Card, mobile credential, payment and security
A Colorado-based manufacturer of contactless security readers has significantly strengthened its market position with a major announcement in the physical security space. XCeedID’s multi-technology readers - capable of reading prox plus an array of contactless card flavors (e.g. Mifare, DESFire, iCLASS, my-d) - have been selected by Lenel for private-labeling.
Lenel Privately-Labels XceedID Multi-Tech Readers
GOLDEN, COLORADO – February 9, 2006 – XceedID Corp. recently entered into a private-label OEM agreement with Lenel Systems International, the leading provider of software and integrated security management systems. XceedID Corporation’s innovative line of ISO-X™ Multi-Technology readers will now be available under the Lenel brand as the Lenel OpenCard™ Reader series.
XceedID and Lenel worked together to customize the versatile ISO-X Multi-Technology reader for use with the Lenel OnGuard® security platform, creating a unit with unprecedented functionality. Using OnGuard OpenCard™, Lenel’s smart card encoded information standard, the Lenel OpenCard Readers support HID® proximity, GE/CASI® ProxLite®, my-d®, MIFARE®, MIFARE DESFire®, HID iCLASS™, XceedID ISO-X and other technologies. The devices can read proximity numbers, smart card serial numbers and the data application areas of contactless smart cards.
“XceedID is pleased to be working closely with Lenel to deliver innovative reader solutions to the market. We expect our threaded partnership with Lenel to grow with current and future products and we anticipate that our combined offering will be a significant value-add for the Lenel customer base.” said John Menzel, XceedID President and CEO.
“Lenel is very pleased to now offer flexible, competitively-priced readers that support multiple card technologies with an open standard,” said Erik Larsen, Product Manager of Identity Solutions for Lenel Systems International. “The Lenel OpenCard Reader series provides a viable solution for customers who are transitioning from one card technology to a newer standard, or for those who require multiple card technologies in a complex access control environment.”
The Lenel OpenCard Reader series includes a mullion-mount reader, a mid-range reader and a mid-range reader with a keypad.
About Lenel
Lenel Systems International, Inc. is a global leader in the development and delivery of scalable, integrated systems for the commercial security market, with more than 12,600 system implementations in 75 countries. Lenel is headquartered in Rochester, New York, with sales and support coverage in all major world markets. Lenel is a subsidiary of UTC Fire & Security, which is a business unit of United Technologies Corporation (NYSE:UTX). More information about Lenel and its products can be found on the company’s web site at www.lenel.com.
By David Wyld, Contributing Editor, AVISIAN Publications
When visitors step up to the gates of the four Disney World theme parks, the Magic Kingdom, Epcot, Animal Kingdom, or the MGM Studios, they will encounter something unexpected and largely foreign to them. Disney has embarked on a program to use an established biometric technology – finger geometry – to secure its valuable passes. Ostensibly, this new security is for the benefit of the pass owner. However, it is also being implemented to secure Disney’s pricing structure and marketing strategy. It has not come without controversy – and at least a bit of confusion.
What is Finger Geometry?
Hand geometry has been aptly described as “the ‘granddaddy’ of all biometric technology devices.” It is essentially based on the fact that virtually every individual’s hand is shaped differently than another individual’s hand, and over the course of time, the shape of the person’s hand does not significantly change. Operationally, finger or hand scanning systems capture the physical, geometric characteristics of an individual’s hand – with most systems having the capacity to do so in less than a second. From these measurements, a profile or “template” is constructed which will be used to compare against subsequent readings by the user. Finger and hand geometry are considered somewhat interchangeable terms. However, hand geometry evaluates the person’s entire hand form as a biometric identifier, while finger geometry looks only at a subset of the five fingers to form the identifier. In either case, such geometry does not entail the taking of a person’s fingerprints. In a recent study, the National Academies of Science of Science found that while a person’s finger geometry is indeed far less distinctive than his/her fingerprints, hand or figure biometrics is indeed suitable as an identifier for a wide variety of circumstances, where one in a thousand uniqueness is sufficient.
