Security

It will take a Culture Shift to Kill the Smart Card for Access Control

Despite advances in biometric access control, it will take a culture shift to kill the smart card, says Steve Howard, principal at Endeavor Blue LLC. “People are used to seeing the physical badge when you’re walking around,” he explains. “It’s so ingrained in people that it isn’t going away anytime soon and nothing can replace that.” Our recent Security Report shows that the market for Access Control products accounted for 24% of the global security market, totalling approx. $6.84Bn in 2016. Access Control has maintained its growth of around 10% this year as it further penetrates the IP Network business and moves into biometric, identity management and wireless locking systems. So for how long will smart cards hang on to their position as the leading access control technology? Back in June of this year, Terry Halvorsen, CIO of the Defense Department, proclaimed that the standard access card, which federal employees use to gain access to […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $180 USD per year per user ( just $15 USD per month) for Access to Quality Independent Smart Building Analysis!

What Exactly Do you Get?

  • Read every article published in full and get unlimited access to our archive of over 1,400 articles.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Despite advances in biometric access control, it will take a culture shift to kill the smart card, says Steve Howard, principal at Endeavor Blue LLC. “People are used to seeing the physical badge when you’re walking around,” he explains. “It’s so ingrained in people that it isn’t going away anytime soon and nothing can replace that.”

Our recent Security Report shows that the market for Access Control products accounted for 24% of the global security market, totalling approx. $6.84Bn in 2016. Access Control has maintained its growth of around 10% this year as it further penetrates the IP Network business and moves into biometric, identity management and wireless locking systems. So for how long will smart cards hang on to their position as the leading access control technology?

Back in June of this year, Terry Halvorsen, CIO of the Defense Department, proclaimed that the standard access card, which federal employees use to gain access to both physical buildings and computer networks, will be replaced within two years. This statement, especially the timescales, raised both eyebrows and questions at the conference where Halvorsen was speaking.

He claimed smart cards would be supplanted by an “agile, multi-factor authentication system.” Halvorsen alluded to “some combination of behavioral, probably biometric and maybe some personal data information that’s set from individual to individual.” And suggested the smart card may only retain some physical access control applications.

“As the U.S. Federal Government considers moving beyond Common Access Cards and Personal Identity Verification cards to embrace biometrics and behavioral biometrics, one can expect to see a focus on standards around two-factor authentication that enable the government to leverage innovation in the private sector, while maintaining adequate security,” Todd Thiemann, VP of Marketing at Nok Nok Labs, told Secure ID News.

“There will need to be baseline requirements for hardware devices to provide some root of trust to secure cryptographic material, as well as biometric data on the device, such as a Trusted Execution Environment (TEE) or Secure Element (SE). It also means not only providing secure operating environments for sensitive authentication operations, but also the ability to prove the veracity of that operating environment to a remote system,” Thiemann continued.

A number of experts have dismissed Halvorsen’s comments as overly ambitious and premature considering the procedures and obstacles to be navigated before such a wholesale change to federal security protocol. Firstly, for the ‘Common Access Card,’ and the PIV used by other federal agencies, to be replaced, the HSPD-12 directive signed by President George W. Bush calling for a standard and interoperable credential across all agencies would have to be repealed.

Furthermore, it would take at least two years for budgets relating to any new type of authentication system to be fully approved. Then the “behavioral, continuous biometric systems” that Halvorsen alluded to would have to undergo comprehensive and time consuming, testing and certification before use by any federal agency.

“Behavioral biometrics may play a role in securing identities in the future, particularly by supplementing authentication and countering fraud, the U.S. government will find that it is not a substitute for good primary authentication. Explicit user consent cannot be achieved unless the user takes a specific action like entering a PIN or taking some biometric action,” said Thiemann.

Biometrics may offer a step up in security over smart card but they are by no means fool proof. A fingerprint, for example, can be duplicated using gelatin molds, or the actual finger of approved personnel could be acquired using more violent approaches such as threats or dismemberment. Voice recognition systems have been overcome with recordings and face recognition systems bypassed with photographs.

These approaches may seem gruesome, espionage-esque and unlikely, but in the case of high-security federal applications they must be considered. In the end, stealing a fingerprint (or finger) can be treated much the same as stealing a smart card or a key. Furthermore, all biometrics are converted into a digital format within the access control system, making them vulnerable to hacking. A true security upgrade would need a “multi-factor” approach, but we’re not quite there yet.

Halvorsen’s remarks do point towards the probable future of federal access control. Looking five to ten years into that future and we can start to realistically imagine such fundamental change to authentication, including behavioral biometrics and derived credentials on mobile devices that can secure access to data and enable digital signing of emails.

For now, however, the humble smart card will persist in federal access control systems. Nothing currently available can replace the security, convenience and affordability of smart cards in a desktop work environment.

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

Startup Acquisitions in Smart Building Technology
Smart Buildings,Uncategorized

Startup Acquisition Activity Remains Resilient in the Smart Buildings Space

Strategic acquisitions are enabling leading players across the smart buildings market to augment their technology offerings with bolt-on startup acquisitions in several areas and increase their focus on software solutions. This forms part of a 2 pronged strategy to mitigate the risk of market disruption, with leading players (and increasingly private equity firms) taking majority […]

Carrier Strategy Map Smart Buildings Building Automation
Energy

Mapping the Strategic Direction of Carrier in the Smart Buildings Space

This Research Note examines the emerging strategic priorities of Carrier Global Corporation in the smart commercial buildings space. We have mapped M&A, divestments, strategic partnerships and investment activity to ascertain the growth ambitions of the business, by categorizing the various business relationships by technology and investment type over a 3-year period. This article is intended as a non-exhaustive indicator of […]

The Long-Term Impacts of COVID on the Physical Security Market
Security,Uncategorized

Exploring the Long-Term Impacts of COVID on Physical Security

The world has changed. The once-in-a-century pandemic that we have been consumed with for the past 3-years has changed several aspects of the way we live and work. COVID has changed the way that industries operate and the way that businesses think. All this has had a transformative impact on real estate and the development […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy