Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS

Once the stuff of sci-fi and spy flicks, facial recognition technology has evolved into a concrete reality touching nearly everyone on the planet.

The technology figures prominently in post-9/11 security. According to the International Civil Aviation Organization, 93 countries now issue passports containing the bearer's biometric facial data. A number of U.S. states use facial recognition to prevent individuals from obtaining multiple driver licenses under different names. And law enforcement agencies successfully use it to identify criminals from video footage.

In the pre-Google, pre-cloud computing era, the technology required for these facial recognition systems was exclusively in the hands of the governments and organizations that deployed them. Flash-forward ten-years and the technology is available off the shelf, biometric databases are booming and the personal information of millions of people is freely available in the cloud.

These new circumstances have prompted the International Biometrics and Identification Association (IBIA), a trade association promoting the appropriate use of identity and security technology, to raise the red flag on an impending "perfect storm."

The IBIA warns that this perfect storm may destroy the barrier separating our online and offline identities, altering our notions of what constitutes privacy in today's connected world.

Identification in moments

Imagine a scenario in which anyone with a mobile device could capture an image from a distance and use facial recognition software to identify the individual and access a wealth of personal information that they or others, have uploaded over the years. Researchers at Carnegie Mellon University have already done it.

In August a team led by Carnegie Mellon Professor Alessandro Acquisti reported that they had successfully combined three technologies accessible to anyone–a commercially available face recognition tool, cloud computing and public information from social network sites such as Facebook–to identify individuals online and in the physical world.

In their first experiment, Acquisti's team was able to scan profiles on a popular online dating site and identify users–protected under pseudonyms–based on their photo. In another experiment, the team used the technology to identify individuals on the campus based on their Facebook profile photos. A third experiment found the researchers identifying students' Social Security numbers and predicting their personal interests using a photo of the subject's face.

"The results foreshadow a future when we all may be recognizable on the street–not just by friends or government agencies using sophisticated devices–but by anyone with a smart phone and Internet connection," said the researchers.

This is possible now because of exponentially increased accessibility, according to the IBIA. Identification databases were once small and tightly controlled, but today anyone with the right computer program can build massive databases using the billions of identity-tagged photos openly available online.

Another new point of access is the digital camera. According to IBIA, when facial recognition was first invented twenty years ago, digital photography was exclusive, expensive, time consuming and certainly not within the reach of the average citizen. Today it's a standard feature on most cell phones and inexpensive point and shoot models are everywhere.

This has made it much easier for users to create and upload the digital images necessary to form facial recognition databases. Smart phones are particularly problematic in that their connectivity enables users to seamlessly take and upload digital photos. Increasingly powerful processors also enable smart phones to run complex applications such as facial recognition, says IBIA.

IBIA also points to the improved speed and accuracy of algorithms. According to independent measurements by the National Institute of Standards and Technology, facial recognition algorithms are one hundred times more accurate and up to one million times faster than past systems. Improvements have also made modern systems less reliant on precise facial placement and controlled lighting for accurate operation.

These improvements have led facial recognition out of the lab and on the road to pervasive use in the real world. In response to this summer's riots in the UK, police turned to facial recognition to identify looters caught on camera. Police ran these images against a face-matching database that Scotland Yard constructed in preparation for the 2012 Olympic Games in London.

On the same front, a cadre of so-called digilantes formed a Google Group to use Face.com's facial recognition API to identify rioters. The group produced no clear results and disbanded in August, but it was successful in demonstrating that the technology is accessible to average citizens.

Adding the social networks

In order to "help make tagging your friends easier," Facebook added an app that automatically identifies other Facebook users in uploaded photos. It prompts users to tag others based on the app's suggestion. Each time a photo is uploaded to Facebook with your name attached, this "Tag Suggest" app gathers data from the photo and learns how to better identify you in future uploads.

Although Tag Suggest is a default setting on many profiles, users can turn it off through their privacy settings. Still the ability for Facebook to recognize you and build on its biometric database is preserved.

Since its debut in June, Tag Suggest has been rolled out in most of the countries represented on Facebook, but not all are happy about it. In November, Germany's data protection agency announced its intention to file suit against Facebook over Tag Suggest.

The agency claims that Facebook compiled its massive facial recognition database without the prior knowledge or consent of millions of users, resulting in a wholesale invasion of privacy. At this time no lawsuit has been filed.

