45,000 pre-printed contactless cards with transit tie-in issued at the University of Cincinnati. Time for change The campus wanted to move from a mag stripe only credential to a card with both mag stripe and a contactless chip. “The primary reasons for issuing new IDs is to provide increased security and improved functionality,” explains Diane Brueggemann, technical services manager at the University of Cincinnati. For Cincinnati, a university with a large population, challenges included logistics and staffing for mass card distribution events. “We were able to overcome these challenges because we included all major stakeholders – including student government representatives – on the recarding committee,” says Brueggemann. The university wanted a more secure contactless technology card to upgrade physical access readers and integrate with the local Cincinnati METRO system, says Tim Nyblom, director of the education group at ColorID. “Their overarching goal was to find a single card that could accomplish all of this.” The new cards include DESFire EV1 contactless chips that facilitate access throughout the campus’ network of HID readers and Blackboard access control and point-of-sale readers, says Nyblom. Team effort Cincinnati enlisted the help of ColorID to provide cardstock and assist in the issuance process for the university’s 45,000 active cardholders. ColorID worked with HID Global to provide pre-printed contactless cards that were pre-encoded with custom transit credentials to meet the SPX Genfare specifications for the SORTA system, explains Todd Brooks, director of product management at ColorID. The ColorID service bureau personalized the initial 45,000 cards adding cardholder photos and personal information. Before shipping to campus, the mag stripes were encoded and two applications were programmed into the DESFire EV1 Chip. Cards were sorted and then shipped per preset preferences established to ease onsite distribution. The full recarding process took about three and a half months and concluded in the fall of 2015, explains Nyblom. “There were many months of additional planning, testing and creating samples that took place well before the recarding project could begin,” he explains. “The 45,000 cards preprinted by ColorID consisted of registered students, active faculty, staff and affiliates,” says Brueggemann. To ease the distribution burden, the university held two separate distribution events – one for faculty and staff credentials and a second for students. In total, the university ordered 65,000 cards from ColorID, with 45,000 being used for the initial recarding project. “The remaining 20,000 cards are Cincy’s base, pre-printed cardstock that will be kept on campus for normal card office distribution,” explains Nyblom. Following the initial distribution event, all cards are now produced on demand in the card office. For these cards, only the back portion is pre-printed while the front is personalized at the point of issuance. “Cincy chose a reverse-transfer printer, which allows them to print a very high quality card, similar to how a pre-printed card may look,” explains Brooks. Troubleshooting Projects the size of Cincinnati’s are rarely without their challenges, but with a comprehensive plan and the support of an experienced vendor, the challenges can be managed. “The biggest challenge was correctly encoding the transit portion of the cards,” says Brooks. “We spent several months working with all parties involved – including the university, the card manufacturer, the transit equipment manufacturer and the transit authority – to make sure the encoding was done correctly.” Another challenge was getting all of the credentials on to the card. “Applications have specific methods for encoding credentials on a chip and they may not coincide. You have to determine which applications can be pre-encoded versus encoded in the printer or at the desktop,” explains Brooks. “Since Cincy is issuing randomized ISO numbers, pre-encoding was not a viable option. We pre-encoded the transit portion and then added the access control and the Blackboard application data at the desktop.” The final hurdle came in the form of working with older systems and processes. Cincinnati had multiple legacy access control systems so an individual’s images, biometric templates and ID numbers from the previous cards were held as records in different systems, explains Brooks. This created the need to encode the legacy access application using a desktop encoder. Many hands, light work “From a secure suite at our headquarters in North Carolina, our service bureau is equipped to personalize ID cards for projects large and small,” explains Brooks. “We are experienced with a wide range of card technologies, back end systems, hardware and software.” At Cincinnati, the company facilitated and managed a great deal of the recarding project. “Their expertise and experience was essential to making this project a success,” says Brueggemann. About ColorID, LLC
Over the past 17 years, ColorID has become a highly recommended supplier of solutions for security, identification, access control, biometrics and transaction management. Though primarily focused on specific North American markets, ColorID also provides these solutions to organizations around the world. The company’s highly knowledgeable and customer-focused sales and product management teams help customers select the best products and services from well-known and innovative manufacturers to meet their requirements. Also, the company’s engineering team provides exceptional support for the life of those products. Contact ColorID at 704-987-2238 or toll free in Canada and the US at 888-682-6567. Visit ColorID on the web at: www.colorid.com or email ColorID at [email protected].
