For a growing number of security managers who want total in-house control of their own access card systems, bar codes have emerged as a legitimate choice even when security requirements are high. Bar-coded ID cards can be produced using existing security office equipment, such as a computer, a laser printer and a roll laminator. With an inexpensive bar-code software program, any security office can make professional quality access cards and badges instantly. For higher-end applications, digital photo ID imaging equipment can create a finished product that is ready to wear with the bar code automatically imprinted. This is why so many hospitals, schools, and industrial plants have chosen bar codes one badge can be used for security, parking control, and time and attendance reporting.
Making Bar Codes Work For Security
For the past 20 years, the access control industry has been virtually obsessed with the search for the perfect key card. Millions of dollars have been spent to develop exotic methods of encrypting them, and millions more to find ways of concealing the encryption from counterfeiters. Now, after all that progress, comes the bar-coded card a simple, easily duplicated array of tiny vertical lines brazenly imprinted out there for all the world to see. From a security standpoint, this technology seems to take us down to ground zero. But in an industry in which the sophistication of other security components has emerged, the apparent weakness of the bar-coded card is easily mitigated by other factors.
A New Emphasis On Sophisticated Locks
The card access business evolved based on a simple objective to produce a key that was not easily duplicated. Until then, security depended upon metal keys that were easily duplicated, so the industry never wandered far from this original objective thus, the long standing obsession with forgery proof key cards. While the key card was enjoying all this attention, new locks emerged with some sophistication of their own, assuming new roles that old dumb locks never could. Today, the key card itself, while certainly an important part of the equation, no longer has to carry the full burden of security. Smarter locks, keypads requiring individual personal identification (PIN) codes, time and day memory programming, and covert code patches have created additional safeguards necessary to make bar-coded cards acceptable for security. How has the lock changed? For one, it can do a better job of determining who you are, and whether or not it should allow entry at any give time, day of the week, or holiday. In the past, most locks granted carte blanche entry to anyone with a key regardless of the day or time. Such locks are acceptable provided you trust everyone who has a key. Intelligent locks can grant access based on other criteria
* what you have (a card)
* what you know (a unique keypad code)
* who you are (the number encoded in the card)
* if the card is valid for that particular day and time.
Bank ATMs are a good example of how the use of low-tech cards can produce an adequate level of security when combined with other criteria. However fancy and secure your hologram-emblazoned gold card may look to you, the ATM can't actually see it and doesn't care what it looks like. It can only recognize a code read from the magnetic stripe. Any piece of cardboard with a properly encoded magnetic stripe would function with equal efficiency. In this case, the card has only one responsibility to deliver a number to a central computer. After that, it is what you know that permits the transaction to proceed. As with many access control applications, knowledge of the PIN code adds the key component to the security equation. A Few Factors Can Ease Need For High Security Card The absence of a strong motive to defeat the system. Many card access systems focus primarily on convenience, record keeping, and traffic control, and have less to do with high security and the protection of prime assets. As the old saying goes: "Locks keep your friends out, not your enemies." If it's the enemy you're concerned about, you should be looking at the most secure card and most intelligent lock. Unacceptable consequences if caught defeating the system. If you are guaranteed to get fired for subverting your company's access control system, the motive to do so is greatly diminished. The prize for successfully entering Fort Knox may be tempting, but are the consequences of failure worth it? If the price is too high, it is unlikely that there will be a problem with tampering. Limited vulnerability to harm of the controlled area. If the protected area is a parking lot, or perhaps the controlled access point is an employee entrance to a building otherwise open to the public, little harm is likely to occur if the system is violated. If the system is designed for employee convenience and meant to route the public through other entry points, card security is not a significant issue. Access restricted to business hours. If the use of the access system is restricted to business hours when no real security problem exists, there is little or no vulnerability to forged or duplicated cards because the system simply won't respond. Card access is not the primary means of security. Companies that employee security officers do not depend entirely on the access control system for security. When the access control system is subordinate to a primary guard-based system, bar-coded cards can facilitate entry control effectively. Keypads with unique PIN codes Like ATM applications, the knowledge of a unique code adds a great deal of security when forged, stolen or lost cards could compromise a secure area. Card Security. The bar-coded card can be made more secure by covering the code with an opaque patch. This prevents photo copying, and if completely invisible, deters individuals with specific knowledge about printing bar codes. There are many software programs available that can generate bar codes in almost any language composed of symbols, so fully concealing the code adds a hefty measure of security. q What's Available. Modern bar-code readers have come along way. Today, they can be all things to all people. They can operate as single door stand-alone intelligent readers, or they can be connected to a network of other readers controlled by a personal computer. The breakthrough that has made these readers simple yet powerful, is the low-cost microprocessor chip. It is the power of the microprocessor that enables manufacturers to program simplicity into their designs. We see examples of this every day without giving it a second thought. Calculators, wrist watches, cruise control, microwave ovens, you name it, it has a processor that makes all the features simple to use. That's why it now costs less to have more features and less complexity. Microprocessors have injected new life into the access control market providing opportunities for both installers and end users. Locksmiths and security dealers who have been intimidated by the overly complex systems of the past, can now enter the world of electronic locksmiths without needing much technical expertise. End users can now provide high level security to facilities that previously couldn't justify the cost.
How High-Tech Or Low Should The System Go?
The application itself is the ultimate determinant regarding how high tech a card access system needs to be; and security managers need to weigh the variables and consequences of that decision. At first glance, the variables can be deceptive. For example, a college parking lot would appear to lack any need for high tech security. Reality tends to be the opposite some students feel compelled to challenge and defeat such systems. Without sanctions to punish them, there is no deterrent; thus, no technology, no matter how exotic, would likely survive a mischievous physics lab forgery project. On the other hand, most industrial and hospital applications where security needs are great, can expect a well planned security system using bar-coded cards to deliver an effective quality performance.
About The Author
Bud Toye is president of Toye Corp., of Chatsworth, Calif., and is a U.S. patent holder and authority on card technology.