Anyone who has been involved with access control will agree that the technologies have certainly gone through major changes, moving from mechanical keys to mechanical keypads to electronic keypads to credentials. And things are still transitioning as better solutions are being offered for a growing market for enhanced security and identity management.
Our two electronic topics for June are credentials and readers; obviously these two are joined at the waste, where the type of reader employed is determined by the type of credential being used.
We contacted market leaders in reader and credential technologies, and their offerings more or less covered both topics: trends in readers as well as trends in credentials. So we had to assign them to one or the other article, while the coverage of the topic is best appreciated by reading both articles!
The electronic access control (EAC) market is also exploding with new ideas and answers. Card technologies are constantly being introduced to increase the level of security of the card encryption and the communications between the reader and the EAC.
Another notable new idea is the use of biometrics in electronic access control. So far fingerprint biometrics has been the most widely deployed technology, where the fingerscanner reader has supplanted the standard card reader and or keypad.
But because the purpose is to provide a more positive means of confirming the identity of the individual requesting access, and because of the nature of the technologies used in access control, multi factor authentication is typically deployed rather than just a biometric fingerscanner.
The processes by which a fingerprint is evaluated, is based on either a comparison between the individual’s finger and the fingerprint template which has been stored in the access control systems user database or comparing the individual’s finger against a specific template either stored or on an accompanying credential.
Yet another ‘emerging trend’ in EAC is the idea of using a smartphone as the credential, thereby making it unnecessary for end-users to remember to carry a credential, but also fulfilling the multi-factor authentication being required in more and more applications.
VIZpin Q&A
VIZpin, (formerly ECKey) uses Bluetooth technology to enable use of a smartphone to control access to doors and gates. Locksmith Ledger interviewed Paul Bodell, President and CEO of VIZpin, Inc., about this new credential and its applications. Following are Ledger’s questions and Bodell’s answers.
Can you tell us about ECKEY?
Please allow me to clarify that the company once called ECKey is now VIZpin, Inc. We have taken the ECKey hardware and developed a solution that lets you manage and control access to a wide range of remote devices including doors and gates using our Bluetooth Sensors, apps and cloud-based management software. Our software permits the connection of the reader to the IoT without requiring a local network and all the associated costs.
What products do you offer and where can they be purchased?
VIZpin is a cloud based service that is purchased directly from VIZpin, Inc. Our Bluetooth sensors are available through our Certified Partner program or through our OEM partners Southco and Securitech.
Is the VIZpin software required for all applications, and what are the costs to the dealer? Many locksmiths and their clients look for standalone operation with no monthly fees.
VIZpin is required for all applications. For simple single-door installations, our VIZpin LITE solutions comes with five free keys. If locksmiths or their customers want ongoing access to the cloud management software and audit trails, it is $39/year. If they want to upgrade to a VIZpin PLUS account with unlimited readers and users and 1,000 free VIZpin keys, we charge $10/month for each Bluetooth Reader-Controller they enroll.
Is the VIZpin software used for system administration, event logging, or as an end-user access control tool?
VIZpin is both a system administration tool and end user management tool that does not require a local network connection because VIZpin uses your phone as the gateway to the cloud management tools.
The VIZpin Partner Portal is for our Certified Partners. Our partner can administer the system and change reader-controller settings without having to go back on-site using VIZpin LINK™ which does not require a local network. The VIZpin Administrator Account lets end-users grant access, revoke access and view access activity anytime, from anywhere
Please explain your dealer program and website dealer support tools.
If you want to become a VIZpin Certified Partner, you have to purchase a Starter Kit for $649 which includes a Reader-Controller, demo stand, the first year subscription for your Partner portal and a seat in our on-line certification training. After that, you simply need to renew your partner portal and on-line certification training each year. Once certified, you will be listed on our website and have special access to technical support, volume pricing discounts and regional marketing event support.
What is required for a basic installation?
The most basic installation is four wires for an electric door strike or gate where all you need to connect is 12 VDC and Normally Open Relay to the device you are controlling. There are other connections on the reader-controller, such as door sensors and arming inputs, for more sophisticated installations but they are not required for simple installations. Once the door hardware is installed, installing the VIZpin reader-controller should take less than 15 minutes.
Can VIZpin be deployed on an opening where there are existing credentials or keypads?
Of course, we can tie directly into the same wires and power if it is 12VDC.
Is VIZpin secure? That is, the communications between a phone and a reader? How about the reader being used to inject malware into the client’s EAC or network?
VIZpin is VERY secure because we only use Bluetooth on-site. There is NO network connection so you can’t inject malware. In addition, we encrypt the Bluetooth signal with AES 128 + our own proprietary encryption algorithms as well as constantly varying the PINs. It offers considerably higher security than any keypad or RF ID-based Wiegand system.
How do you differentiate between access control and visitor management, and can a single device support both functions?
From our perspective, access control and visitor management are one and the same; the only difference is how long they have access for. One great benefit is that with VIZpin, “Your phone is your key” so you can send a secure access credential to anyone at any time from the cloud so they don’t have to stop at the front desk to check in.
Can VIZpin be used as either a standalone Bluetooth entry controller, or used and a bluetooth input device to an external EAC?
Yes, it is a reader-controller that can act as a stand-alone device or as a long-range Bluetooth reader with Wiegand out that works with any access control panel. In addition, VIZpin lets you create larger systems that are actually a series of stand-alone systems grouped together but the end-user perception is that they are all one system.