0 Comments
Outside of mobile credentials, wearable devices are a fast growing industry with the sky being the limit. Check out the below video to see the Nymi Band in action and you'll be wondering how to get one for yourself. Although the product is still finding it's applications, things are moving quickly for them as since a generic video launched in 2014, over 500,000 views occurred. There is plenty of interest in this product, check out the video below.
About ColorID: Founded in 1999, ColorID is one of the world's largest integrators of identification technologies and solutions for security, identification, access control, biometrics and transaction management. Though primarily focused on specific North American markets, ColorID also provides these solutions to organizations around the world. The company’s highly knowledgeable and customer-focused sales and product management teams help customers select and integrate the best products and services from the identification industries most innovative and preeminent manufacturers. The company’s engineering team also provides exceptional support for the life of all products. Contact ColorID at 704-987-2238 or toll free in Canada and the US at 888-682-6567. Visit ColorID on the web at: www.colorid.com or email ColorID at [email protected].
What a campus needs to know when migrating to contactless or mobile credentials... The topic of campus migrations, contactless cards and mobile credentials can seem overwhelming and offers unique challenges for a University infrastructure. There seems to be so many opinions and options that no one wants to be the one to make a technology decision just to find out in the next few years that decision has already been rendered obsolete. When contemplating a campus migration from magnetic stripes or proximity “125 kHz Prox” cards to an advanced technology contactless card or mobile credential, there are many things that must be taken into consideration including security, convenience and scalability. The following are a few topics to keep in mind when starting this kind of project. How will my new contactless card or mobile credential affect other stakeholders on campus? One of the largest issues we see within the University sector is the fractionalization that exists within the institutions. Typically, people in the card office, housing, physical security, dining, etc. don’t take into consideration how their decisions will affect other parties on campus. ColorID has worked with hundreds of Universities to carefully navigate this migration process. Contactless migration should be a campus wide initiative, so one of the first things we recommend when starting the process is to call a meeting with all of these stakeholders. It is important that the contactless card or mobile credential must work with all of the different systems and readers on campus and therefore the best approach is to start with that end in mind. During these stakeholder meetings, the terminology is extremely important and can be very valuable. What one person thinks or understands of a technology could be entirely different from another colleague in a different department. Getting everyone on the same page early can avoid headaches, misunderstandings and costly delays down the road. What are some factors from other stakeholders that may narrow my technology options? One of the most important decisions related to campus migrations is the preference of offline and/or wireless lock models. Housing typically has a very strong opinion about their residence hall locks and that will play a key role in the type of contactless technologies that are available. Another important factor will be the Campus Card Integrator. Many of the popular integrators support specific contactless technologies and readers for their POS and other systems. Knowing answers to these questions can quickly narrow your focus to certain contactless technologies, readers, and manufacturers. How does a contactless card affect my card issuance process?