Finger geometry has been used successfully since its commercial introduction in 1975, when it was brought to Wall Street for security purposes by the investment firm of Shearson Hamill. Over the years, it has been utilized to provide secure access and verify one’s identity in a wide variety of settings, including:
Probably the widest use of finger or hand scanning is in the corporate realm, where such scanning is used in complement with employee badges, passes, and ID cards to prevent payroll fraud, a seemingly intransigent problem which has been estimated to cost employers in the U.S. alone hundreds of millions of dollars each year. While other forms of biometrics may be growing more rapidly, there is still substantial growth potential for hand and finger scanning, In fact, according to Biometrics Info, hand geometry revenues have been forecast to reach $97.4 million in 2007, which represents an almost 400% growth in the market since 2002.
Giving Disney Your Fingers
Disney has moved over the past decade to use automatic identification in various forms. In 1996, the company moved away from a hard plastic laminated pass for all holders of multiday or annual passes, which contained both a bar code identifier and a photo of the passholder. In its place, Disney began issuing mylar paper passes. These new passes had no photo identifier, and indeed, contained only minimal visual evidence of ownership, basically only the guest’s name and the expiration date of the pass. Beginning in June 2005, all Walt Disney World parks began using finger scanning at its park entrances to complement the security measures embedded in its mylar passes. When a Disney guest presents his pass at the turnstile, he is asked to insert the pass into a reader, and after doing so, to make a “peace sign” with his index and middle fingers and insert those fingers into a scanning area. During the scan, a camera takes a picture of several points on each person’s index and middle fingers and assigns a numerical value to the image. The scan – which is accomplished in less than a second – measures the length and width of the individual’s two fingers and the spread distance between the digits. Once the scan is taken – and all adults are required to do so - the pass is returned to the guest.
For a number of years now, Disney’s marketing approach has been to shrewdly push the sale of multi-day and annual passes to its theme parks that comprise the Disney World complex (Disney passes are not interchangeable between its parks in Anaheim, California and Orlando, Florida). The pricing structure at Disney World’s is transparently meant to encourage its visitors to buy passes for longer stays at its Orlando properties. In fact, the daily price of a Disney park visit drops significantly as longer-lasting park passes are purchased – by half at the 7-day mark and by almost two-thirds at the ten day market. To put it quite simply, Disney makes about $200 more by selling five separate two-day tickets than by selling a single ten-day pass. So, to protect its revenue stream, Disney does not allow its annual or multi-day passes to be shared or transferred. They don’t want people to buy a ten-day pass, use it for two days, and then resell the pass to a buyer to use the remaining days.
Not only do longer stays mean that families visiting Disney World will have more opportunities to spend more money on food and beverages, souvenirs and trinkets, and other experiences, such as breakfast with Cinderella, while on Disney property. Perhaps even more importantly, the passes serve to “lock-in” guests to focus their Orlando visits on Disney parks, rather than spending their time – and money – at the competitor’s parks and other entertainment experiences available in this burgeoning family resort area.
A mixed reaction
From Disney’s perspective, the ticket tag is a necessary security measure that does not violate its customers’ privacy. According to Disney spokeswoman Kim Prunty, contrary to some reports, “We’re not keeping a database of fingerprints.” In fact, the company does not maintain a permanent database of scans, as the information is purged from its systems after the individual’s pass expires. Disney has also not disclosed the vendor for its biometric system.
However, Disney’s move to finger scanning has generated some degree of controversy since its implementation. Since Disney defines an “adult” park guest as being 10 or older, many minors are being subjected to finger scanning. Leading privacy groups have also attacked Disney’s move. The American Civil Liberties Union recently called the addition of biometric technology “a step in the wrong direction.” EPIC – the Electronic Privacy Information Center – recently issued a blistering attack on Disney for its use of finger scanning. It called the practice a “a gross violation of privacy rights,” as there is little notice given to consumers as to why their biometric information is being collected, how it will be used, and the protection afforded to the data. EPIC also criticized Disney’s move based on the legal principle known as “the proportionality test,” which can be encapsulized as whether the amount and type of information being collected equals the level of security being sought? To date however, there have been no lawsuits filed against Disney over its use of finger scanning technology.
