Commercial Solutions

A SENSIBLE APPROACH TO USING PROXIMITY RFID IN COMMERCIAL ACCESS CONTROL ENVIRONMENTS

By Shep Sheppard
Northern Regional Sales Manager and Key Accounts, Farpointe Data

Recent industry reports indicate that there is a lot of 125-kHz proximity technology deployed—and still being deployed—in electronic access control applications. Given the rise in discussions around cybersecurity threats, what accounts for proximity’s continued use? We all know of proximity’s vulnerabilities and recommendations for avoidance in security-relevant applications. This is old news. However, with proper precautions and strategic measures in place, proximity technology may still be used effectively in appropriate commercial environments.

Whether for securing executive suites, sensitive equipment in server rooms, or confidential HR documents, proximity readers may be found installed around the office. By securing employee entrances, stockrooms, and storage areas, retailers use proximity technology to protect valuable merchandise from unauthorized access and manage the workforce. Similarly, industrial facilities use the technology to prevent unauthorized personnel from accessing restricted areas or dangerous equipment, thereby safeguarding both people and property. The security risks of 125-kHz have been known now for many years, so why is it still the prevailing technology in so many access control installations?

Cost, convenience, and trust are perhaps the main reasons for proximity’s continued use. Today NXP Semiconductors’ newer and more secure MIFARE® DESFire® EV3 contactless smartcard technology is the typical answer to proximity vulnerabilities, and no doubt, is advisable for applications requiring greater protection. However, that higher security also comes at a price: higher cost and less convenience. The complexity of 13.56-MHz smartcard encrypted communications can result in slower read times and shorter read ranges. Trust is another factor. The proprietary nature of smartcard technology is unfavorable to some customers who may find they are “locked in” to a single supplier—think long lead times and rising costs. And finally, many users simply ask when the newest technology’s flaws will be exploited, just as when contactless smartcard credentials based upon MIFARE® Classic technology was first cracked and made insecure in 2007.

So the question is, how can 125-kHz proximity—and the commercial environments that use this technology—be made more secure in an efficient and cost-effective manner? One answer lies at the tip of your finger.

Keypad readers may elevate security by adding a second layer of identification—or multi-factor authentication—to the access transaction. When using both a card and a personal identification number (PIN), security is based on something you have, a card, as well as something you know, a PIN. Card cloning is nullified as the PIN is not contained in the credential, and therefore cannot be sniffed, copied, duplicated or cloned. The PIN number is essentially as safe as the vigilance and conscience of the user. An important point to make here is that this is the case with any access card deployments, no matter how sophisticated the technology.

Another way to enhance security in proximity installations is by incorporating higher-security technology—such as smartcard or mobile—at perimeter access points. This blended strategy heightens security at the first line of defense and allows proximity to be deployed at interior points that might require less protection. For one-card solutions, some suppliers offer credentials that incorporate both contactless smartcard and proximity technologies into a single credential. And as with any RFID solution, it’s important for end users to have a good security strategy in place and to educate system users on their role in maintaining credential security.

To be clear, mobile and smartcard ID technologies—both making use of advanced authentication, encryption, and data protections—should be used for new, sensitive, security-relevant deployments. However, by maintaining a balance of caution and common sense—perhaps including keypad readers or a blended strategy—proximity may still be an appropriate solution for existing installations under the right circumstances.

To learn more about access control identification for commercial applications, call Farpointe Data at +1-408-731-8700, or email .

Shep Sheppard, Northern Regional Sales Manager and Key AccountsShep Sheppard

Northern Regional Sales Manager and Key Accounts