How does VIZpin Bluetooth compare to NFC? To RFID? Are there other phone based technologies out there, and how do they compare to ECKey?
We work with any Bluetooth device, classic or Smart/LE, which is 99% of the devices out there today. Bluetooth has many advantages over NFC, first it offers long read range which is more convenient and allows you to mount the readers on the secure side of the door, away from vandals and the elements.
Next, we have proprietary encryption that prevents man-in-the-middle and replay attacks. Finally, we work with all iPhones. Most of the iPhones in use today don’t have NFC and with the ones that do, NFC can only be used for Apple Pay.
Does the PC/Laptop need to be on site?
There is no PC, software or network required for VIZpin, your phone is your network.
Does the reader report opening alerts, or exceptions?
VIZpin records a wide range of transactions including opening alerts and other alarms and can be easily integrated with alarm/monitoring systems.
How many phones can be enrolled on a reader?
There is no limit to the number of phones that can be enrolled in a VIZpin reader-controller
Can a phone be enrolled/deleted on multiple readers from a central location?
Of course, we can issue and revoke credentials from our cloud portal so as long as you can get to the internet, you can manage your system from anywhere.
Farpointe
Because single-factor verification does not provide the desired, the new mullion keypad reader and the other Farpointe proximity or smartcard plus keypad readers in a standard size can provide flexible installation choices and the most reliable solutions for 2-factor validation. Farpointe’s new mullion keypad reader supports popular proximity card and tag technologies with an integrated keypad.
The mullion-sized proximity card reader features an eight-inch read range for increased convenience as the user enters a PIN on the keyboard.
Like other Farpointe products, the mullion keypad reader also carries a lifetime warranty. If something goes wrong, Farpointe will replace it.
Since many mullion keypad units are slated to be used outdoors or in dusty environments, the mullion-sized proximity/keypad combination is designed to meet IP67 certification. The unit features tamper-proof and weather-resistant epoxy potting to avoid problems with dust, mist or water. It works in temperature extremes from -40°F to +149°F (-40°C to +65°). With distinctive blue backlit keys, the digits are very easy to read in dark environments.
The mullion keypad reader mounts directly to a standard North American sized wall switch box or any flat surface.
The New Farpointe Keypad Reader meets the impending CIP-006 requirements for 2-factor authentication as described by the North American Electric Reliability Corporation (NERC).
More info: www.farpointedata.com
Zwipe
Zwipe ID © is the first commercial credential offering full fingerprint identification in an ISO 7810 ID-1 and CR 80 compatible card body. With the same format as a standard card, Zwipe ID © is targeted towards mainstream access control security systems.
Designed to work within regular MIFARE DESFire and MIFARE Classic Access Control systems, the fully self-contained fingerprint system is used to identify the legitimate card owner and places two-factor authentication on one personal device.
Zwipe ID © includes an integrated biometric sensor and utilizes Zwipe’s patent pending biometric authentication technology to allow capture of the users fingerprint and to securely maintain the cardholder’s data on the device. The ability to harvest energy from already installed access control readers not only eliminates the need for a battery, but also avoids costly reader replacement.
Zwipe ID © cards can be issued in any situation where verification of the card holders identity is essential, from pharmacies to data centers and front doors to vending machines. Zwipe ID © offers superior balance between convenience and security and can be integrated without replacing a single Access Control reader. Simple on-card enrollment allows for immediate implementation of two-factor authentication for Mifare and DESFire based access systems, both physical and logical.
The Zwipe ID © is available through Zwipe’s network of resellers. More info: www.zwipe.com.
Consider These Factors When Choosing Your Access Control System
We all know that social engineering, for instance borrowing someone’s card, has always been the easiest way around a system but there are many other ways to compromise a card/fob based access control system. Many systems can be compromised by using duplicate PIN numbers. Bad guys figure out what PIN numbers are already enrolled in the system, sometimes just by looking at the number printed on the card, then use a simple, off-the-shelf programmer to make duplicates. “Skimming” is also getting easier. Any access control reader mounted on the unsecure side of a door is easy to “skim” by attaching a simple, cheap skimming device to the reader’s output.
To help avoid these hacks, you should always use the following guidelines to prevent your system from being compromised:
NEVER mount a reader on the unsecured side of the door. A reader on the outside of a door can be easily skimmed. Always mount the reader on the secure side and when possible, out-of-site. VIZpin Bluetooth reader /controllers can be mounted anywhere within 30’ (10M) of the door/device you are controlling.
NEVER transmit unencrypted data over the air. Any data transmitted over-the-air should use AES128 encryption or higher. VIZpin Electronic Keys use AES128 Bit encryption as well as a proprietary VIZpin encryption algorithm.
NEVER transmit the same code twice. Any sophisticated hacker with enough time and resources can eventually decode any encrypted signal. Only use a system that automatically and continually changes over-the-air data so they don’t enough time to hack it. VIZpin Electronic Keys are automatically changed several times a day.
NEVER store PINs or other sensitive information in the credential. Most people wouldn’t notice if their card was missing for a few hours….or days….during which a criminal could take the information and reproduce it without them knowing. The VIZpin SMART app contains no sensitive information. It relays encrypted information from a secure server to the VIZpin Bluetooth reader /controllers.
NEVER make it easy to share a credential. Implement practices that encourage people to take responsibility and ownership of their credential. Make them aware that if they share it with someone, they will be held responsible and that the consequences are real. With VIZpin, “your phone is your key™” and people are much less likely to loan their phone to someone.
Source: VIZpin, www.vizpin.com