Surprisingly, both at ticket sales’ locations and at the actual park entry points, Disney has not seen fit to post information on exactly what is being done when the park patrons are asked to make the peace sign and insert their digits into the reading machine. Most patrons – and even some public interest groups and media covering the developments at Disney - have assumed that the company is fingerprinting park visitors and matching the passholder’s print to the pass – and perhaps even other databases, such as criminal records, sex offender registries, and terror watch lists. This has led some industry observers to criticize Disney for having a corporate communications problem in not explaining the “why’s” for the use of the technology to its patrons, while others have seen fit to call upon Disney to find creative ways to leverage the technology - and the data it collects – beyond gate security to provide better in-park customer experiences for its guests.
Good technology often makes good business sense
What is certain is that we will see more such applications of finger geometry in the future, as Disney is by no means alone in exploring how this established technology in the theme park industry. Indeed, according to a report from The Orlando Sentinel, several of the company’s principal competitors are looking to implement similar pass protection technology to their valuable tickets and passes in 2006, including:
From the perspective of Dennis Speigel, President of International Theme Park Services in Cincinnati, such biometric scanning may be a necessary tool for the entire theme park industry. He recently observed that: “Tickets are very expensive for these facilities. If you can hand them off, it costs the parks money. The introduction (of this type of solution) will be used more broadly in the industry in the future.”
For now, the introduction of finger scanning seems to present Disney with an operational challenge to get visitors used to the new requirement. The reaction of Simon Henson, who visited Disney while on vacation, is common. As Mr. Henson put it: “Overall it’s good. But it seems to make the queues longer. No one seems to put their fingers in all the way on the first try.”
About the author:
David C. Wyld ([email protected]) is the Maurin Professor of Management and Director of the Strategic e-Commerce/e-Government Initiative at Southeastern Louisiana University.
Higher cost and lower market demand slows the adoption of PVC’s biodegradable rival … for now
By Marisa Torrieri, Contributing Editor
It sounds corny to some, but the latest card en route to consumers’ wallets promises the same durability of traditional petroleum-based (PVC) cards without using up one of Earth’s most valuable and dwindling resources … oil.
A new card made from processed corn got a big push when card manufacturer Arthur Blank & Co. (ABCO) announced last month it is ready to roll out millions of the regurgitated stalks for environmentally conscious retailers – whether they’re producing gift cards or highly secure access control or ID cards.
Called “CornCard USA” by Arthur Blank & Co., the card itself can be composted, incinerated and mechanically recycled in industrial facilities. This new corn-based card can be used in the same applications as the more traditional petroleum-based counterparts. The CornCard USA may be printed with most of the special inks and panels Arthur Blank offers, and with a number of security measures (i.e., specialized inks only visible with infrared and black light readers, or Guilloche printing).
While CornCard still reportedly costs nearly 10 percent more than PVC, Arthur Blank’s new rollout isn’t the only indication that these cards should be taken seriously. Major corporations such as Microsoft and Wal-Mart have said they are seeking renewable resource alternatives to traditional packaging, notes Jake Jacobs, vice president of sales for Arthur Blank & Co.
“Unlike petroleum-based cards, corn-based cards can be mechanically recycled, composted (this takes several years) and won’t release toxins when burned,” says Mr. Jacobs. “Creating the resin from corn also produces much less harmful gas than producing plastic from petroleum. On a small scale, this isn’t as big a deal, but when you consider Arthur Blank & Co. used 8 million pounds of raw materials last year for gift cards alone, you can clearly see the environmental benefits of using corn-based cards.”
You can’t eat them, but you can swipe them: Cards look, feel the same as PVC
Processing corn cards involves several steps, explains Todd Niemuth, marketing manager for Spartech Corporation, the “plastic sheet extruder” company that makes CornCard USA Sheets for Arthur Blank & Co. Spartech competes with PVC sheet extruders, using the process of fermentation, followed by polymerization.