What can be done?

Aside from legal action, there are a few steps that can be taken to protect individual privacy. According to IBIA, banning the technology is a "desperate act" and ultimately futile. As IBIA report author Joseph Atick points out, past attempts to stifle useful technologies have been unsuccessful, and facial recognition is too vital a security tool to throw out with the bathwater.

Atick argues we must begin by changing the way we look at identity-tagged images in the cloud. These, Atick says, must be treated like any other personal identity information and should be subject to the same protections as social security numbers, financial data and health care records. Accordingly, any security breach on an image site should be countered with equal severity.

Additionally, Web sites hosting identity-tagged images should set up protections against software that aims to harvest images for the creation of databases.

Finally, Atick advocates for a warning system to alert consumers uploading images that the photos could be used for facial recognition. In this way, the consumer is given the chance to "opt-in" to sharing such information, rather than do so unknowingly.

The moment of convergence for this "perfect storm" has not yet arrived, according to the IBIA report–but it is inevitable. In order to reach the level of widespread privacy invasion suggested by the Carnegie Mellon research, the technology still requires additional refinement, as suggested by the failure of the Google digilantes.

Thus IBIA says there is still time for the facial recognition industry to establish self-regulatory measures to protect individual privacy while allowing the technology to serve as a valuable security resource.


FTC examines facial recognition

The Federal Trade Commission (FTC) is seeking public comments on facial recognition technology and the privacy and security implications raised by its increased use.

The FTC held public workshop to address commercial applications of facial detection and recognition technologies at the close of 2011. Participants explored current uses, future uses, benefits and potential privacy and security concerns.

Facial detection and recognition technologies have been adopted in a range of new contexts, ranging from online social networks such as Facebook and Google+, to digital signs and mobile apps. The increased use has raised a variety of privacy concerns.

The FTC collected public comments on issues raised at the workshop, including but not limited to:

What are the privacy and security concerns surrounding the adoption of these technologies, and how do they vary depending on how the technologies are implemented?
Are there special considerations that should be given for the use of these technologies on or by populations that may be particularly vulnerable, such as children?
*What are best practices for providing consumers with notice and choice regarding the use of these technologies?
Are there situations where notice and choice are not necessary? By contrast, are there contexts or places where these technologies should not be deployed, even with notice and choice?
What are best practices for developing and deploying these technologies in a way that protects consumer privacy?

A report is likely though no timeline has been published.

By Andy Williams, Associate Editor, Avisian Publications

Quinnipiac University, a Hamden, Conn. school best known for its politically focused Polling Institute, recently upgraded the campus card used by its 5,800 students.

The Qcard had relied solely on magnetic stripe technology for 24-years before entering the contactless generation. While the contactless rollout has been successful, like any new campus system it has faced both obstacles and some vocal critics.

The Qcard has been around since 1987 when it started as a pure debit-like card, says John Meriano, section vice president for Administrative Services at the school. Before 1987, there were two documents students carried with them, a paper meal ticket and an ID card that didn’t have a photo and had no connection to the meal plan.

The meal card was a paper ticket, says David Hall, member of the Qcard office team. The paper meal tickets had to be inserted individually into the typewriter and the student’s name and ID number manually typed onto each ticket. The cashier would mark on the ticket the meal plan that the student was taking, says Hall. “A student could purchase any one of three meal plans, A, B, or C, which provided 19, 14, or 10 meals a week,” Hall adds.

“Even during the first few years of the current debit card system, we used swipe cards that were separate from the ID card,” Hall explains. “There were blue cards for the required service and yellow or gold cards for the optional service. It was known as the gold service because of the color of the cards. It continued to be known as the gold service long after the actual gold cards had gone out of use.”

The university later used the student’s non-photo ID card with a validation sticker for meals, Hall says. “At the end of each semester these cards had to be turned in to our office to have new validation stickers put on for the next semester.”

It was no wonder the school turned to a card that could handle more than one function. When the mag stripe Qcard made its appearance in 1987 it was good for just laundry and vending, says Meriano.

The Qcard has had several card system providers including Diebold and AT&T CampusWide. In November 2000, Blackboard purchased CampusWide and Quinnipiac became a Blackboard customer.

