Domain: hidcorp.com
Stories and comments across the archive that link to hidcorp.com.
Comments · 11
-
Re:Possible to duplicate RFID cards?
Looks like it's this one - HID Thinline 2 - which is 125kHz.
You're probably right about it being cheaper to just pony up for a spare card, but I do have a masochistic urge to embark on elaborate and expensive projects.
If the SonMicro kit at US$96 will write to these cards then that looks interesting. Though on their forum I see something about needing "credits" to program cards, and after every so many write operations you have to go back and get more credits from SonMicro or you go read-only. That seems like a downer. Perhaps I am misreading things.
-
Access Control system
This really is a classic access control problem.
There are 3 components to this normally. An physical locking mechanism such as a magnetic lock, an authentication mechanism such as a card reader and a controller.
There are numerous comments from people about 'if the network fails then you cant get in' which might be true with a simple little homebrew system but any commerical system uses the network only for programming. The actual door controller is self contained and operates without any need to talk to the computers. The only problem loss of network causes is that you cant revoke cards or issue new ones until you get the network fixed.
Some example controller manufacturers are http://www.honeywellaccess.com/, http://www.paxtonaccess.co.uk/, http://www.lenel.com/ amongst hundreds of other.
For card readers I always recomend HIDs iClass system - http://www.hidcorp.com/products/iclass/. These are smart cards and are substantially more resistant to the card cloning that has been mentioned before. They can also include things such as retina information and fingerprint profiles on the card. This avoids having to program readers on site with these things and also means that you never actually keep the users biometrics on file. They are only ever stored on the card.
As for locks... Too many to mention. I prefer solenoid locks that protrude a solid bolt into the door as these are far more difficult to force. Many cheaper maglocks can be forced by a solid kick to the door. I really depends on the door.
AC -
Re:Proximity vs RFID
Maybe my (french canadian) english didint describe well what I meant.
Basicaly, using the iClass readers, there is a basic encryption key between the card and the reader.
Using a special card, a reader can be programmed with a NEW key.
The reader now accepts the old (public key) and new (Private key).
When an old card is presented to such a reader, the cards key changes to the private key after negotiation.
After a while, you reprogram the readers to a SECOND private key.
Now that reader ONLY accepts Private key 1 and Private key 2, no longer accepting cards from a public key,
effectively locking out ALL cards except those with your own private key.
Basic Datasheet here :
http://hidcorp.com/pdfs/products/irg_us.pdf
List of all iClass docs here:
http://hidcorp.com/page.php?page_id=27 -
Re:Proximity vs RFID
Maybe my (french canadian) english didint describe well what I meant.
Basicaly, using the iClass readers, there is a basic encryption key between the card and the reader.
Using a special card, a reader can be programmed with a NEW key.
The reader now accepts the old (public key) and new (Private key).
When an old card is presented to such a reader, the cards key changes to the private key after negotiation.
After a while, you reprogram the readers to a SECOND private key.
Now that reader ONLY accepts Private key 1 and Private key 2, no longer accepting cards from a public key,
effectively locking out ALL cards except those with your own private key.
Basic Datasheet here :
http://hidcorp.com/pdfs/products/irg_us.pdf
List of all iClass docs here:
http://hidcorp.com/page.php?page_id=27 -
Re:Why would you want an RFID blocking wallet??
The RFID blocker appears to be, as I see it, mainly for the benefit of those with RFID passports.
The vast majority of access-control systems, that I know of, do not employ RFID chips in any case. The most popular proximity system that I'm aware of uses cards and readers made by HID Corporation.
Said readers depend, typically, on either a 125kHz LF or 13.56Mhz HF signal to read a unique pattern coded into each card. Considering the penetrating power of LF and VLF signals (the Navy uses VLF to communicate with submerged subs), I'm curious to see how such a product will affect my own access card (I just ordered one of the wallet/passport case combos).
Once I get the thing, I will conduct a few experiments and post the results here.
Keep the peace(es). -
Re:Will this affect me?