The process of corn polymerization, the first step in making corn cards, is similar for both corn- and oil-based plastics, explains Mr. Niemuth, who notes that the process is just as complex for both corn and oil plastic. Conducted by NatureWorks for Spartech and ultimately, for Arthur Blank & Co., the process involves turning raw materials into tiny pellets.
First, the corn is planted, harvested, then sent to a milling plant where starch is separated and isolated from other components. The starch is converted to sugar. Then, through a fermentation process much like making wine or whiskey, micro organisms convert the sugar into a lactic acid, which ignites the biological process of polymerization. The polymer, or plastic, is formed into pellets that are sold to Spartech.
“The most environmentally significant difference is that PVC is derived from oil, something that takes millions of years to regenerate, while PLA is derived from corn, a plant that grows in roughly 100 days,” Mr. Niemuth says.
Then, the sheet extruder takes the pellets and mixes its own proprietary blend of chemical additives to give the corn-spawned plastic better strength, before flattening it into thin sheets that look like a thick sheet of paper.
“You can get 60 cards out of one sheet of plastic,” Mr. Niemuth says.
After the sheet extruder turns the pellets into sheets, they are then shipped to Arthur Blank & Co., which adds its own, top-secret binding formula to the sheets before churning out the corn cards. The formula, developed by ABCO, is necessary to prevent problems such as ink bleeds and cards that curl at the edges. The formula is a result of several years of trial and error, as bad printing and imperfect cards were an industry-wide problem for years, Mr. Jacobs says.
What will turn corn into a corporate cashpot?
If the cost of oil continues to rise, it won’t be long before both card manufacturers and retailers start following Arthur Blank’s lead by investing in alternative resources.
But for now, the biggest challenge to adoption is that retailers are not demanding the CornCard, say a number of Arthur Blank’s manufacturing competitors.
Versatile Card Technology (VCT), for instance, makes a huge range of cards for a variety of industries, but according to a source, the company won’t consider making CornCards without customer demand.
“They’re really expensive,” says a VCT spokesman. “It’s more client-driven,” and clients are interested in “highest print quality at lowest price.” PVC cards are industry standard and CR80 cards cost 10 cents apiece, the spokesman notes.
Should environmentally conscious vendor such as Whole Foods Market want to order one million corn cards, however, VCT would jump on the chance to make them, the spokesman adds. Until then, “PVC’s a very rugged, durable material,” the VCT spokesman says.
But Mr. Niemuth believes that all of the leading card manufacturers are definitely keeping plans to manufacture corn cards. While the cost of corn remains stable, oil prices continue to skyrocket. When the price of making CornCard USA becomes more competitive, manufacturers will become even more accommodating.
“I think it’s safe to say every non-secure card manufacturer in the top 10 has asked us for trial material, and has it or will get it soon,” Mr. Niemuth says. “That doesn’t necessarily mean they have demand, but there’s a tremendous amount of interest.”
Additional resources:
To visit Arthur Blank & Co. on the web, click here.
To visit Spartech Corporation on the web, click here.
To visit Natureworks PLA on the web, click here.
Debitek, a card reader/device manufacturer and stored value solution provider, has been acquired from its prior owner Ingenico by Heartland Payment Systems. Debitek is well-known in the “closed system” card market with more than 20-years experience providing mag stripe and smart card payment solutions to college campuses, corporate sites, gaming/entertainment venues, and correctional facilities.
Heartland Payment Systems Acquires Debitek
Acquisition Provides Prepaid and Stored Value Solutions Platform in Rapidly Expanding Small-Dollar Transactions Market
PRINCETON, N.J., Feb. 13 /PRNewswire-FirstCall/ – Heartland Payment Systems, Inc. (NYSE:HPY), one of the nation’s largest providers of merchant acquiring services, today announced it has acquired Debitek, a leader in prepaid and stored value solutions. Debitek immediately provides Heartland with a proven platform in the stored value and prepaid market, particularly with respect to small-dollar payment applications.
