Products & Solutions
- Services & Support
- Contact Us
- Learning Center
HID recently introduced the latest version of their very successful multiCLASS/magstripe readers. These hybrid readers were introduced originally to ease the transition from mag stripe cards to HID iCLASS and Prox cards for physical access. Since the introduction of iCLASS SE, HID has now incorporated their latest multiCLASS SE module into these combination mag stripe readers. Probably the most versatile and secure readers on the market today, they can be configured to read HID credentials from iCLASS SE, standard iCLASS, MIFARE and MIFARE DESFire EV1 cards, as well as HID, AWID, CASI RUSCO and Prox cards.
With experience in helping over twelve hundred universities, ColorID is uniquely positioned to help campuses navigate away from mag stripes to contactless card technology. These new readers are an important part of that migration strategy.
The following article on the Winthrop University IrisID project was written and supplied by findBiometrics.com. To learn more about implementing IrisID biometric solutions on your campus, contact ColorID today!
Interview with James Hammond, Associate Vice President for Information Technology Winthrop University
fB: Can you tell us about your decision to roll out iris biometrics at your university?
WU: Sure it is actually a pretty involved story. We had been using card access systems for door control for quite some time, probably 15 years or so to control access to the facility primarily using magnetic striped cards as well as prox cards and that was just part of our regular university ID cards. So that gives you a little bit of history of where we are with general security and access control. However recently, going back to around February/March time frame, our director of our early childhood laboratory school contacted me about security.
Now, an early childhood laboratory school is basically a kindergarten and preschool that is run within the university environment. It is called a laboratory school because our education majors can participate, they can intern there, they can observe, so it is kind of a laboratory school for our education majors but at the same time we are providing the kindergarten and pre-school schooling to community children at our facility.
So the director of that facility contacted me about security. Her concern was heightened by the recent Newtown shooting, which was not only horrific but it was also different than some previous school shootings, in that this one involved an even younger population than what we have seen in the news before. So it had hit a new nerve with regards to security and school safety and so forth. We had already been through this with Virginia Tech and of course our school, like most universities, re-evaluated their security posture but when Newtown happened it was kind of like re-re-evaluating the security posture particularly with the laboratory school in mind thinking about the younger children at the kindergarten and preschool. So with that in mind we had to think about how that laboratory school was different than the rest of the university.
fB: So you had to examine your existing security system and evaluate whether you needed to think about something a little bit different?
WU: Yes. Our problem was that at the laboratory school you have to permit parents, authorized babysitters, authorized grandparents and other authorized caregivers to be able to pick up those children at any hour of the day. So how do they get into that facility to pick up their children? The challenge is that you've got teachers in that facility who are watching the children, they are not manning the doorÃ¢â‚¬Â¦ they are watching the children. So if the door is locked who was going to go open that door? Well it would be a teacher, but the teacher is keeping their eye on the children, so there is a bit of a conflict. A better system was needed for being able to let people in.
The first obvious choice was like the rest of the university: to issue an ID card and let people swipe in to pick up their children. But because it was a different population, we thought that it would be more of a challenge than with our college student population. That would be parents who are not registered as students, who are more likely to forget their ID cards, and possibly not be as responsible keeping up their ID cards, but still needing to get into the facility when they forget their ID cards. We just decided that the ID cards weren't a great idea for that population.
To put another wrinkle on it, ID cards have always suffered from one, well two, very serious shortcomings. One: there is always the possibility they can be forged or copied or counterfeited; and number two: if you lose the card or if the card is stolen, that card continues to work until the person reports it to us and we don't know how long that is going to take. So there is a window of time where there is high risk because that card is a valid credential that can be used to access that facility.
Fb: That is a major flaw for this type of application.
WU: Yes, because if you've lost the card you may not know it, or if the card was stolen you may not know it, or you may not have had the presence of mind to report it. Until we know it is lost or stolen we don't know to inactivate the card. So with that in mind we decided ID cards just aren't going to be the instrument we are looking for in this laboratory school where security is of the utmost importance. The next step naturally leads us to biometrics. Now, me not having looked at biometrics in quite a few years the first thing that came into my mind was fingerprint scanning and I think that is what the average person would think of with biometrics.
fB: So you did look at other biometrics besides iris initially to expand your search?
