Some access control systems use smart cards that, in addition to having processing or memory capabilities, have a radio frequency (RF) communications capability that allows a card reader to interact with them at a short distance. These are referred to as contactless smart cards.
Contactless smart card systems can be used in high-security applications that may require greater throughput rates than contact smart card systems. Some smart cards can be equipped with magnetic stripes, barcodes, and other systems to facilitate access control.
Contactless smart cards resemble a common bank or credit card with an embedded microchip.
Some vendors offer contactless smart devices in key fob or jewelry form. In key fobs and forms other than cards, the electronic components are often embedded in an epoxy resin rather than the plastic matrix used for cards. A contactless smart card must also have an antenna, which is embedded alongside the microchip.
A Combi Card is another type of RF capable smart card, which supports both the contact and contactless communication interfaces with a single microprocessor. The personal identity verification (PIV) card is an example of a Combi Card. FIPS 201 defines authentication mechanisms at three E-Authentication assurance levels (i.e., some, high, and very high confidence) and standardizes optional credential elements that extend trust in the PIV System to functions beyond authentication.
The ISO/IEC has defined standards for the characteristics of two general categories of RF capable smart cards.
• Proximity Card, 13.56 MHz ISO/IEC Standard 14443: Cards of this type are read-only and draw power from the card reader through inductive coupling. The reader range is 0 to 4 inches, depending on the specific brand of card and electronic elements supported. The bit transfer rate for proximity cards is 106 kilobits per second (kb/s). Cards of this standard represent the majority of contactless card deployments. There
are two sub-types of proximity cards: o ISO 14443 Type A: The MIFARE® card uses lower cost memory and is primarily used for contactless ID applications. MIFARE is a proprietary series of chips that are used in proximity cards. o ISO 14443 Type B: This card offers a higher security microprocessor and encryption.
• Vicinity Card, 13.56 MHz, ISO/IEC 15693: Cards of this type offer longer operational range. These cards are often used for fare collection and inventory control tags. There are three modes of operation: read, authenticate, and write. The reader range varies by the mode used: read out to 25 inches, authenticate out to 20 inches, and write out to 15 inches. The bit transfer rate is 26.69 kb/s.
Operation
As an individual approaches the entrance to a controlled area, the contactless smart card enters the detection field of the card reader. Usually, the card bearer passes the card in front of the card reader at a distance of no more than 6 inches, but readers with ranges of up to 6 feet are available.
Some vendors recommend that the bearer tap the edge of the card on the face of the reader in order to keep the card in the reader field long enough to complete an authentication cycle. The size of the detection field varies, depending on the transmission frequencies and system’s communications protocols. In some systems, power is provided to the card from the detection field through the antenna. When the card is not in the detection field it is inert. Once powered, the card requires a very brief period for initialization. The card transmits the digital credentials to the card reader and if the individual is authorized the entry is unlocked.
Applications
Hands-free operation of contactless smart card systems minimizes the time spent at a physical access portal. This is an advantage for those workers carrying goods and materials into the workspace. Hands-free operation is also a requirement often associated with systems that operate at high levels of throughput, such as large public buildings or sports venues, where large numbers of people pass through access portals within a brief period of time. If high levels of throughput are required, caution should be used when selecting an appropriate technology for two-factor authentication. Some contactless card readers often have built in numeric keypads for entering PINs, and provisions for connecting biometric devices for two-factor authentication. Contactless smart cards are best suited to applications where tracking personnel and materials inside a protected area are required. This technology can be used for both interior and exterior applications.
Performance Metrics
Performance depends on the system’s specific technologies and applications. The general measures of contactless smart card performance include the transaction speed, read range, and the anti-collision techniques used.
The transaction speed is the total time required to complete the assigned function. A transaction cycle has four steps: input/output (I/O), memory access, encryption, and processing. Benchmark transaction speed metrics can be misleading, particularly if one part of the cycle is heavily stressed over another. For example, an access control application may only need to send a few bytes of information in order to authenticate. In this case the I/O function may be under-stressed compared to the encryption or processing steps. Another application could require transmitting several hundred bytes to provide a biometric template to a reader, stressing the I/O subsystems and leaving the processing step underutilized. The transaction speed metric must be considered in the full context of the system’s use.
Read range should also be considered within the context of the intended application. The read range is the maximum distance between the card and the reader where a transaction can be successful. The primary factor affecting read range is the power requirement of the card. Cards with microprocessors use more power than memory-only cards and require a shorter read range. The strength of the reader field is another factor. There will also be some variation in the power requirements between identical cards from the same manufacturer.
A collision occurs when a card reader sends out a request for data transfer and two or more cards respond at the same time. Anti-collision techniques refer to the methods used to resolve collisions and return coherent messages to the reader from the cards in the field. The speed at which the system can resolve collisions is a significant factor in the system’s overall performance. Collisions occur more frequently with longer read ranges and longer transaction times.
The two techniques below, which are commonly used, require the card to have an on-board processor.
• Bit Collision Technique—when a collision is detected because the reader received unintelligible bits, the reader ignores the response and uses software techniques to restrict subsequent requests for data transfer until only one card responds. Since the read range for this type of card is only 4 inches, collisions will not be a major issue. ISO/IEC 14443 is the primary contactless smart card standard being used for transit, financial, and access control applications. It is also used in electronic passports and in the FIPS 201 PIV.
• Slot Marker Technique—this technique requires the card reader, when idle, to send continuous request messages within a specific time slot to find cards in the vicinity.
ISO/IEC 15693 establishes standards for the physical characteristics, radio frequency power and signal interface, and anti-collision and transmission protocol for vicinity cards that operate to a maximum of 1 meter (i.e., approximately 3.3 feet).
Vulnerabilities
Contactless smart card systems that place authentication algorithms and templates on the cards are intrinsically more secure than systems that maintain this information online. Once online this information can be stored in central archives offline. Online template databases always have some vulnerability to hacking.
References :
- Access Control Technologies Handbook
see also :