The path to more secure credential technology

 

Published October 2020

 

By Brian Marris, product manager, Allegion connected accessories

 

The campus card plays a vital role in daily campus routines, from controlling access to monitoring meal plans and more. With so much relying on it, changing campus card technology can seem overwhelming. If it’s not broke, why fix it?

 

 

While your university’s current technology might not be broken, there are newer technologies available that offer an enhanced experience. Smart cards and mobile credentials using MIFARE® DESFire® technology offer encrypted security, which can protect against unwanted duplication.

 

There are many reasons why campuses might consider upgrading their credential technology. However, some are not sure where to start or they don’t know what they need to make the transition. Outlining a clear, strategic migration path from your current state to your college’s ideal future state helps.

 

Making the case for mobile credentials


Implementing a more secure credential


As I describe in this CR80 News article, encryption is like a technologically advanced handshake. It protects the data being relayed between the reader and credential by essentially taking the information in the chip of the credential, shredding it apart, sending it to the reader and putting it back together. It does this by using a microprocessor and encryption algorithm to protect the data when it is transmitted over the air.
 

Because proximity and magnetic stripe cards are unencrypted, upgrading from one of these legacy technologies to smart card technology or mobile credentials can significantly improve security across campus.

Because proximity and magnetic stripe cards are unencrypted, upgrading from one of these legacy technologies to smart card technology or mobile credentials can significantly improve security across campus. There are devices available for purchase that can copy unencrypted credential information and even YouTube tutorials for cloning proximity cards. There are also the kiosks like Key Me that duplicate RFID credentials. While smart card technology can be duplicated, it’s far more common with unencrypted technologies like proximity and magnetic stripe cards.

 

Mobile credentials can use the same level of encryption as smart cards, and in some cases these technologies use more advanced encryption. It’s based on the design of the mobile credential, so it’s important to inquire about the encryption upfront.

 

The Smarter Approach to Security article offers more on the benefits of encrypted technology.

 

Embracing technology for better student experiences


The campus experience is an important factor to consider. Can students access their meal plans with the same credential that allows them to effortlessly move around campus? The goal for many universities is to simplify a student’s routine as much as possible. Carrying multiple cards and brass keys isn’t ideal. Mobile student IDs make access and transactions on campus seamless, meaning the students only need to carry their mobile device or Apple Watch.

 

Another common reason colleges and universities want to upgrade their credential technology is to stay current. One way a school can differentiate itself and stand out to students is by pioneering and adopting the latest technology that supports a safe and seamless campus experience.

 

Schools that don’t start thinking about their future and how mobile is part of that picture might fall behind. New iterations and capabilities will continue to be released to make the campus environment more efficient, convenient and secure. Universities across the U.S. have already experienced the benefits of mobile student IDs.

 

An efficient, virtual experience for staff


For schools that opt for mobile credentials, the distribution of credentials can be much more efficient come time for student orientations. This is especially important now when card offices are working on plans to avoid clusters of students forming in lines at the card office.

 

Digital student IDs can be issued virtually, eliminating the need for most students to have to come to the card office to pick up a physical card. It also saves costs associated with ordering and printing.

 

Smart cards vs. mobile credentials


While I have focused primarily on the benefits of mobile credentials here, many of these features can be enjoyed by smart card users. Smart cards offer advanced encryption to help prevent duplication threats. They also come with more computing power than proximity or mag stripe options, which allows schools to use a single credential. Combining what might have been two or more cards helps from a management perspective. It’s also much more convenient for the students.

 

There are other advantages to having a physical smart card. Some schools choose this option because they want students to wear a form of identification that shows their name and photo to easily identify who should, and should not, be on campus. Other schools find it’s best to have a physical smart card as an alternative for students who might not have or be able to afford a smart phone.


 

Planning for the future: How to upgrade your campus card technology


Identifying an ideal state will vary by campus. Each campus has different security needs and different pain points. For example, a larger school with tens of thousands of students moving throughout campus is going to have vastly different security needs compared to a smaller college. That said, a mobile or smart solution that’s interoperable is a suitable choice for most schools.

 

Whether a school chooses a full mobile solution or an interoperable smart card technology, the university is moving in the direction of a solution that offers a higher level of security, flexibility and convenience.

 

Each school should evaluate their needs, like security, convenience and budget, to determine their ideal future state. How you get to the future state will depend on your current hardware and technologies. It’s helpful to conduct a hardware audit upfront. Check out these tips to get started.

 

Understanding what you have today and where you want to go tomorrow will help you to plan a migration path—a strategy to upgrade your campus card platform. Do you have hardware in place that will support the new smart card technology? Do you need smart card readers? Does your access control system support mobile student IDs? All of this should be considered as you strategize your transition.

