`tools necessary for security applications, and are available with both contact
`and contactless interfaces to readers. Properly implemented, a smart card-
`based identity verification system provides a robust barrier to unauthorized
`access.
`
`Contactless smart card technologies offer security professionals features that
`can enhance systems designed to control physical or logical access (i.e.,
`access to networks or other online resources). Contactless cards differ from
`traditional contact smart cards by not requiring physical connectivity to the
`card reader. The card is simply presented in close enough proximity to the
`reader and uses radio frequencies (RF) to exchange information.
`
`The use of contactless technologies is particularly attractive for secure
`physical access, where the ID credential and reader must work in harsh
`operating conditions, with a high volume of use or with a high degree of user
`convenience. For example, consider the use of a contactless card to control
`access to public transportation. The card can be presented to the reader
`without having to be removed from a wallet or purse. The fare is
`automatically deducted from the card and access is granted. Adding funds
`through appropriate machines at transit centers or banks then refreshes the
`card. The process is simple, safe, and accurate.
`
`Types of Contactless Cards
`There are three types of contactless credentials (cards or tokens):
`• Memory
`• Wired logic
`• Microcontroller (MCU)
`
`
`Memory cards use a chip or other electronic device to store authentication
`information. In their most secure form, memory cards store a unique serial
`number and include the ability to permanently lock sections of memory or
`allow write access only through password-protected mechanisms. Other
`than these basic mechanisms, memory cards employ no additional security
`to protect their contents. System-level methods can be used to encrypt and
`decrypt the information stored on the card.
`
`Wired logic cards have a special purpose electronic circuit designed on the
`chip and use a fixed method to authenticate themselves to readers, verify
`that readers are trusted, and encrypt communications. Wired logic cards
`lack the ability to be modified after manufacturing or programming.
`
`MCU cards implement authentication/encryption methods in software or
`firmware. Contactless smart cards with an embedded MCU have more
`sophisticated security capabilities, such as the ability to perform their own on-
`card security functions (e.g., encryption, hardware and software-based
`tamper resistance features to protect card contents, biometric verification and
`digital signatures) and interact intelligently with the card reader. Contactless
`
`Smart Card Alliance © 2003
`7
`
`7
`
`
`
`
`
`MCU cards also have greater memory capability and run card operating
`systems (for example, JavaCard or MULTOS).
`
`Multiple technology, hybrid and dual-interface contactless cards are
`available. On a multi-technology card, multiple independent technologies
`share the common plastic card body but do not communicate or interact with
`each other. For example, one card could carry a magnetic stripe, bar code,
`125 kHz technology, photo, and smart card chip.
`
` A
`
` dual-interface card includes a single chip with both contact and contactless
`capabilities. Contact and contactless technologies can therefore be
`implemented on one card, each addressing the application requirements
`most suited to its capabilities and sharing the same data. A hybrid card
`includes on one card two or more integrated circuits (ICs) that function
`independently. For example, a hybrid card could include 125 kHz technology
`and either ISO/IEC 14443 or ISO/IEC 15693 contactless smart card
`technology. The advantage of multi-technology, hybrid and dual-interface
`cards is that existing installed systems can be supported, while new features
`and functionality can also be offered through smart card technologies.
`
`With current technologies, security system designers can implement an
`architecture that includes multiple ID credential technologies. This creates a
`significant opportunity for more efficient credential management, improved
`user convenience, and easier administration of multiple security policies and
`procedures. Imagine the value of using a single multi-technology credential
`to control building or parking access and time- or project-based access to
`specific areas, and to conduct financial transactions at a cafeteria, bookstore,
`or vending machine. Through the use of the appropriate card technology,
`cryptography, and digital signatures, logical access control can be
`incorporated into networks and databases. And because the credential is a
`plastic card, it also supports the use of pictures, logos, visual inspection
`information, holograms, digital watermarks, microprinting, and other security
`markings to deter counterfeiting and impersonation. A single card is also
`more efficient for the user, simplifying coordination for changes, reducing
`memorization for complicated passwords or personal identification numbers
`(PINs), and decreasing the time for authentication.