Robert Carr, Chairman and CEO of Heartland Payment Systems, Inc., said, “Debitek is a leader in the prepaid and stored value solutions industry with arguably the most successfully deployed technology of its kind in the United States. A prepaid and stored value solution is also an ideal platform to capitalize on the growth opportunities of small-dollar transactions, which is a large and rapidly emerging electronic payment solutions market. Debitek’s substantial installed base utilizing their proprietary software provides a solid foundation for penetrating this market. We are excited about the opportunity to broaden our product offering while also entering the new markets already served by Debitek solutions.”
Debitek, headquartered in Chattanooga, Tennessee, has an established client base utilizing approximately 130,000 payment devices, and an experienced and dedicated management team. The Company has a proven, reliable solution to transfer value to either Mag stripe or Chip (“Smart”) cards. Among its many applications, Debitek provides its cashless solution to numerous university and business campuses across the country - including the Universities of Florida and Minnesota, Northwestern University, and BMW, Coca- Cola and Morgan Stanley - as well as the entire Federal penitentiary system.
Larry Hauser, Vice President and General Manager of Debitek, said, “We are pleased to be joining with Heartland Payment Systems. With Heartland’s extensive resources and nationwide infrastructure, we can accelerate growth within our established markets as well as broaden our reach into new markets. We also envision numerous synergistic opportunities to leverage our prepaid and stored value technology with Heartland’s payroll and transaction processing leadership.”
Financial terms of the transaction, which was structured as a stock purchase, were not announced. Heartland believes the transaction will not have a material impact on earnings in the near term.
About Heartland:
Heartland Payment Systems, Inc. (HPS), a NYSE company trading under the symbol HPY, delivers credit/debit card processing and payroll solutions to over 110,000 small to medium-sized merchants throughout the United States. HPS also provides additional services to its merchants such as gift and loyalty card programs, paper check authorization, and sells and rents point-of-sale devices and supplies.
With over 1,000 national sales professionals, HPS builds long-term business relationships in local sales territories providing merchants with enhanced technology tools that assist them in more effectively operating their businesses.
Heartland commenced operations in 1997, and since 2000 has grown at a compound annual rate of more than 30% to become the seventh largest merchant processor in the United States and fifteenth largest merchant processor in the world.
Helping college students who are on their own for the very first time can be a rewarding experience for employees of a bank’s on-campus branch. Students may never have had a bank account before and it may be their first experience with a payment card as well. True, they could deal with an online bank or work with their bank back home or across town, but many find there is no substitute for sitting across the desk from a real live human being at a brick and mortar bank on campus.
“Students just starting on campus, know very little about managing their own finances,” said Whitney Bright, vice president, Campus Banking, for U.S. Bank. “That’s why face-to-face interaction is important.”
Even simple banking tasks that most of us take for granted, such as opening accounts, making deposits, using the ATM, may be Greek to students, particularly incoming freshmen. Learning the basics, “students seem to be appreciative of this,” said Ms. Bright.
This level of comfort and education is perhaps the single most important benefit that an on-campus branch can offer.
But other benefits of on-campus branch banks have nothing to do with students. “(A branch can give) parents peace of mind, knowing their students have a bank on campus they can visit anytime,” said Ms. Bright. “There might be a brick and mortar bank a mile away, but that bank has to deal with so many other things … an on-campus branch is dealing just with students.”
Understanding the campus market
The most important factor when locating a branch on campus is understanding the campus market. A college branch bank is dealing with a unique niche with operational needs.
“The student market is unique so employees (should be) different for the campus branch,” added Ms. Bright. But it goes much deeper than simply hiring the right employees to work with students. Financial education, product offerings, pricing, even hours of operation may need to be adjusted to most effectively serve a campus market.
“We (U.S. Bank) conduct financial wellness seminars for students,” said Ms. Bright. They learn how to open and, more importantly, run their checking accounts. That includes balancing their checkbook each month, reading bank statements, things that most of us take for granted. “We teach students how not to get into trouble with their credit and ATM cards,” she adds.
With more and more financial functions being tied to campus cards today, knowing how to manage and care for personal financial wellbeing takes on even greater importance–for both students and their parents. An on-campus branch can be a key tool in this lifelong lesson.