Now that I have my new contactless card, there are many card issuance decisions that need to be addressed to streamline the card office operations. 1. Contactless Card Programming -- pre-encoded cards vs. encoding in the printer or at the desktop It is typically easier to purchase pre-encoded cards and then capture the number during the printing process, but some specific formats and number types aren’t suitable for this process. For instance, schools utilizing randomized ISO numbers for access control may need to encode their own card data. 2. Encryption Keys -- manufacturer’s encryption key or custom key Most manufacturers provide contactless cards with their standard encryption keys unless custom keys are requested. Over the last year, we have seen a trend toward institutions wanting to manage their own encryption keys versus using the manufacturer’s standard key. Managing your own custom keys can add another layer of security to your credential, but it also brings along a management burden. What happens if you lose the key or it is compromised? Who has access to the encryption key? How is it stored and protected? 3. Printing Method – Reverse Transfer vs. Direct-to-Card (DTC) With contactless cards, it is recommended to use reverse transfer type printers to reduce the risk of ghosted images where the chip is located. Reverse transfer printers print to a thin film instead of directly onto the card surface like direct-to-card (DTC) printers. DTC printers can still be used to print contactless cards, but it is advisable to use pre-printed cards or modify your artwork so that it doesn’t include the chip location. 4. ID Software – Does your ID software support contactless cards? Typically with contactless cards, the ID Software must be matched to the printing platform for encoding high frequency chips. For instance, if you have a Fargo printer you will most likely need to use AsureID to encode the cards or capture the pre-encoded numbers in the printer (although there are some exceptions). The same is true for other manufacturers. Also, your Campus Card Integrator may only support a certain type of ID software and printer for card issuance. What are the most future proof solutions helping meet an institution’s needs? Probably the most important decision when migrating your campus to contactless is to keep the future in mind. You will want to choose a platform that will provide the greatest ability to keep your campus secure into the future. The latest technologies include AES encryption or asymmetric encryption utilizing digital certificates. These encryption methods provide added security and to date have no known vulnerabilities. Some manufacturers are even providing solutions that can be updated in the field if the encryption methods are ever compromised. Choose a platform that will allow you to utilize mobile credentials in the future as most students are now carrying smart phones. In the past year we have seen a steady adoption of mobile solutions and we believe that will continue to increase in 2016. There are many mobile solutions available utilizing NFC, Bluetooth Low-Energy, and Geo-Location. So now that you are aware of some of the key points to cover when beginning a contactless migration, it should be straight forward to start the process. Organize a plan to get your necessary stakeholders on board, understand your technology options, determine the constraints that are in place with other 3rd party hardware and software products, and choose a technology partner that is knowledgeable in the latest identification platforms who can help guide you through the process and are vendor neutral yet vendor experienced. About ColorID: Founded in 1999, ColorID is one of the world's largest integrators of identification technologies and solutions for security, identification, access control, biometrics and transaction management. Though primarily focused on specific North American markets, ColorID also provides these solutions to organizations around the world. The company’s highly knowledgeable and customer-focused sales and product management teams help customers select and integrate the best products and services from the identification industries most innovative and preeminent manufacturers. The company’s engineering team also provides exceptional support for the life of all products. Contact ColorID at 704-987-2238 or toll free in Canada and the US at 888-682-6567. Visit ColorID on the web at: www.colorid.com or email ColorID at [email protected]. Excellent piece by our friends at CR80News and one of closest manufacturers HID with a look at the University industry when it comes to the latest & greatest technology available, click the below image to read more. About ColorID: Founded in 1999, ColorID is one of the world's largest integrators of identification technologies and solutions for security, identification, access control, biometrics and transaction management. Though primarily focused on specific North American markets, ColorID also provides these solutions to organizations around the world. The company’s highly knowledgeable and customer-focused sales and product management teams help customers select and integrate the best products and services from the identification industries most innovative and preeminent manufacturers. The company’s engineering team also provides exceptional support for the life of all products. Contact ColorID at 704-987-2238 or toll free in Canada and the US at 888-682-6567. Visit ColorID on the web at: www.colorid.com or email ColorID at [email protected].