In 2000 the campus added an off-campus merchant program and now has 45 merchants accepting the Qcard. The university’s next card upgrade didn’t happen until May 2011 when it decided to go contactless with Blackboard’s Sony FeliCa card. “We went with contactless because that’s the way the industry is moving,” says Meriano. “We had the opportunity to start moving in this direction and we took it.”

A major reason for the change was that many of the institution’s magnetic stripe door readers were nearing end of life, Meriano adds. But there was still the cost issue upgrading all the doors to contactless at the same time, says Meriano.

Upgrading all the doors at once proved cost prohibitive. “We have over 5,000 offline door locks as opposed to the 180 exterior doors,” says Meriano.

So far Quinnipiac has converted about 7% of its readers to contactless, says Sandip Patel, financial systems analyst at the institution.

This migration timeline is one of the issues students have with the system, according to student accounts in the campus newspaper. Students can enter the dorm building using contactless at perimeter doors, but must still swipe the magnetic stripe to enter interior rooms. Meriano sees this not as a complaint but as a positive sign of the technology’s acceptance. “Students want more from the card. They like the tapability,” adds Meriano.

In addition to door access and cafeteria applications, the card is used in laundries, vending, bookstore, copiers, library, time and attendance, parking lots and the recreation center.

Currently, only some laundry and vending machines accept contactless for payment. “We’re upgrading all machines to take contactless but that should take about six months,” says Meriano. Off campus, copying and the bookstore remain mag stripe only environments.

Another student complaint involves the card’s use in cafeteria lines. One line accepts the Qcard, while the other accepts only standard credit cards or cash. “The way our lines are set up with cashiers in the middle, only one FeliCa reader can be plugged in at a time. Blackboard is working on fixing the issue so we can have two readers,” says Patel.

The 45 off-campus merchants accept payments via the card’s mag stripe utilizing a Blackboard-provided reader. Blackboard administers the program and processes the transactions, says Meriano. The university receives a share of the merchant fees.

Meriano says that the off campus portion of the card is extremely popular. “If they lost the card, they can’t eat, can’t print. We used to call it their passport to life … It’s that important,” says Meriano.

An online component of the card enables students to add value or report the card stolen, says Meriano. Students also can deposit cash into value transfer stations located throughout campus.

Meriano admits there are growing pains with the new card, but he’s confident that with Blackboard’s help, glitches such as the cafeteria problem will be solved in short order. As to using the contactless portion of the card to enter a dorm room, he says it’s just a matter of time before all the locks are retrofitted to accept contactless.

Grade school students in the Brazilian city, Vitoria da Conquista’s are using school uniforms embedded with RFID chips to alert parents if they’re not attending class, according to The Huffington Post.

Th uniforms monitor children as they enter school premises, relaying information to a central computer, which sends out automated text messages to parents’ cell phones. Parents are notified if their child doesn’t show up 20 minutes after classes begin.

More than 20,000 students in city’s 213 public schools are currently using the t-shirts equipped with RFID chips. By 2013, all of the city’s 43,000 public school students, aged 4 to 14, will be using the chip-embedded t-shirts.

After a student skips classes three times parents will be asked to explain the absences. If they fail to do so, the school may notify authorities.

Read the full story here.

Hirsch Identive announced the launch of its new DIGI*Net series access controllers and Velocity 3.5 software platforms.

The new Velocity and DIGI*Net platforms are an access control solution that expands native identity management capability to bridge physical and IT infrastructures. This enables organizations to improve security, reduce data redundancy and comply with current and evolving information and physical security standards.

The DIGI*Net control platform features a compact design and component modularity, which is designed to simplify installation and reduce the system’s physical footprint. Intelligent single-door and multi-door controllers may be combined to meet the requirements from single branch offices to large international campuses.

The Velocity 3.5 management solution features an easy to use interface and is compatible with all previous versions of the Hirsch Identive access control system. DIGI*Net and Velocity 3.5 are currently in beta installations with commercial availability through Hirsch Identive’s global network of channel partners later this year.

The University of Pennsylvania student ID card will pass as a legitimate voter ID in the November elections, but students holding an ID card from other universities in Pennsylvania may be out of luck.

The state’s new voter ID law states that a valid ID must have an expiration date. IDs from Drexel, Pennsylvania State and Point Park universities and LaSalle College currently do not carry such a date.