WU: Exactly! So I looked at fingerprints first and I was really unhappy with what I was seeing. Number one: you are seeing a product that you have to touch, and just a couple of years ago we came out of a pandemic scare called H1N1 swine flu and all of the universities were on heightened alert because we had to have pandemic plans. We were putting hand sanitizer all over the place and it was quite a big deal so thinking about one more thing to touch that everybody else has touched wasn't attractive because we'd have to wipe it down all the time, people would want to wipe it down before using it kind of like the cart at the grocery store where they have the hand sanitizer and all that.
And then I found out the occurrence of false positives on fingerprints were measurable, it was significant enough to be measurable and I don't like that. We would want to use it as a direct measure of authentication. In other words, I want to present a biometric and I want to be let in. I don't want to have to present a biometric plus a PIN or a biometric plus an ID card. That would be two factor authentication, and now we were getting back to some of the original problems that we were talking about.
So I was interested in a single factor authentication using biometrics that I could have faith that would work. So I looked at other like hand geometry scanners, palm scanners, and I wasn't getting anywhere on research on those that was pointing to it being a viable method. Then I found out a local distributor that we already had a relationship with was a distributor for the Iris ID hardware and they invited me up to their office.
I went up the same day that I talked to him because I was so interested and I didn't realize that there was a commodity out there that would be priced affordably enough for our university to look at. We looked at it and we saw the iCam units that Iris ID manufactures and I saw it being used in single factor authentication and I was shown the data that supports their claims of high accuracy, negligible chance of false positive based on the number of data points that is used within an iris, I think 252 data points, and I think less than 1/10th that for fingerprint.
So I was thinking that iris is probably ten times more accurate, more unique than fingerprint, and that sounds pretty good, and I don't have to touch the iris scanner, that sounds pretty good, and it was fast, I was watching how fast they could use it and that's pretty good, the software looked like it was manageable. So we got the units in, assigned a team and we decided to integrate it ourselves rather than trying to find a company out there to do the integration. We were very familiar with our card access system which is a company called Lenel which is a fairly well know system for access control.
fB: Yes I know them well. So you took on the integration yourself and that went smoothly?
WU: Yes and with just 4 of us and we were able to get that done in a little more than 2 weeks. I don't think that is a typical success story so we are pretty proud of it. It does show that the technology integration is very doable, very workable and once you understand it, it is actually trivial. We did all that and we started having our ID office enroll people with the iris scanner as they came into ID office when they came in for other business. So if someone came in with a lost or stolen ID card we would have them do the iris enrollment at the same time. We prepared a little flier that listed the benefits of the iris scanner; we even branded it and called it, we called it Eagle Eye Station because we are the Winthrop Eagles so we kind of branded it like a Winthrop product.
fB: You know James I really like that thought because you stressed the benefits and actually made it fun for the end user by naming it something that the university could relate to. That is quite smart.
WU: Absolutely. And then we had a little happy accident after that. We had just got our material together so that when people asked about it we could explain it to them and we figured we would give them something to read and we came up with that brand name- Eagle Eye Station- and just as we got started, we were starting to formulate a communications plan on how we were going to let people know what was going on instead of people walking into the ID office and being kind of surprised by it. We were just going to get that communication plan going and before we had a chance to even finalise that plan, a student came to us who was taking an entry level mass communications classes, probably a junior level class, and said for their class project she wanted to do a video on the iris scanning project. So she did her training video on that.
Well, it turned out that it was good enough and got out on the internet and so we started to get this accidental positive PR out there and the local student newspaper picked it up. So the communications plan happened and unfolded before we even got a chance to finalise it. We were just fortunate that it happened in a positive way.
fB: That was fortunate, but you also had a plan in place to educate the student population and I think that is very wise as well.
WU: Yes and if I was talking to anybody about this, I would tell them that they need to get their communications plan sorted out ahead of time. We were fortunate that something else happened that was just as a good and it saved us but what if someone had come to us with a negative PR piece before we had a chance to get our PR out there? So it is very important to jump on that quickly.
fB: Thank you for mentioning that.
WU: So the positive PR was out there among the campus population, the student newspaper picked it up and it was kind of an interesting piece because it highlighted the high technology aspect. They got quotes from us giving the benefits.
Then the CNN folks found it on the internet and were doing research so they contacted us next. We told them that we were preparing to do mass enrollments with the iris scanners as our summer orientation was coming up where the freshman come for a couple of days in June, they get orientation, they get their ID cards, they do their registration, they get exposed to the campus, they see a number of things about the campus all within a few days of time. So we would be enrolling about a 1000 students during these orientation sessions and suggested if CNN wanted to come down and film, that would be a perfect time to see it going on enmass. So that is what they did.