Abstract:
While NFC standards are open, the security required for the communication between cards, phones and readers in access control and closed loop payment applications is not. Choose your reader manufacturer wisely, as it will be supplying your institution with readers, NFC credentials and cards for a long time. The term Near Field Communication, or NFC, was created about 10 years ago to describe a type of wireless communication between mobile phones and other devices, such as contactless readers. NFC follows the standards originally set for MIFARE and FeliCa cards and allows the phone to communicate directly, through an integrated NFC chip, to a tag or reader. Recently, the term has been used to describe any high frequency communication between contactless devices such as cards and readers, which has resulted in some confusion. Because contactless cards such as iCLASS, MIFARE and MIFARE DESFire are so much more expensive than cards with only mag stripes, physical access is the primary reason that universities across North America have decided to implement them. The security and convenience available with these cards has justified the additional expense. Using contactless cards at the point of sale has always been an attractive goal, but has not been a sole reason for schools to move to contactless cards, since mag stripes are still functional and cost effective for that purpose. Point of Sale In North America, standard credit card payment communications between contactless cards (or phones) and readers are not encrypted. Any security in those systems comes from the infrastructure, between the readers and the back end processors. Universities with closed loop payment technology can follow the credit card protocols or introduce secure and proprietary communications for their contactless or NFC technology, depending on the point of sale reader manufacturer. Physical Access Anticipating usage with mobile handsets in the near future, access control reader manufacturers such as HID, Schlage, XceedID and Blackboard have released contactless door readers with NFC capability. Due to the advanced security in the communication between contactless cards and readers, both cards and readers usually have to come from the same manufacturer. The same applies to NFC credentials - the credential that is stored on the phone has to be supplied by the manufacturer of the readers it will be used with. The security in the card- or phone-to-reader communication comes from the encryption of the credentials on the card or phone. When choosing a contactless/NFC technology, it is very important to consider physical access control readers. Once readers are hung on walls, they will probably be there for ten years. The readers will determine what type of cards or NFC credentials an institution can use and from whom they can be purchased. HID has a well-developed and very secure platform called SE, available on iCLASS SE and SEOS cards, and NFC credentials. XceedID/IR/Schlage has built their aptiQ platform for MIFARE, MIFARE DESFire EV1, and NFC. Cards and readers from both of these manufacturers are available from a wide range of distributors around the world and are used by most access control systems. Blackboard chose the FeliCa platform several years ago and has recently added MIFARE capability, both with NFC compatibility. NFC: When? The last question for NFC is when? Payment applications were the initial hope for NFC, but there are still very few NFC-enabled readers at merchant locations across the United States. Japan has a widespread NFC mobile payments infrastructure, but in most of the rest of the world, NFC implementations have been limited to pilots. Also, Apple has stubbornly resisted putting NFC chips in its phones. It looks like the best hopes for NFC will be commercial marketing applications, such as couponing and offer notices, and secure credentials, such as for physical access. Access control applications for NFC are complicated, as the credentials have to be securely loaded, stored and easily accessed by door readers. HID and XceedID/IR are working on this, but neither are yet ready to go live in a university setting, using native NFC apps on a wide range of existing phones. Blackboard also has a solution, but on which phones? Practical implementation in the near future would most likely require standardizing on a particular make and model of phone, or distributing external readers for the phones, which would also require a standardization of phone types. Conclusion: HID, XceedID/IR and Blackboard all make readers that will read NFC credentials at doors. Terminals are available that will read NFC at the point of sale. The key is selecting a door reader that is secure, readily available and cost effective. Then, the appropriate contactless cards can be used until a phone-based NFC application is available and implemented. by David Stallsmith, Director of Product Management, ColorID