According to the new law, other valid forms of identification include a driver license or the free photo ID issued by the Pennsylvania Department of Transportation. Out-of-state driver licenses will not be valid at Pennsylvania polls.

The American Civil Liberties Union, which is challenging the law, said there could be many more colleges in Pennsylvania facing this problem.

Joel Weidner, director of information systems for Penn State, said the school purposely removed the expiration dates from their student IDs in 2004. Expiration dates do not take into account students withdrawing from Penn State or the amount of time students are enrolled. An expiration date on a card is “not a trustworthy thing,” he said.

Read more here.

BillMyParents, creator of a trackable, reloadable MasterCard prepaid card that lets parents and teens track spending in real time, has been named the Paybefore Awards best in category for Youth/Student/Campus Prepaid Programs.

In its 6th year, the annual Paybefore Awards recognizes excellence throughout the prepaid and stored value industry. BillMyParents was one of three prepaid program finalists vying for the best in category distinction.

“BillMyParents is taking prepaid to teens where they are and in a language that resonates with them,” said Loraine DeBonis, editor-in-chief of Paybefore and chair of the judging panel. “The company also reaches out to parents in meaningful ways and is getting results. BillMyParents is gaining significant ground with its SpendSmart MasterCard because of its remarkable outreach as well as card features.”

Features of the BillMyParents SpendSmart MasterCard include the ability to instantly lock, unlock and reload the card at any time; text alerts to parents and teens showing real-time transaction details with each purchase; and the security of a MasterCard prepaid card without the risk of overdrafts, accruing debt or affecting credit scores. BillMyParents also provides parents with a way to help teach their teens financial responsibility.

Secure identity provider HID Global has expanded its card printer and encoder line with the launch of the Fargo DTC1000M Monochrome Printer/Encoder that provides organizations with a printer that’s cost-effective to own and operate.

Dan DeFore, HID’s director of product marketing, said that this entry-level printer can meet a customer’s card issuance needs with a range of cost-effective card printer/encoder options, including card issuance supplies and issuance software solutions.

The DTC1000M prints a single-color, edge-to-edge image on one side of a standard CR-80 or CR-79 identification card. The resin thermal transfer process makes for a clear reproduction of photo images, bar codes and alphanumeric data. Ribbon options include standard or premium black, or a choice of green, blue, red, white, silver or gold.

The DTC1000M connects via USB or optional Ethernet port and the embedded Swift ID application enables users to start printing cards immediately with no software licensing cost. For magnetic stripe cards, an optional module enables inline, one-step encoding and card printing.

The printer is good for organizations such as casinos, financial services firms, governments, retailers and small or medium-sized businesses who issue badges requiring only monochrome printing. Additionally, an erase-and-rewrite printing option makes it easy to print visitor badges and temporary worker IDs.

By Jill Jaracz, Contributing Editor, Avisian Publishing

After a year of retooling its DC One Card program, DC officials are reconsidering the use of PIV-I and authentication of taxicab drivers, but they have added a school transit subsidy feature that all DC school children will use.

2011 saw a delay in the implementation of credit card readers and PIV-I identification options for taxicab drivers. The program was intended to enable drivers to use the DC One Card to sign in and verify identity at each shift. “The taxi cab project started, went cold for several months and is now considered a potential project,” says Rob Mancini, chief technology officer for the District of Columbia. As a whole the district is reviewing whether or not PIV-I is the correct technology.

While the taxi project was on hiatus, the DC One Card program underwent many changes in order to ensure that its applications add value. “Instead of a research and development exercise that created products with no demand, we put some discipline around the group,” says Mancini. Along with refocusing the group’s efforts, the office restructured the way it issues cards. Instead of having a large staff doing a lot of hands-on work, the office outsourced it’s printing to the Government Printing Office (GPO), says Mancini. DC One Card recipients then receive the card in the mail. “We tried to make the program more efficient,” says Mancini.

As a result of outsourcing the printing of DC One Cards to the GPO, the CTO’s office realized some cost savings. The cost of student cards dropped 52 cents from $7.72 to $7.20 per card. Citizen cards dropped about 10% from $11.63 to $10.24 per card. Citizen cards are more expensive to produce because of the higher level of identity vetting required and the additional mailing costs involved.