`
`Benefits of Contactless Smart Card Technology for Physical Access
`Control
`
`Contactless smart card technology is ideal for physical access control
`applications. Because ID credentials and readers are typically exposed to
`the elements and have high usage, sealed contactless technology prevents
`damage when cards and readers are exposed to dirt, water, cold, and other
`harsh environmental conditions. With no mechanical reader heads or
`moving parts, maintenance costs are minimized. Finally, with operational
`ranges that can extend to many inches, contactless technology offers the
`user the convenience of “hands free” access.
`
`The key benefits of using contactless smart card technology for physical
`access are summarized below.
`
` •
`
` High speed of access and high throughput
`• Useable in harsh or dirty environments
`• User friendly
`-
`Less intrusive
`
`Smart Card Alliance © 2003
`8
`
`8
`
`
`
`
`
`- Does not require insertion of the card into the reader
`- No issues with orientation of the card
`- May be kept in wallet or purse for personal security during use
`• Same high level of security as contact smart cards (e.g., digital
`signatures)
`• Protected storage of data on the card
`• Flexibility to incorporate multiple applications with different modes
`- Contactless only card
`- Dual-interface contact/contactless card
`- Hybrid card that includes 125 kHz technology, 13.56 MHz
`contactless technology, and other card security features.
`- Dual-interface contact/contactless card that includes contact smart
`card technology, 13.56 MHz contactless technology, and other card
`security features
`• Reduced maintenance costs for card readers (as compared to magnetic
`stripe and contact card readers)
`• Reduced vandalism of readers
`• More durable and reliable cards (no external parts that can wear out or
`be contaminated)
`• Well-suited to accommodate local security staffing, training and
`implementation
`• Established international standards (ISO/IEC)
`
`History of Contactless Technology
`Contactless technology was first developed by the British during World War II
`as a means of identifying aircraft returning from mainland Europe. This
`system, the IFF (Identify: Friend or Foe) system, was the first general use of
`radio frequency identification (RFID). In about 1977, contactless technology
`developed by the U.S. government was made available to the public sector
`by Los Alamos National Laboratory. Shortly thereafter, experimentation
`began on tracking cattle using implanted RFID tags.
`
`By the early to mid 1980’s, companies started to reduce the size and cost of
`RF technology so that it could be embedded into employee cards for physical
`access. This technology grew in acceptance since it reduced operating costs
`(eliminating the $10-$20 cost per employee for re-keying locks and issuing
`new keys), improved productivity (providing easier, more convenient access
`for employees), and improved security (allowing access records to be kept).
`
`By 1986, Atmel Corporation was producing RFID fish tags for tracking
`salmon. RFID tagging has grown into a major industry, used for animal
`tracking, baggage tagging, laundry identification, asset and inventory control,
`car immobilization, truck and cargo tracking, and access control. RFID
`products can operate over a wide range of frequencies. The most widely
`used frequency for access control today is 125 kHz.
`
`MCU-based smart card development also began in 1986, at GEC. The card
`initially was a two-chip solution with a custom radio frequency (RF) front end
`and a smart card microcontroller from Hitachi. This first contactless smart
`card operated at a much lower frequency (300 kHz) than current smart cards,
`which operate at 13.56 MHz. This card technology was the precursor to the
`ISO/IEC 10536 specification developed later for close-coupled cards. The
`card technology was introduced in a campus card for Loughborough
`University in the United Kingdom and issued by the Midland Bank in 1988 for
`a one-year trial. The trial was so successful that it was extended for an
`
`Smart Card Alliance © 2003
`9
`
`9
`
`
`
`
`
`additional year. However, the initial card never became a mainstream
`product.
`
`The first standards-based contactless smart card product to find market
`acceptance was the MIFARE® wired logic card invented by Mikron in 1994.
`Contactless cards using MIFARE technology are the mainstream products
`used for many card ticketing applications today.
`
`The need for more secure and versatile products drove the evolution of
`contactless technology. The next generation card was a hybrid two-chip
`solution with a contactless memory chip and an MCU-based contact chip on
`a single card. The next step was a dual-interface chip that effectively offered
`a combined solution on a single chip. In early versions of the dual-interface
`card, access to memory in contact mode was via the MCU; access to
`memory in contactless mode was direct, via the RF interface. This initial
`approach allowed for simpler implementation of the design on a silicon chip.