For the second time in less than a year, access control and card provider IDenticard (and sister company IDenticam) has new ownership. Last year, the Pennsylvania company was acquired by GE and today it was announced that Brady Corp. is the new owner. Brady’s other personal identification companies include TEMPbadge, Stopware and J.A.M. Plastics in the U.S., and BIGBadge in the U.K and France.
Brady Corporation Acquires Security Identification Maker GE IDenticard Systems, Inc.
MILWAUKEE, Feb. 9 /PRNewswire-FirstCall/ – Brady Corporation (NYSE:BRC) , a world leader in identification solutions, today announced that it has acquired GE IDenticard Systems, Inc. based in Lancaster, Penn., and its Canadian affiliate IDenticam located in Markham, Ontario. Terms of the transaction were not disclosed.
IDenticard, founded in 1970, is a market leader in personal identification, access control and consumable identification badges. Known as an innovator in security card technology, its products include identification card systems that combine biometrics, digital imaging and other technologies to positively identify people and prevent identification card counterfeiting; and access control systems that restrict entry into buildings using multiple card-reader technologies. IDenticam offers integrated photo identification solutions, printers, supplies, accessories and visitor management solutions.
The companies, with 120 employees in the U.S. and 36 in Canada, have over 30,000 customers in healthcare, education, government and manufacturing. They had combined 2005 sales of about $33 million (U.S.). IDenticard and IDenticam were acquired by GE in March 2005 as part of its acquisition of Edwards Systems Technology.
“With an increased importance on safety and security around the world, the need for effective personal identification has never been greater. IDenticard’s proprietary products and advanced technologies in this area make them a terrific addition to Brady’s personal identification brands including TEMPbadge, Stopware and J.A.M. Plastics in the U.S., and BIGBadge in the U.K and France,” said Tom Felmer, Brady vice president - Direct Marketing Americas. “The acquisition of IDenticard and IDenticam further strengthens our position in the personal identification market and establishes Brady as a leader in card access security badges. We expect this acquisition to play a key role in our global personal identification product strategy.”
“We’re very excited to be joining the Brady team,” said IDenticard General Manager Bob Hager. “Brady brings strong leadership with a commitment to product development and innovation that will provide significant opportunities for our growth and further enhance our focus on the customer.”
Brady Corporation is an international manufacturer and marketer of complete solutions that identify and protect premises, products and people. Its products help customers increase safety, security, productivity and performance and include high-performance labels and signs, safety devices, printing systems and software, and precision die-cut materials. Founded in 1914, the company has more than 300,000 customers in electronics, telecommunications, manufacturing, electrical, construction, education and a variety of other industries. Brady is headquartered in Milwaukee and employs about 5,500 people in operations in the United States, Europe, Asia/Pacific, Latin America and Canada. Brady’s fiscal 2005 sales were approximately $816 million. More information is available on the Internet at http://www.bradycorp.com/ and http://www.identicard.com/.
Five buildings and 148 doors at the Ohio campus on Wright Patterson AFB are now secured via a FIPS 201 compliant physical access control system. The solution, integrated by SMARTnet Inc., reads current Common Access Cards and will read next generation contactless cards.
Air Force Institute of Technology (AFIT) Leads the Way in Physical Security Infrastructure Supporting HSPD-12
Frederick, MD – February 1, 2006 – SMARTnet, Inc. has successfully implemented a physical access system for the Air Force Institute of Technology at Wright Patterson AFB, that supports contact and contactless Common Access Cards (CAC).
AFIT’s new physical access system covers five buildings and 148 doors across its campus, networked together via IP to a centralized security center. The new system allows students to use their CAC card for both physical access and logical access thus eliminating the need for multiple type access cards. Additionally, the new system supports the older contact CAC and will support the new contactless CAC cards (FIPS-201, PIV II compliant) thus providing AFIT a planned transition path without having to have multiple reader devices to meet their needs and support the directives of HSPD-12.