We had set up all our iris scanning stations temporarily so that it could handle that number of people. So literally we lifted up Iris ID station and put it at another location on our campus so that it could handle these long lines. The lines were going smoothly, the cameras were rolling, even the local cable station came and they ran it too.
fB: Wow that is quite something! And everything went smoothly?
WU: It did and I think it's because we tried to tell everybody ahead of time among our employees what to expect, what kind of questions to expect so that they could understand how the university responds to those questions, because there are concerns about iris scanning and I totally respect that. We've had questions on what we do about people that have concerns and we have a plan in place for that as well. So people who are concerned about getting their eyes scanned we give them that sheet of paper that has in bullet points on why this is a good system and we try to explain to them face-to-face on why we believe it actually protects their identity rather that threaten their identity. We believe that it actually protects by guaranteeing that whoever presents themselves is actually that person so your identity is guarded against forgery and theft.
We explain how the iris systems work in regards to taking a picture of their eye, it's not some sort of weird x-ray or laser beam or whatever, it's just a high resolution picture of their eye and that we don't store that picture. Instead it gets digitized, it's broken down into 252 data points and then it is encrypted into the database so that I cannot go back and pull out a picture of your eye. I cannot do that. Just like I cannot go back and pull out your password because your password is encrypted, all I can do is match it up against something else for authentication.
So we explain how the technology works, we explain any questions that they might have and if they say they don't really want to do it we say it is fine and they don't have to. You don't have to do it as it is not a forced enrollment, but that you might find in future that access to some places on campus may not be as convenient, but that you are not going to be excluded, but that you might have to ring a doorbell and wait for somebody or you may have to use some other alternate form of access. But if you don't want to do it you don't have to do it.
fB: I would think though with younger student populations the acceptance rate would be quite high for new technology?
WU: It is and I think that has worked in our favour because out of 1600 faculty and students enrolled so far since we started this program in April fewer than 10 have declined.
fB: That makes sense to me.
WU: We're talking about a percentage of a percent so it is quite small. If someone comes along and vocally objects we hope to be prepared for them and that happens. And we want to be able to demonstrate that we are not forcing anybody and they don't have to do it if they don't want to and that this technology is actually here to do two things for you. Number one: protect your identity more which means protect the resources behind that door more whether it be small children, dangerous chemicals or whatever it is that you are trying to protect behind that door that you are securing. So you have high security and identity protection. And number two: high conveniences, which means you don't need to worry about carrying around an ID card to access a facilities such as the gym or trying to find your ID card when your hands are full. You just have to look at something and you have access with high convenience and high security.
fB: Where do you see this technology being used at your university in the future?
WU: I would say anywhere the director says we need high security so as in the childhood laboratory where we absolutely want to authenticate people getting in there, meal facility where the convenience is important because you don't want to be tethered to your ID card that you might have forgotten. Also sports facilities, the libraryÃ¢â‚¬Â¦really anywhere where there is a lot of traffic and you don't want to have to run back to your dorm to get your ID card.
fB: Thank you very much James. Your deployment sounds absolutely wonderful in terms of the way it unfolded congratulations on that.
WU: It has been my pleasure Peter
ColorID recently supplied one of its Higher Education customers, Winthrop University with the latest and greatest biometric reader on the market today: IrisID by LG Electronics. Check out the below article from CNN regarding how Winthrop University is utilizing their IrisID cameras on campus. ColorID is the United States Technical Distributor for the IrisID and if you'd like to learn more about Iris technology and the benefits of it contact us today.
Encoding Magstripes 101
Knowing what you can encode onto your magstripe may be the most difficult part in the encoding process. Magstripe encoders are readily available and in the identification world the ID Badge printer is the device that manages this; however desktop and handheld swipe encoders are also a popular choice. ID Badge printers utilize an ID Software program for encoding however the desktop and handheld encoders usual come with a software that allows you to set parameters to what it is you're encoding.
What can I encode?
The following is an illustration of what a 3 track magstripe allows us to encode onto it. The same parameters are accurate in the event you are using a 1 track or 2 track magstripe.
Check out this article on biometrics in the education world located here at University Business website.