`The MCU needed a direct supply of power to the contacts, whereas memory,
`which requires five- to ten-times less power, could receive enough power
`from the RF interface. However, because access to memory was not
`through the MCU, the contactless mode did not offer the same level of
`security as the contact mode.
`
`Recent advances in silicon technology enable an RF interface to provide
`sufficient power to the MCU for all operations. The result is the availability of
`contactless products with a secure MCU that provides all of the features of a
`conventional contact smart card and options for contact, contactless, or dual-
`interface. Figure 1 illustrates the evolution of technology that has resulted in
`today’s multi-application MCU-based contactless smart cards. Multiple
`vendors now offer a range of products that support contactless applications,
`providing businesses with a wide variety of solutions that address their
`specific applications.
`
`Figure 1: Contactless Technology Evolution
`
`Source: FC Consulting
`
`
`
`
`Smart Card Alliance © 2003
`10
`
`10
`
`
`
`
`
`Physical Access Control Systems
`
`
`To the user, an access control system is composed of:
`• A card that is presented to a door reader,
`• The reader, that responds with a signal indicating a valid card, and
`• The door or gate, that is unlocked if entry is authorized.
`Behind the scenes is a complex system of data, computers, and software
`that incorporates robust security functionality. This section describes the
`operation and components of a typical physical access control system to
`provide the context for understanding how contactless technology is used in
`an access control application.
`
`Access Control System Components
`A typical access control system is made up of the following components:
`•
`ID credential
`• Door reader
`• Control panel
`• Host computer
`• Software
`• Database
`• Door strike
`
`Figure 2 illustrates how these components interconnect.
`
`
`
`Figure 2: Access Control System Schematic
`
`
`
`
`
`
`Smart Card Alliance © 2003
`11
`
`
`
`11
`
`
`
`
`
`
`
`Access Control Process
`The access control process starts when the user presents the credential
`(typically an employee badge or ID card) to the reader, which is usually
`mounted next to a door. The reader reads data from the card, processes it,
`and sends it to the control panel. The control panel validates the reader and
`accepts the data. Depending on the overall system design, the control panel
`may next send the data to the host computer or may have enough local
`intelligence to determine the user’s rights and make the final access
`authorization.
`
`If the control panel sends the data to the host computer, the host computer
`compares the data from the card to the user’s information in a database.
`Software determines the user’s access privileges and authorization, the time,
`date, door entered, and any other information that a company may require to
`ensure security. If access is authorized, the host computer sends a signal to
`the control panel to unlock the door. The control panel then sends out two
`signals: one to the appropriate door strike, which unlocks the door, and one
`to the door reader, which emits an audible sound or otherwise signals the
`user to enter.
`
`In a typical distributed system design, the host computer will periodically
`provide the control panels with data that allow their software to determine if
`the user is authorized for access. The control panel then provides the host
`system functions described above. This system has the advantage of
`requiring less immediate communication between the control panels and
`central host computer, improving overall system performance and reliability.
`
`The response to an invalid card is defined by the company’s security policy
`and procedures. The host computer or control panel may ignore the data
`and never send an unlock code to the controller or door strike. They may
`send a signal to have the reader emit a different sound, signaling that access
`was denied. They may also notify and activate other security systems (e.g.,
`CCTV, alarms), indicating that an unauthorized card is being presented to
`the system.
`
`The role each access control system component has in this process is
`described below.
`
`The ID Credential
`A number of different credential technologies are currently in use for access
`control: magnetic stripe, Wiegand strips, barium ferrite, 125 kHz technology,
`and contactless smart cards. These technologies can be packaged in a
`variety of form factors––everything from a key fob or an employee badge to
`even more exotic forms, such as a wristwatch or ring. However, all
`credentials operate in basically the same way: they hold data that
`authenticate the credential and/or user.
`
`Some credential technologies are read-only. The information is permanently
`set, and when the credential is presented to a reader, the information is sent
`to the system. This type of credential only validates that the credential itself
`is authentic. It does not confirm that the person presenting the credential is
`the person authorized to possess the credential.
`
`The contactless smart card technologies defined by ISO/IEC 14443 and
`ISO/IEC 15693 have both read/write and data storage capabilities.