According to Steve Bowers, Executive Support Officer, Office of the Dean, “We needed a new physical access system and we wanted to be sure our new system would support the existing technology as well as where the Air Force was heading with the new requirements based on HSPD-12. With the help of the Air Force Security Office, XIC, we developed a requirement for our new system. SMARTnet designed and integrated a solution that met our requirements.”
To support the PIV II capabilities, AFIT, with the assistance of the SMARTnet team, will be evaluating and testing prototype finger print readers that will be integrated with the card readers. The new integration for biometrics is expected to begin in April 2006.
SMARTnet is an enterprise IT systems integration firm offering a nationwide presence and 10 years experience designing and implementing highly flexible mission critical IT and security solutions.
For information: www.smartnetgov.com.
Compare FIPS 201 Products
By Tom Bell, Vice President, Commerce Industry Relations, Blackboard
At a recent seminar, campus executives were asked how they planned their card system and if their plan was strategic. All referred to the planning as “detailed;” and said it involved partner research, equipment evaluation, software testing and a variety of other important steps. As much as they wanted it to be, however, none considered it strategic, let alone ongoing.
I think we may all have known that feeling. Planning is often detailed but rarely strategic. In fact, many campus transaction systems result from reactionary decisions. These reactions are driven by immediate needs, such as updating point-of-sale equipment, adding access control or controlling some kind of campus crisis.
Scheme, Scope and Scale
A transaction project, like any enterprise system, should not end with deployment. In fact, that may just be the beginning. As campuses tend to discover, innovative ideas and applications will bubble up the longer the system operates on campus and as more departments become familiar with its capabilities.
Ideally, a rolling three to five-year plan should blend system objectives with a campus’s mission and strategic plans. That may be ambitious given the challenges of a modern university environment; still, an ongoing process that tackles both current challenges and long term direction will go a long way toward increasing the value of your investment.
Imagine any of the following situations. (If you’re campus is typical, it won’t be difficult.)
Any or all of these can be the starting point, a milestone or distant outlier for a strategic planning effort. Even in its most limited implementations, the transaction system will touch almost every department and division of the university in some way, and very often the surrounding community as well. For that reason, it is essential that campus decision-makers recognize that transaction system planning is an institution-wide project, not a departmental one.
Teams Make The Difference
How well your transaction system strategy is aligned with the mission and strategies of the university may do more to determine its return-on-investment than almost anything else. These systems must be capable of adapting, integrating, and expanding as mission, strategies and constituencies change, so maintaining that alignment should be an ongoing process. Trying to deal with those situations listed above individually, as each arises, under short deadlines and shrinking budgets is a prescription for “sub-optimizing” (at least!). Unfortunately, this is where many campuses find themselves when they fail to look at the larger and long-term picture?
A better solution is to create planning committees from representative campus groups. These groups should set objectives based upon the larger organizational vision, and they should provide direction to a campus implementation task force, whose job it is to keep the project on schedule.
Very important: Comprehensive education should be provided to everyone on these teams so that old and outdated technology doesn’t contaminate the final product.
Once implemented, a transaction solution will present a new way of doing business and a new method for providing services to the university community. Forming cross-campus strategy teams will help ensure that key decisions satisfy and will be embraced by all (or at least most) constituencies. For example, one important consideration will be how to access the systems—card, PDA, website or a combination. You’ll want to find the right fit for everyone, both for today and tomorrow. The end result is a true Networked Transaction Environment where all members of the campus community are able to access information, services and facilities using a single account.
The Game Plan: X’s And O’s
What should be covered in a strategic plan? Among other specific considerations it should:
In addition to aligning with the university’s mission, systems planning must be consistent with—if not driven by—campus-wide operational plans and strategies, at least for near- and mid-term objectives. For example, business goals for a given year might call for improvements in efficiency. Technology will certainly play a key role in any such effort, therefore aspects of the transaction system plan might focus on issues such as its use as a systems integration platform, automating reporting or speeding services.