About 90,000 cards have been issued, says Howard Barrett, program manager of DC One Card and portfolio manager for planning and economic development in the Office of the Chief Technology Officer. Barrett, who took on the DC One Card management duties in June, is driving the direction of the credential, working to control costs and interacting with other agencies, Mancini says.

PIV-I on the bubble?

In terms of the taxicab project, which originally called for drivers to have PIV-I credentials for authentication and meter activation, as well as the installation of credit card readers in cabs, this has meant a little scaling back.

The Office of the Chief Technology Officer is questioning whether or not the PIV-I technology offers enough value for the cost, Barrett says. There would have to be many uses for the credential in order to reap the full benefits, he explains. “If we had multiple agencies we could support [with PIV-I] we’d think about it. It’s not required as a solution, so we’re not going to use it as a solution for taxicabs at this time,” says Barrett.

In 2012, the CTO’s priority is to implement credit card readers in taxicabs. The District’s Office of Contract and Procurement released a request for proposal in the beginning of 2012 and will award a vendor contract in early summer.

The hope is to have credit card point-of-sales devices in cabs by the fall of 2012. Barrett says it’s likely that not all cabs will have capability by then, but the system will have operational deployment. The District is one of the last large municipalities to add credit card capabilities.

In 2013, they will reevaluate the ability to use PIV-I, which means any such functionality is unlikely to be realized until 2014.

Students get DC One

Although the taxicab project was delayed in 2011, another project made use of the DC One Card as a platform.

This past year the Office of the Chief Technology Officer partnered with the District Department of Transportation to add the school transit subsidy program to the DC One Card. Mancini says the transportation department approached his office about adding this program, which is a four-way partnership between the CTO, transportation, the school system and the Metro.

It will take 18 months to roll out, and will cover the approximately 14,000 students who participate in the Transit Subsidy Program.

The DC One Card replaces the current paper voucher system. “[It gives us the] ability to control eligibility and use of the program in a more efficient way,” says Aaron Overman, acting associate director of the Progressive Transportation Services Administration at the transportation department.

With the analog system, there was no way to trace use of the program back to the student, says Overman. This made it possible for fraudulent use student transit subsidies. “Anecdotally we hear all the time about students graduating high school and taking a younger student’s card,” says Overman.

If students lost their transit pass, they also had to pay to replace it. Tying the subsidy to the card enables electronic trace back. If a card is lost or stolen, it can be turned off and the subsidy can be prorated onto a new card. “It lessens the burden of lost or stolen cards,” says Overman.
Parents pay $30 per month per student for the transit subsidy. An adult fare is five to six times that much, says Overman.

This initiative started as a one-school pilot program last April. “It was easy to work out the kinks,” says Barrett. The preparation for this pilot involved writing code that took about two to three months.

Due to the success of the pilot, the program expanded to the seven secondary schools in fall 2011 and to all public high schools and middle schools at the end of 2011, with a mandate of all eligible students needing to use a DC One Card for transit subsidies starting on Jan. 1, 2012.

The next step will be adding the city’s 60 to 70 charter schools to the program, which will cover the remaining 50% of the district’s students.

Overman says the office will implement a three-school pilot in March or April 2012.

Adding the charter schools to this program provides challenges in that each charter school is run individually and the department of transportation will have to bring these smaller, individually run systems into one larger system.

“If we can get everything working, then definitely next fall (all schools will be live). Our goal is to have every single school in the district,” says Overman.

The transportation department projects 20% savings in converting to the electronic transit subsidy program.

Many charter schools also see potential uses for the One Card such as adding lunch programs, attendance and library usage applications to it. “It’s up to each individual school in how they use the card,” says Overman, adding that each school can work on what applications they’d like to add to realize further savings and efficiencies.

“School transit is starting as a first piece of what we’d like to see,” says Overman.

Just as Overman sees transit is the first step for schools, many see schools as the first step for the DC One Card. The sky can be the limit with these types of programs, as people imagine more and more applications and functions. But, as DC found with both taxicab and PIV-I additions, implementation and budgets can be the real challenge to rollout.


What does DC’s move away from PIV-I mean?

In 2009 Washington DC was committed to PIV-I. The district intended to issue credentials to first responders with plans to extend the program to city workers.