ColorID has been following the recent developments behind EMV (Europay, MasterCard & Visa) migration in the US. Over the past year, American Express, Discover, MasterCard and Visa have announced their plans for moving to an EMV-based payments infrastructure in the U.S. We'll keep you posted on how migrating from our current mag stripe to a contact/contactless payment method will affect you and your cardholders. The following are facts from the timeline and mandates:
Fall of 2011, Visa issued a plan to accelerate the migration to contact chip and contactless EMV chip technology in the U.S. EMV technology will help prepare the U.S. payment infrastructure for the arrival of Near Field Communication (NFC)-based mobile payments by building the necessary infrastructure to accept and process contactless chip transactions. Not only will chip technology accelerate mobile innovations, it is also expected to enhance payment security through the use of dynamic authentication. Chip technology greatly reduces a criminal's ability to use stolen payment card data by introducing dynamic values for each transaction. Even if payment card data is compromised, a counterfeit card would be unusable at the point of sale (POS) without the presence of the card's unique elements. By eliminating static authentication, there is a reduction for the value of stolen cardholder data, benefiting all stakeholders.
Visa's plan includes merchant incentives to upgrade to EMV & Contactless chip-enabled terminals, requirements for acquirer processors to support chip acceptance and the introduction of U.S. liability shift policies.
As such 3 dates have been set by Visa and they have been backed by MasterCard, American Express and Discover.
October 2012: Waive Payment Card Industry Data Security Standard (PCI DSS) compliance validation requirements to encourage merchant investment in contact and contactless chip payment terminals. Will also require acquirer processors to ensure that their systems support dynamic data acceptance (i.e., chip) and will institute a domestic and cross-border counterfeit liability shift.
April 2013: Will require U.S. acquirer processors and sub-processor service providers to be able to support merchant acceptance of chip transactions no later than April 1, 2013. This is the only mandate that Visa has introduced into the US market, as Liability shift is not considered a mandate. Chip acceptance will require service providers to be able to carry and process additional data that is included in chip transactions, including the cryptographic message that makes each EMV transaction unique. Will provide additional guidance as part of its bi-annual Business Enhancements Release for acquirer processors to certify that their systems can support EMV contact and contactless chip transactions.
October 2015: Plans that effective 1 October 2015, the U.S. will be included in the Global POS Liability Shift Policy, which will apply to all issuers and merchants' acquirers in the U.S., with the exception of transactions at Automated Fuel Dispensers (AFDs). Transactions made at AFDs will be excluded from the liability shift for a period of two (2) years due to the challenges faced by the petroleum industry in upgrading terminals to accept EMV chip cards. Similarly, effective 1 October 2017, transactions made at AFD terminals will be included in the Global POS Liability Shift Policy.
Iris reader technology is extremely secure and safe for end users. There are multiple examples why iris technology is superior to fingerprint, hand geometry and other biometric physical access readers. Below is a bullet list of features and benefits of using iris readers for physical access.
ColorID is pleased to offer the latest iris readers for physical access from Iris ID (LG Electronics). If you'd like to learn more about iris for physical access, contact us today and we can set up an onsite demo or webinar for you.
The following tech tip is a quick overview on how proximity cards and readers work together.
The proximity card reader is wired to an access control system panel. The wires carry power to the reader, and data from the reader to the panel. The Reader emits an electromagnetic field called the "excite field". This field has an elliptical shape as shown in Figure # 1 below.
As Figure 1 shows, the field extends behind the reader almost as much as in front.
When a proximity card is brought within the field, the card absorbs some of the energy from the field. The card converts this field energy to electricity, which allows the electronic circuits in the card to "turn on" and transmit its number to the reader. The reader then sends the card number to the access control system panel, which then looks up in its database to see if the card number is valid and if it has rights to open that door at this time. If the card is approved, then the control panel sends a signal to the door lock to unlock for a period of time.
The card data transmission distance varies with card type and reader type. Larger, more powerful readers do exist; which can energize some cards at a much farther distance. The distance at which a card will successfully transmit data to the reader is called the "Read Range". The read range is approximate and can vary depending on the details of the installation. Maximum range is achieved when the reader is mounted away from metal and cards are presented parallel to the reader face. This allows the reader field to power up the card transponder at a farther distance.
