From Keys and Cards to Mobile and Biometrics: A Brief History of Credentials
Physical access control credentials have evolved over time to provide enhanced security and flexibility, while improving convenience at the door. The choice of access technology is seldom a purely security focused decision, balancing the needs of users and solution managers. In this blog post, we’ve put together a brief history of the evolution of physical access control credentials to provide some useful context for decision making today.
Mechanical Keys: The longest-serving form of access control is the mechanical lock and key. Lock and keys remain an important option for securing openings, and the technology covers a very wide range of solutions. The drawbacks of using a mechanical keyed lock generally relate to the following factors: the difficulty of controlling keys, the cost and disruptions of re-keying locks and the inconvenience of carrying and using keys.
Swipe Cards: In the 1970s, key cards emerged as a more convenient alternative to traditional keys. These were typically made of plastic and embedded with a magnetic stripe. When swiped through a reader, the card's encoded information grants or denies access. In the mid-70s, the Wiegand stripe card was introduced using physical wires embedded in the card to encode the card number. These were a relatively crude precursor to the next category of credential, eliminating some of the issues with magstripe, such as mechanical wear and the corruption of data due to magnetic sources.
Proximity Cards: Developed in the late 1980s, these credentials cards gained popularity in the 1990s. Utilizing radio frequency identification (RFID) technology, these cards grant access when the card is placed close to a compatible reader. Proximity cards, which incorporate a passive circuit/antenna array, improved convenience and durability over the dominant magnetic stripe cards in use up to that time. Prox cards, launched by HID, set the stage for a new level of convenience — and raised the bar for user experience expectations.
Smart Cards: Smart cards, introduced in the late 1990s, featured card bodies embedded with a microprocessor chip and offered an increased level of security. These cards can store and process data — including cryptographic keys — and provided stronger authentication methods. Several generations of this technology have been released, which is why modern incarnations of smart cards are still widely used today. The latest credential technologies incorporate standards-based cryptographic encoding and communication protocols that provide robust protection of the card identifier; together, with features like random card serial number (CSN), these help improve security and data privacy.
Biometric Credentials: Biometric access control credentials started gaining traction in the early 2000s. These credentials rely on the recognition of unique biological characteristics such as fingerprints, iris patterns or faces to verify identity. Biometric credentials provide high security, and in some use cases, can reduce the need for physical credentials, tokens or keys. Biometrics also introduced the notion of false rejection and false acceptance, which remain a limiting factor for universal application. Fingerprint reading still is the leading biometric factor in use today, but facial recognition is developing and growing very rapidly.
Mobile Credentials: With the widespread adoption of smartphones and smart watches, mobile credentials have become increasingly popular. Mobile access control systems leverage the device's capabilities, such as Bluetooth® or Near Field Communication (NFC), to securely transmit the credential information and enable access.
Users can present their mobile devices, often with unique opening gestures, instead of physical cards or keys, offering greater convenience and flexibility.
“Mobile, cloud-based access control makes getting into your suite or building fast, reliable and secure,” said Mike Maxsenti, General Manager of Access Control at Genea, a leading cloud-based access control provider. “Administrators have the power to enable and disable credentials, remotely, and users don’t have to carry around plastic key cards that are easy to misplace. It’s a win-win.”
Maxsenti said he has seen a sharp rise in customers switching to mobile access control. One such customer was Jamf, a technology enterprise based in Minneapolis, Minnesota who moved over 2,500 users, across their 15 locations, to mobile.
Enterprises, schools and commercial real estate portfolios are some of the industries benefiting the most from migrating to mobile. When it comes to their security, having the capability of customizing access privileges on the fly makes the most sense. — Mike Maxsenti, General Manager of Access Control at Genea
As technology continues to advance, access control systems are likely to incorporate additional features and authentication methods, including more advanced biometric mechanisms, to further enhance security and convenience. Combining authentication methods, such as multi-factor authentication, remains a powerful way to increase the level of assurance, and doing so passively is appealing to security professionals looking to maximize threat mitigation while delivering the best user experience. A simple example of this is leveraging the biometric or PIN security of a mobile phone to enable a mobile credential; combining facial recognition with passively read RFID credentials or mobile devices is a more complex way to achieve a similar goal.
Many organizations are looking to leverage mobile devices as a key component of their access control solution, and the ability to use credentials stored on a mobile device’s digital wallet is an intuitive way to bring security and convenience to the leading edge.
Luc Merredew has over twenty five years of experience working for OEMs in the fire and security space, with roles including channel sales, product line management and product/solution marketing. He has a cross-Atlantic educational background with an undergraduate degree in Mechanical Engineering from London and an MBA from F.W. Olin School of Business in Massachusetts. His current role for HID, Director of Regional PACS Product Marketing, blends inbound and outbound marketing activities with both tactical and strategic initiatives with the business. Luc is based in Irvine, CA and has been with Austin, Texas headquartered HID for eight years.