In 2010 the agency announced a program that would issue PIV-I credentials to taxi drivers and even citizens to enable residents to ride the Metro, check out library books and access schools and recreation centers.

Some of these uses cases are still moving forward, tens of thousands of cards have been issued, but none are PIV-I. The district didn’t see the use case for the technology, says Howard Barrett, program manager of DC One Card and Program Management Office and portfolio manager for planning and economic development in the Office of the Chief Technology Officer.

“There are a couple of factors influencing the current status regarding PIV-I implementation,” Barrett says. “A significant upfront investment is required, (and) there is also a need to ensure an appropriate return on investment should DC government pursue PIV-I deployment.”

Deploying a PIV-I system is expensive and the district wants to make sure that cost is justified. “We just a need to ensure cost-benefit objectives will be realized for the substantial investment,” Barrett adds. “In addition to existing available solutions, DC will also consider new, emerging technologies before making the decision to invest in a specific platform.”

This is going to be common as jurisdictions and corporations consider deployment of identity credentials, , says Salvatore D’Agostino, CEO at IDmachines. Outside of organizations that have a lot of interaction with the federal government, such as large defense contractors, PIV-I may not make sense, he says.

As it stands now, PIV-I is expensive and deploying it for anything other than an enterprise application would be a stretch, D’Agostino says.
w
“Where it goes wrong is when it depends on an edge use case, like taxi cab drivers,” he adds. “You can’t do it because of an edge case, you have to do it because of an enterprise case.


The Student Congress at Doane College, Crete, Neb., is pursuing a declining balance meal plan that would enable students to carry money on their ID cards. Students could then purchase individual items rather than be locked into using one of their meal credits for an entire meal.

The idea behind this proposal is that Doane students would now have more control over the cost of food on campus.

The proposed change would give students more options, said Kim Jacobs, Student Congress advisor. She said a new plan would help students feel that they are getting a better value.

Currently students are getting a good deal at the cafeteria with the all-you-can-eat option, but downstairs they are losing money, said Laura Jacob, Student Congress president. With a declining balance plan you only pay for what you want, she added.

Read more here.

In soft drink business, Coke and Pepsi might look the same, but consumers know that these two colas have different flavors. The market for contactless smart cards isn't much different.

The four players that dominate the industry – HID, NXP, Sony and LEGIC – have subtle differences that create the different contactless flavors.

In addition to these differences, they also have similarities. They are all in the high frequency (HF) category, meaning that they operate in the 13.56 MHz spectrum and comply with either or both the ISO 14443 or ISO 15693 standard. The 14443 standard, however, is the "most dominant standard within the HF technology band used around the world," says Bryan Ichikawa, vice president of Identity Solutions at Unisys.

Ichikawa says that the 14443 standard is broken down into an A and a B standard, basically because one standard was developed by a company that held a patent, and the other was developed by competing companies that also wanted to get into the market. "In readers you embed the ability to read both type A and B readers. That's how you achieve interoperability," explains Ichikawa.

Most contactless readers have the ability to read standard 14443 cards as well as one or more of the proprietary flavors. But, for example, a LEGIC reader typically won't be able to read an HID iCLASS card and vice versa. There are exceptions, however, such as an agreement between HID and NXP that enables some iCLASS readers to read Mifare cards.

These flavors do hamper true interoperability and can complicate end user choice. But they also make contactless solutions usable out of the box, as they come ready made with onboard file structures and applications.

Truly standard 14443 and 15693 cards are available and they can be cheaper since they can be purchased from multiple vendors. But they are truly a blank slate and require applications to be added and or developed, which in turn adds cost.

When choosing what type of technology to deploy it comes down to what the end user wants to do with the card, Ichikawa says. "It comes down to cost and speed," he adds.

NXP's Mifare

NXP's family of Mifare card and reader ICs is built on the ISO 14443 Type A standard. Mifare cards support multiple applications, each capable of operating independently of the others through user definable key sets and access conditions.

Readers are capable of reading any variety of Mifare card, and NXP certifies both cards and readers to ensure compatibility across generations.

According to Martin Gruber, segment director for the Transit Team at NXP, Mifare is the "overall umbrella brand" for a portfolio of products. Mifare Classic is the original NXP product that was introduced in 1995-96 when the 14443 standard was first released. Mifare Plus was launched in 2009 and features higher security than Mifare Classic. DESfire is the newest and most advanced product, providing the highest level of security and flexibility.