`
`Smart Card Alliance © 2003
`12
`
`12
`
`
`
`
`
`Smart Card Alliance © 2003
`13
`
`Credentials that use these technologies are more intelligent devices. They
`can store privileges, access authorizations, and attendance records. They
`can also store PINs and biometric templates, offering two- or three-factor
`authentication capabilities. The credential is no longer just a unique number
`holder but is secure, portable data carrier.
`
`The Door Reader
`The contactless door reader acts as a small, low-power radio transmitter and
`receiver. It constantly transmits an RF field or electromagnetic field called an
`excite field. When a contactless card is within range of the excite field, the
`internal antenna on the card converts the field energy into electricity that
`powers the chip. The chip then uses the antenna to transmit data to the
`reader.
`
`Once the reader has received the data, it typically processes the information
`in one of two ways. Either the information is immediately sent to the control
`panel, or the reader analyzes the data before sending it to the control panel.
`Both methods are widely deployed. Each has advantages and
`disadvantages.
`
`Readers that send data directly to the controller do nothing to evaluate the
`data or determine the legitimacy of the credential. These readers do not
`manipulate the data but act simply as conduits. They are generic readers
`and therefore can be stocked in inventory and easily added or swapped out
`of an access control system.
`
`Readers that analyze data must be integrated into the access control system.
`That is, they must be able to interpret and manipulate the data sent by the
`card and then transmit it in a form that is usable by the control panel. Such a
`system can offer an increased level of security. The reader can first
`determine the legitimacy of the card and can manipulate the data so that
`what the card transmits is not the same as what the reader sends up to the
`control panel. Because these components are interdependent, each
`configuration may have to be stocked in inventory.
`
`The Control Panel
`The control panel (also called the controller or simply the panel) acts as the
`central communications point for the access control system. It typically
`supplies power to and interfaces with multiple readers at different access
`points. The controller connects to the electro-mechanical door strike
`required to physically unlock the door. It can also be connected to different
`alarms (e.g., siren, auto-dialers, lights). Finally, the controller is usually
`connected to a host computer system. Depending on the system design, the
`control panel may process data from the card reader and the host computer
`and make the final authorization decision or may pass the data to the host
`computer for this decision.
`
`The Host System
`The host system includes a computer, software, and database. The
`database contains the updated information on users’ access rights. In a
`centralized host system design, the computer receives card data from the
`control panel. The software correlates the data with data in the database
`and determines the person’s access privileges and whether the person
`should be admitted. For example, if a person is only allowed in a building
`between 8 AM and 5 PM and it is 7:45 AM, the person is not admitted. If it is
`8:01 AM, however, the computer responds to the control panel, indicating
`
`13
`
`
`
`
`
`that the door can be unlocked. The controller sends a signal to the door
`strike to unlock the door for a few seconds. At the same time, the controller
`sends a signal instructing the reader to indicate that the door is open.
`
`In most system designs, the host system will periodically send updated
`access control information to the control panels and allow them to operate
`independently in making the decision of whether the user presenting the card
`is authorized for access. The operational characteristics are determined
`from the specific implementing organization’s access control requirements.
`
`Access Control System Formats
`The access control system format is a critical design element in the overall
`system and refers to the algorithm that specifies how data transmitted by the
`system is to be interpreted. The format specifies how many bits make up the
`data stream and which bits represent different types of information. For
`example, the first few bits might transmit the facility code, the next few the
`unique ID number, the next few parity, and so on.
`
`Access control system vendors developed their own formats, making every
`vendor’s coding unique. Like the pattern of teeth on a door key, the formats
`are kept secure to prevent an unauthorized person or company from
`duplicating a card. Existing installed access control formats must be
`considered when defining the requirements for the implementation of any
`new contactless technology.
`
`Operational Range
`To the end user, one of the most important features of access control is the
`operational range (the distance between the reader and the credential);
`another is the time it takes for an access transaction. Users have come to
`expect operational ranges of at least 4 to 6 inches (10 to 15 centimeters) and
`in some special cases, as much as 12 inches (about 30 centimeters), for
`hands-free access. Longer ranges are useful for applications such as
`entering a parking garage, allowing the user to avoid extending the credential
`too far out of the car window, especially in bad weather.
`
`Operational range is determine