Universities in the United States and Canada are very familiar with one-card systems for closed-loop payment and access services based on official ID cards. What are the international trends in credentials that could affect universities in North America in the near future? ONE-CARD SYSTEMS One-card systems are more commonly employed by universities throughout the United States, Canada, Australia and New Zealand, than by universities in other parts of the world. Eugene McKenna of the Waterford Institute of Technology in Ireland was one of the founders of the European Campus Card Association (ECCA) in 2002, patterned after the North American Campus Card Association (NACCU). WIT has one of the most comprehensive one-card systems in Europe and has won EU funding to develop the European Education Connectivity Solution, a system that would enable a student ID to be used interoperably at universities across Europe. Universities in Sweden, Austria and Hungary have also developed their own one-card systems for a variety of applications. In other countries, where student ID cards also serve as banking cards and national IDs, one-card systems have usually been independently developed on an as-needed basis. CONTACTLESS CARDS Card technologies for access control (opening doors) vary somewhat by location. In North America, the older prox technology by HID is still prevalent, though it is quickly being replaced by HID’s newer iCLASS contactless smart card product line. Throughout most of the rest of the world, cards based on the NXP MIFARE family of contactless chips have predominated for access control. MIFARE DESFire EV1 cards, the latest version of MIFARE, are typically used in systems that take advantage of the full security offered by the newer chip. Coincidentally, cards with MIFARE chips are becoming popular in cards used by schools in North America. Legic is a Swiss maker of contactless smart cards and readers used by European schools that has yet to gain much traction in North America. MIFARE cards were originally designed for public transit fare collection applications and are still used throughout the world for this purpose today. Schools in North America that would like to use their student IDs on the local transit system often find they must add a MIFARE chip to their cards. EMV – CHIP AND PIN For general payments, cards with mag stripes are by far the most convenient and inexpensive credentials available. More than 1 trillion mag stripe cards are estimated to exist worldwide. Data on most mag stripe cards are not encrypted, so the cards are easy to clone and present to POS terminals for fraudulent purchases. To address the vulnerabilities of mag stripe cards, Europay, MasterCard and Visa developed a secure chip and PIN-based card standard in the 1990s, called EMV. These cards have a rectangular gold-colored contact on the face of the card by which the IC chip in the card can communicate directly to a smart card reader when the card is inserted. EMV cards are widely used for payments throughout Europe, Canada and many other parts of the world. Visa and MasterCard have instituted a liability shift policy to incent card issuers and merchants in the United States to distribute EMV cards and readers. Closed-loop university one-card systems will not normally have to accept EMV payments. However, in order to accept open-loop (MasterCard, Visa, etc.) payments, EMV-enabled terminals may be required. NEAR FIELD COMMUNICATION Japan leads the way in Near Field Communication, with over 80 models of NFC mobile phones being used by more than 20 million people to make payments. NFC, the payment standard for contactless communication between a card reader and an integrated circuit chip, is embedded in most Android smart phones and now the iPhone 6. Apple is creating a lot of buzz for its own version of NFC payments, but many merchants have not yet installed NFC-enabled POS terminals in the United States. It is expected that new EMV-enabled readers will also be able to read NFC. Several access control reader makers have introduced applications and digital credentials that enable a phone to open a door. Some of these use NFC, but others are exploring encrypted Bluetooth communication. BIOMETRICS While biometric technologies are widely used by governments to identify travelers and population groups, commercial use of the technology is gaining popularity in North America. Biometrics employs sensors and systems to identify a person by measuring some part of the body. Fingerprint and iris are often used for physical access, while vein pattern recognition is commonly used in conjunction with cards at ATM machines in Japan. Universities in the United States are beginning to look at biometrics as an alternative way of identifying people, especially where high security (server centers) or high throughput (dining halls, rec centers, athletic facilities) is required. David Stallsmith is Director of Product Management for ColorID, a leading provider of identification systems and components across North America. By communicating complicated technical information in understandable terms, he has helped hundreds of health care institutions, universities and government agencies with their decision-making processes regarding contactless smart card and biometric technologies. He is an annual presenter at the National Association of Campus Card Users conference and has presented at other card and identification-related conferences in the United States, Canada and Europe.
ColorID's most recent installation of the Biometric Dining Solution installed at Virginia Commonwealth University received national spotlight this past week.