HID's iCLASS

HID's iCLASS platform operates at the 13.56 MHz frequency like its fellow contactless providers, but it uses the less common ISO 15693 standard, says David Nichols, director of market strategy at HID Global. The different standard, he says, enables a longer read range and longer keys for enhanced security. "We have a 64-bit key whereas others use a 48-bit key … the longer the key the more secure it will be," he says.

The decision to go with 15693 instead of 14443 centered on usability. It provided a longer read range that was similar to HID's well-established proximity card technology. When an organization switched from prox to iCLASS, we didn't want the usability or performance to decrease, explains Nichols.

The ISO 15693 specification is divided into four parts and HID is compliant with the first two parts of the standard, Nichols says. After that is where iCLASS deviates with a specific access control application on the card and other changes.

HID buys standard 15693 chips for its iCLASS cards, but then makes some changes, Nichols says. HID thoroughly tests the cards and offers a lifetime guarantee. According to Nichols, this testing and reliability separates iCLASS from standardized cards.

While the cards use the 15693 standard, iCLASS readers are also equipped to read Mifare and ISO 14443 standard cards as well, Nichols says.

LEGIC Prime and LEGIC advant

LEGIC was founded in 1990 in Zurich, Switzerland. Though the company's technology is available and in use in worldwide, it is most prevalent in Europe. LEGIC's original 13.56 MHz contactless technology, LEGIC Prime, predates the development of the ISO standards for contactless. While Prime has been widely used since its launch in 1992, a newer and more secure line called advant is now available.

The LEGIC advant system is a set of products that includes cards, readers and applications, according to Marcel Brand, manager of marketing communications at the company. LEGIC ensures its card readers are compliant with both the ISO 14443 and ISO 15693 standards as well as its own proprietary technology.

LEGIC has designed its system to be flexible so that adding applications and upgrading readers can be done simply, says Brand.

Sony FeliCa

Sony's FeliCa could be the most varied of the contactless flavors, complying with a different ISO standard.

To date it has seen the majority of its use in Asian markets, but the notion that it is only relevant in Asia is an image Sony is trying to correct. FeliCa was introduced in Hong Kong in 1997, says Jun Shionozaki, technical consulting manager for FeliCa Business Division at Sony. It was introduced to the Japanese market in 2001. "It's deployed in other parts of Asia, Europe and the U.S.," says Shionozaki.

FeliCa has an extremely strong presence in Japan because of the maturity of the country's mobile market. As of June 2010, 67 million Japanese handsets embedded with mobile FeliCa chips were in circulation, says Shionozaki.

FeliCa is based on the ISO 18902 standard that defines near field communication. "We decided to focus on the 18092 standard which covers a wide range, including mobile," says Shionozaki.

Some aspects of the FeliCa system are open. "We comply with 18092, in that sense we can be considered open," says Shionozaki. FeliCa uses encryption algorithms that are open standard as well, but it maintains a set of proprietary security elements. Sony says its FeliCa card is the first contactless card to achieve EA4L security. "It's the highest level for consumer products," says Shionozaki.

Open standards

When it comes to the largest of issuances, such as open system payment cards and electronic passports, banks and countries have gone with purely standard 14443 technologies, says Patrick Hearn, vice president of government and identification markets for the America at Oberthur Technologies.

An open architecture was a necessity for these projects because of the millions of documents that would be produced and the variety of places the information on the credential would have to be read. "It's easier to implement a large scale project using open standards," he adds.

Open standards also tend to have longer lives, says Hearn. He estimates that a credentialing system based on open standards can last up to 10 years whereas proprietary systems may only last three to five years because they will be upgraded or phased out over time.

When someone buys a standard 14443 card they know how it's going to communicate and they can purchase standard applications and personalization tools, Hearn says.

Ultimately it comes down to what a customer wants to do with the system, Heard adds. Though he stresses the importance of truly open standard solutions for large-scale implementations, he notes that proprietary flavors are ideal for other projects. "Closed loop makes sense for some people," he says. "You have a steady supply chain and standardized output and don't need the benchmark testing."

CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Join Jeff Koziol and Robert Gaulden from @AllegionUS as we explore how mobile credentials and proptech are changing on- and off-campus housing.

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.