Illinois State University at Bloomington recently hosted the 5th annual Illinois State ID meeting where 20 attendees from 11 different schools gathered to exchange information revolving around campus identification. This year ColorID was invited to share information on advanced technologies including: biometric iris and fingerprint capture devices, secure computer sign-on solutions, ID printers and biometric employee background checking products. Attendees were invited to participate in a hands-on demonstration of fingerprint and iris identification devices. ColorID Executive Vice President, Danny Smith stated, "ColorID appreciates the opportunity to talk to schools regarding their campus card technology options. This is the third time this year we have spoken at this type of higher education conference and we welcome more opportunities to do so."
Printing an ID card is a very familiar and straightforward process for most university card offices. Enter some data from the campus database, capture a photo, then hit Print. The Windows printing functions on the computer process all the data from the card design and send it to the ID printer. This includes data to be written to a magnetic (mag) stripe or printed as a bar code on the card. Mag encoders are a standard addition to most university ID printers, and bar codes are printed on cards with no additional printer hardware.
As soon as a contactless, prox, or contact smart card chip is added to an ID card, the workflow changes. The data read from the chip or written to the chip is not handled by the Windows printing function as in the process described above. This additional data stream has to be handled by the ID software program using the appropriate reader in the printer. The common terminology for these chip read/write devices is a bit ambiguous, since they are referred to as "readers," "writers," "encoders," and other similarly confusing names, given that some only read, some only write, and others do both. To simplify, I will use the term "reader" for these devices for the rest of the article. Be aware that it is easy to order a printer with the correct reader for your card only to find that it is not supported by your ID software. The compatibility of the card chip, reader, and ID software is crucial to successfully reading or writing data to and from a card with a chip in the printer.
Contactless (high frequency - iCLASS, MIFARE, etc.) and prox cards share a similar process for issuance, since they are usually pre-programmed by the manufacturer with an ID number in the chip to be used for physical access. The simplest and most common method is to print the card, including encoding the mag stripe, then enroll the card in the physical access system separately. This can be done at the card office or the security office. The cardholder's record is pulled up and the number from the chip is read from the printed number on the card and then typed into the cardholder's record. A simpler, less error-prone method is to tap the card on a USB desktop reader, which automatically populates a field in the record with that cards number.
A fully automated process would look like this: The card is printed and the chip number is captured by the reader in the printer. The number is passed to the database and verified before the card leaves the printer, at which time it is ready to be handed to the cardholder. In this system, the printer and the ID software must be compatible and this is usually accomplished by the manufacturers. Fargo printers with readers in them are supported by Fargo software, Datacard by Datacard, etc. There are some other ID software manufacturers with newer products that claim to be compatible with a variety of printers, but it is always a good idea to test before purchasing. The ID software used by some of the large integration vendors requires additional components to enable writing to their databases from readers in printers. Depending on how the software is written, this reading process can add additional time to the printing of each card.
There has been some interest in writing data to contactless cards in the printer. Writing data to be used for physical access is often not an option due to some manufacturer's security policies for their cards and readers. Data for other applications can be written to the non-physical access areas of the chip memories, but again, this requires support by the ID software.
Contact smart cards are beginning to make a re-appearance on campuses. These cards have a gold rectangle visible on the face of the card which is the actual contact interface for the chip. They are usually distributed in smaller quantities for special high security areas around campus, such as research labs, and are used for logical access - logging onto PCs and networks - in these areas. Contact smart cards can also contain contactless or prox chips, so they would require the same issuance workflow as contactless campus IDs. Programming the contact chips in these cards is possible in the printer, but it is usually done by IT personnel in the department that uses them.
Cards with chips in them almost invariably have some surface irregularities around the chip, caused by temperature variations during the manufacturing process. Printing on these cards can present challenges to a direct-to-card printer as the printhead moves across the surface of the card in a straight line. The best printing results are obtained by reverse-transfer printers, which print on a clear film that is fused to the entire surface of the card. Most ID printers, direct-to-card and reverse-transfer, can be configured to print on contact smart cards. Overlaminate is available with a cutout for the contact chip.
Contactless and contact smart cards can provide upgrades in security and utility for many systems around campus. They can also add another layer of complexity to the card issuance process. Be sure to discuss design and testing options with an experienced provider before you buy, to acquire the system that fulfills your expectations.
20480-F Chartwell Center Dr.
Cornelius, NC 28031
CONVENIENT PAYMENT OPTIONS
ColorID provides the highest quality products with superb service at an exceptional value. We want your experience with ColorID to be a positive one - from the ease of ordering products - to the quality of our products - to our follow up and our attention to detail.