NBC.com posted the following video as it reviews the system and the technology behind it . Iris cameras offer VCU students faster entrance to Shafer Court By Brian McNeill University Public Affairs 804-827-0889 [email protected] Thursday, July 30th 2015 Hungry Virginia Commonwealth University students will have a speedier – and more futuristic – option for entering Shafer Court Dining Center this fall. The university on Wednesday installed two iris cameras that will allow meal plan holders to use their eyes instead of having to swipe their IDs to access the dining hall. "Students won't need their ID to enter the dining center anymore," said Stephen Barr, the director of campus services who oversees VCU Dining Services. "With iris identification, it’s as simple as a camera taking a picture of their eyes and two seconds later they walk through." “With iris identification, it’s as simple as a camera taking a picture of their eyes and two seconds later they walk through.” The new system, which is voluntary, is meant to serve as something of an express lane for students. "We thought it'd be a nice service for students to help everybody get through at peak times," Barr said. Plus, he added, the iris cameras will give students who lose their IDs over the weekend the ability to still access their meal plans even though the ID card office is closed. "There currently isn’t a mechanism for students to get a replacement ID [over the weekend] so they can access Shafer," Barr said. "So how do they eat over the weekend? In the past, they've had to come out of pocket. Now they don't have to. This backup lets them get into Shafer so they can eat.” Cashiers will remain in place for those who choose not to use the iris cameras, as well as for visitors and others entering Shafer Court. The iCAM 7100 iris cameras, made by North Carolina-based ColorID, take a high-definition photo of the user's iris and then identify 220-plus unique points. It then generates a number, which is associated with that individual meal plan holder's iris. "We don't keep pictures of your iris," Barr said. "It's just a number, just like your ID. Your ID has a unique number that ties it to you." To sign up interested students, the university will have stations set up at Shafer Court and elsewhere during the first couple weeks of the fall semester. The iris cameras are an example of how biometric credentials are being increasingly embraced. Many people use their fingerprints to unlock their iPhones, for example. And the Cary Street Gym uses a fingerprint – and soon a handprint – scanner to verify the identity of students and subscribers accessing the gym. VCU Dining Services chose to go with iris cameras, Barr said, because it is reliable and does not require touching – which is especially important before a meal. "We're going to continually improve access to Shafer and see if there are other places [on campus] that we can expand this kind of technology to, as well," he said. CARD NUMBER FORMATS When a contactless or prox card is presented to a reader, the reader captures the number that is programmed into that card over a radio frequency (RF) interface. The reader then sends that number to the system that grants access to doors, networks, or applications on a PC. The various shapes that the card number might have are called formats. FACILITY CODE AND CARD NUMBERS Cards are programmed with 0s and 1s, which are often arranged into sections – the facility code or prefix which is the same for each card; and the ID number which is different for each card. The access control system looks first to see that the facility code is correct for that facility, and then it checks the ID number of the card for the requested permission. Sometimes a format is designed without a facility code, in which case each card has a longer ID number. The most common card format is the 26-bit open format, with available facility codes between 0 and 255, and ID numbers between 0 and 65,535. Other common formats are 34-bits, 35-bits (often called Corporate 1000) and 37-bits. UNIQUE CARD NUMBERS
It is very important that every card enrolled in a system be recognized by that system as unique. If a particular format cannot meet the requirements of a large institution, it will be difficult to avoid the collision of ID numbers in the system. In the case of the 26-bit format, for each facility code there are only 65,535 unique ID numbers. Upon exhausting all the ID numbers for one facility code, it is possible to create another facility code and start over at 0 with new ID numbers. However, some systems are configured to only look at the ID numbers , resulting in ID number collisions. Here is an example of two cards that could cause this problem:
CARDS AND MORE THAN ONE SYSTEM Many institutions have a local access control system which manages all the prox card numbers locally. However, some institutions use a Single Sign-On application such as Imprivata, which is managed centrally for several institutions. In this configuration, a prox card number which is unique to the local access control system could collide with other prox card numbers in the enterprise SSO application, especially if the latter were only looking at the ID numbers and not the facility codes. SOLUTION As organizations grow, their card formats must grow with them, in order to provide enough unique ID numbers. Formats such as Corporate 1000, which has over 1,000,000 ID numbers per facility code, and a 32-bit format with 1000 facility codes and over 2 million ID numbers are available for programming into all types of contactless cards. ColorID has helped thousands of institutions select formats and configure their various systems and readers to read those formats. |
Categories
All
Archives
July 2020
|
WE'RE HERE TO HELP.
ColorID has spent over 24 years serving the ID Industry with top-level sales and support to build the ultimate trust with every customer.
|
|
|