Honestly, that type of system seems to have too many loopholes to be used for timecard purposes. RFID badges are quite common in corporate life -- and have been used for years to open doors and the like by waving your badge in front of it (HID is probably the most popular maker). All RFID is not created equal. Here is a white paper from HID's site on the differences between typical RFID inventory-tracking technologies versus smart card technologies: http://www.hidcorp.com/pdfs/whitepaper_tags_vs_sm
a rtcards.pdf Both are RFID, but the level of security and use is vastly different. -
Re:Keys are keys
These type of locks have been around for a while. Just not taylored toward consumer use.
Also, RFID is not a resilient as some might think. "Credit card" type prox cards can be very fragile - distribute 3000 cards a year to college students, and you'll see about a 10-20% failure rate within a year (sitting on it, punching a hole through the antenna, using it as an ice scraper...)
The chips just die sometimes - I imagine a good dose of RF near the card could easily fry it. A better route is the key fob.
A don't take the mechanical lock out of the equation for obvious reasons (electronic locks are most about convenience - only on a larger scale do they add much security.) -
Re:I'd like more info, actually
My university has impelmented a system similar to this, it works on both smart cards as well as small plastic "fobs" with what I'm assuming is an RFID chip in them. If it's not RFID it's something similar. HID makes the system. The "fobs" easily fit on key chains so gaining access doesn't involve removing a card from your wallet etc. A reader placed at waist level would usually let you in if you had your keys on your belt as you walked past. Hope this helps!
-J -
Re: There is no "SMART" RFID
Actualy, there are smart RFID cards. If you check out the HID iClass cards which are read/write and offer encription and mutual authentication. I would hope that MC plans on using something like this.
-
Re:Security
No... just because their passivly powered dosen't mean they can't process data, there are dumb and smart prox cards. A smart prox card has RAM and a processor insted of just ROM, and the processor is powered off of the magnetic field the antenna picks up. Here's an example of a smart prox card: hID iClass
-
Data Security, Contactless Smart Cards
First of all, someone mentioned above that "we all know that most laptop thefts are not by criminals that want data". While I have not seen any statistics one way or another, I think the different components of a laptop are worth more to different people. To a basic consumer, the hardware itself is probably worth more than their vast archive of Britney Spears mp3s (you're not ashamed, are you?). However, from a corporate or government perspective, intellectual property or intelligence is worth orders of magnitude more than the actual hardware cost. The hardware value is going to decrease over time anyway, but information in the wrong hands can put a company out of business or allow other nations to build nuclear weapons that much more readily.
Secondly, it is possible to have tokens with some intelligence (unlike RFID cards) yet don't require an internal power source. There are a number of companies that have developed contactless smart cards that might prove useful for this project:
FARGO
HID Corp.
Inside Contactless
Granted, these products don't have much more range than 10cm and a smart card is not necessarily a form factor that is best for this application, but the technology does exist. It would seem the iPaq and 802.11 connection they use for their research is good enough for proof-of-concept.
Thirdly, for people who have mentioned Scramdisk and DriveCrypt, did you even read the research paper? They aren't worried so much about encrypting the whole filesystem. That's been done before (with the products mentioned, plus CFS and MS's EFS). They're more concerned about the files that may be in the disk cache. Also, it's not the encryption process that's the annoyance for the user, it's the decryption process. Sure, you can easily lock the screen with a swift keystroke. But usually you're required to type your password in every time you want to decrypt. This "token" that they refer to could be considered like an agent in the ssh world, or doing a kinit in the Kerberos world. You authenticate to the token once, then it does the strong authentication for the decryption for you for a fixed period of time.
Oh, and the lost token concern? That's what key escrow is for and could potentially be considered outside the scope of this research. If data recovery is a concern, organizations can store a backup of the key (securily of course!) that can be used to decrypt the data without requiring the token (i.e. pull the drive and read the data with speciallized software). Key escrow is common practice at many organizations. However, an escrowed encryption key should NOT be used for data signing as non-repudiation becomes much more difficult to prove. Besides, the authentication method and encryption method should be sufficiently separated so that in the event that one of the keys is compromised, the other component is not affected.