man holding smart card

Chronicling the Evolution of Access Control Credentials

Access control solutions have been around for a long time. In ancient civilizations, structures like the tombs in Egypt were erected with special access points — sliding stones to conceal entrances and meandering halls to misdirect — all to safeguard possessions from outsiders. From ancient to modern times, access control solutions have continued to evolve and mature in sophistication.

The 20th century ushered in access control solutions that were able to individually identify every building occupant and assign access rights electronically. Since this introduction, organizations have had many options to choose from over the years when it comes to credential solutions, from magnetic stripe cards and prox 125 kHz credentials, to modern-day contactless and mobile access credentials. Given the advancements of today’s access control offerings, many organizations are realizing that the time to upgrade is now.

Budgets always play a role in determining security solution decisions, but cutting corners when it comes to security can end up being quite costly. Consider, for example, the price tag (both financial and non-financial) that comes with a security breach. Whether it’s the safety of individuals, assets, or reputation, investing in a more secure and future-proof credential solution is a solid insurance policy in the long run.

Here we take a look at how access control credentials have evolved over the last several decades and explain the importance of upgrading to the latest technologies.

Improving on the Lock and Key

The swipe technologies that emerged in the ‘80s proved much more useful than the traditional manual locks and keys commonly used at that time. They offered organizations more control over managing and tracking who was coming and going. Additionally, access rights could be easily given — and revoked — without the need to change locks. But on the downside, swipe technologies had their limitations. They weren’t secure, and broken cards and physical wear and tear on both cards and readers proved to be costly and time-consuming for administrators.

The drawbacks of swipe cards played a huge part in the popularity of the prox credential technology (aka low-frequency proximity) that debuted in the ‘90s. The 125 kHz radio frequency it employed allowed the credential to communicate with readers at a range of several inches, allowing users to authenticate and pass through doors much more quickly. Another attractive perk was that prox allowed the use of fobs and tags, as well as cards — offering users more choice and flexibility. While prox was certainly a breakthrough for electronic physical access control as it reduced maintenance costs and increased user convenience, security risks were also eventually uncovered. Chief among them: prox devices were not encrypted and could be easily cloned or spoofed.

New Tech for a New Millennium

These limitations paved the way for the introduction of contactless smart cards that employed higher radio frequency signals (13.56 MHz) in order to communicate more advanced commands. These first-generation “smart cards” hit the market at the start of the new millennium, with the most notable brands being MIFARE® and iCLASS®. They contained a set of cryptographic keys, akin to passwords, that the reader used to confirm the card’s data-authorized entry. These access cards could also store customized data, allowing for new applications like storing digital currency. But, like their predecessors, these first-generation smart cards eventually proved not so smart, as hacking techniques advanced and they were also found to be susceptible to cloning.

Smart Cards Get Smarter and More Secure

Another few generations of smart cards followed, final arriving at today’s modern technologies including Seos® and MIFARE DESFire EV3.  Unlike earlier technologies, these cards come with advanced security features like secure messaging and mutual authentication, plus they rely on modern cryptographic algorithms. These technologies also enable better user privacy protection, offering the option to restrict or obfuscate the information shared without authentication.

Modern credential technologies can also offer future-proofing via a seamless pathway to mobile implementations. This is great news for organizations that seek access solutions that create and manage secure identities not only on access cards, but also on mobile phones, tablets, wearables and other credentialing devices that can connect via Bluetooth, near-field communication and other wireless protocols.

User Convenience and the Mobile Era

If enhanced security is the pot of gold at the end of the rainbow, user convenience is the stack of silver bars next to it — and with mobile, you can have both!

Mobile credentialing is the latest advancement in access control credentials. We live in a mobile-enabled world which is driving consumers’ expectations to be able to use their devices for everything. As a result, it should be no surprise that demand for credentials to be added to mobile devices has never been higher. Much like how prox once brought greater user convenience to the table resulting in the downfall of magnetic stripe cards, mobile offers the same convenience compared to physical cards in general. Why carry a card and a mobile device when you only need your mobile after all?

For security professionals, the benefits are also extensive: improved security, future-proofing with better upgradability, new ways to open the door and extended read ranges for better touchless experiences, the ability to provide and revoke credentials over the air, integrations with access and visitor management software, and OPEX-based pricing options just to name a few.

Never in human history have we had better tools to overcome access control challenges. Modern credential technologies not only ensure identity data is secure and privacy is protected, but they have also ushered in a whole new level of convenience and functionality for a safer, smarter, mobile-oriented world.

To learn more about the evolution of access control credentials, read the eBook, A Brief History of Access Control Credentials.