 

Here are some possible recommendations to consider when developing a migration path:

  • Remember that this will look different for each school. It should be a personalized approach that fits your university’s needs.
  • Document your current state and ideal future state, knowing it might not be a direct jump from one to the other.
  • Involve all the stakeholders upfront. Communication and collaboration are crucial.
  • Review the pros and cons of upgrading, challenges, possible scenarios and more with your team. For example, a pro for mobile would be it can deliver a better experience for students. A con could be the upfront investment in new readers.
  • Think about future proofing. The interoperability of the credential technology is important to your future choices in hardware and software. Regardless of the technology you choose, it’s important to pick an open, secure platform.
  • Contact Allegion for assistance.
     

Example scenarios


Let’s look at a couple common scenarios that colleges and universities face. It’s important to keep in mind that there are many options available and these are just examples. Allegion experts are available to develop tailored path if you would like to explore your campus’s migration plan with someone.

 

Scenario 1: University is using proximity credential technology but wants something more secure. However, the medium-sized campus isn’t currently ready for mobile.


Possible recommendation: Transition all student and facility credentials to MIFARE® DESFire® EV2 smart cards and switch out readers with mobile-enabled, multi-technology readers

Mag stripe to smartcards example

1. If budget allows, upgrade the hardware to mobile-enabled, multi-technology readers all at once. While there are upfront costs, it could be more economic in the long run.

2. Consider transitioning the readers when students aren’t on campus so it can be done with little interruption.

3. Choose an interoperable, multi-technology solution so that your school is better prepared to migrate to mobile credentials when you’re ready.

4. Deploy the new credentials to the entire facility population first and student population when they return to campus.

 
 

Scenario 2: University is using proximity credential technology. It wants something more secure, and the school is eager to offer a digital solution for students.

 

Possible recommendation: Mobile student IDs with mobile-enabled, multi-technology readers

Mag stripe to mobile credentials example

1. Changing from a legacy credential technology to mobile will likely require new card readers, depending on what hardware is in place. This is to be expected whether your school is moving to smart cards or mobile credentials for improved security.  

2. Working with your access control provider will be a necessary step in ensuring the campus is ready for a mobile credential.

3. In this scenario, your university sees value in adopting a mobile solution and wants it available soon. Follow the same transition as scenario 1, but instead of MIFARE DESFire EV2 smart cards, deploy mobile credentials.

 

 

Scenario 3: University is using proximity credential technology. Security and convenience are important, but budget is limited right now.


Possible Recommendation: Multi-technology smart credentials paired with mobile-enabled, multi-technology readers, then Mobile student IDs

Mag stripe to smartcards example

1. Transitioning from proximity to a more secure technology often requires readers to be upgraded. If your school is more comfortable with a slower transition to break up the costs, a transition plan over three or four years can be considered.

2. During this transition, your university will begin changing out proximity readers with mobile-enabled, multi-technology readers. These readers need to be able to support proximity technology, smart and mobile technologies.

3. During year one, your school will need to order multi-technology credentials with proximity and smart technology in a single card. These tend to cost more than a smart credential, which is why this option could be more expensive over time.

4. Incoming students receive these multi-technology credentials over the next few years. Once all the readers on campus have been upgraded, your school can begin to deploy mobile-only credentials to incoming students. 

 
 

Scenario 4: University isn’t happy with their current proprietary solution. Security is of upmost importance, but the school also wants to understand its choices in electronic access control hardware.


Possible Recommendation: Work with a trusted authority to create a custom key, created specifically for your university. Then transition all student and facility credentials to a MIFARE® DESFire® smart card solution and switch out readers with mobile-enabled, multi-technology readers.

Interoperable credentials example

1. The first and most important step is to have a custom key created that your university owns and can leverage for interoperability.

2. The transition will be a similar approach to scenario one. If budget allows, upgrade the hardware to mobile-enabled, multi-technology readers all at once. While there are upfront costs, it could be more economic in the long run.

3. An alternative solution would be to take a temporary step back in security so you can transition slowly to a secure and interoperable solution. If your school is more comfortable with a slower transition to break up the cost, a transition plan over three or four years can be considered.

4. Speak with an Allegion to discuss the specific details. Our team of experts can help you develop a tailored plan of action.

 

Summary


As mentioned, these are just examples. It’s important to consider your college or university’s needs to develop a plan for migrating to new, more secure credential technologies and understand all the options available to your school. Contact an Allegion expert to learn more.  

Related articles:
 

The smarter approach to campus security

Take control of your campus by migrating to open, smart credential technology.
 

How to choose a new campus card technology

When it’s time to start exploring a new campus card platform, these questions can help get the process started.