The Ongoing Value of Strategic Planning
The transaction system is a unifying platform for so much campus activity that in perhaps no other area will ongoing planning provide greater return on the effort. As more and more users experience the advantages of the transaction system platform, campuses that have made the change inevitably see new ideas rising up from across campus. Experience shows that this change will happen gradually, but it will happen, and that’s exactly the kind of situation that can benefit most from good strategic planning.
In 2006 a great new feature section will appear in each and every issue of CR80News. Our new Physical Security Corner will explore key issues related to the changing security landscape. Physical security is no longer a standalone “silo” within a campus … it is a vibrant, essential component with enterprise-wide implications.
Key themes running through this recurring feature article will be identity and convergence. That is because these are among the most significant defining features of the modern security landscape. Thus it seems fitting that we explore these two concepts for this inaugural installment of our Physical Security Corner.
Identity and physical security …
The concept of physical security assumes adequate identity management, but unfortunately this has not been the case. To explain this idea, an understanding of the identity management process is necessary.
Identity management can be thought of as a set of processes used to identify an individual within an organization and grant access to a defined set of privileges based on that individual’s unique status. Certainly from the traditional concept of physical security, identity management seemed obvious … we create a badge and the badge holder swipes or presents it to a card reader and is granted or denied access.
True this is a form of identity management, but is it “adequate identity management?” Most agree it is not. There are far too many weak points in the chain. Was the individual’s identity vetted prior to badge issuance? Was authentication conducted at the reader to ensure that the badge’s user is the person it was issued to? Is an effective system in place to revoke access rights for former users, lost cards, etc.?
Questions such as these indicate why adequate identity management must be a fundamental component of any security system. Though identity management has become a cross-industry buzzword and countless definitions are kicked about, key concepts or steps are common. Identity management consists of:
Verification
“Verification,” according to the OpenGroup, a standards and interoperability-focused consortium, “is the process of establishing identity prior to the creation of an account that can later be used as an assertion of identity.” It is the background check that ensures that the individual you are about to enroll in the system or provide a credential to access the system is indeed the person they claim to be. Verification can be lenient (e.g. “I am John Doe because I say I am”) or strict (e.g. fingerprint checks, interviews with past associates). The first requirements of HSPD-12, the new U.S. government mandate for standardized secure credentials across agencies, focus on verification of new and existing employees through extensive background checks. Interestingly, a source tells us that a number of existing employees using fake identities have already been uncovered via the process.
Authentication
The OpenGroup defines authentication as “the process of gaining confidence in a claimed identity.” It is the means by which the person claiming to be “John Doe” is tested to determine that he is indeed “John Doe.” In traditional security architectures, authentication was limited to visual checks of the credential by a guard (e.g. flash pass) or simple possession and presentment to a reader of the issued credential.
In modern identity systems, multi-factor authentication (possession of the credential combined with some combination of passwords and biometrics) is desired. Validation of the credential’s authenticity is also key.
Revocation
The other core step in the management process is the revocation of issued credentials and the subsequent notification of that revocation to impacted systems. Obviously, the days of former employees possessing still-valid credentials are past. Immediate revocation must be enabled to avoid potentially disastrous security breaches. In addition to this obvious need for revocation, many systems are purposefully revoking or suspending privileges of valid identities as a means to cyclically return to the first phase of the identity management process, Verfication. In so doing, the individual is subject to some form of re-verification, such as an updated check of criminal history files or suspected terrorist lists.
While there are many other important aspects to identity management – trust, provisioning, federation – these three cornerstones form the core of the concept. These and other concepts will underlie many of the future discussion in this Physical Security Corner.
Convergence and physical security …
As the importance of identity management was being recognized, so too was the concept that a single individual has many identities within and across an organization. At the core, many individuals have both physical access and logical (or network/data) access needs. Converging aspects of the identity management for physical and logical security affords great benefits in terms of user convenience, process redundancy, and enterprise-wide security.
The melding of the verification, authentication, and revocation processes for physical and logical security has become a major goal and challenge of modern organizations. Previously separate management and organizational structures (e.g. facilities and IT) are striving (sometimes struggling) to share this common ground.
Looking ahead to 2006 …
With these fundamental concepts in hand, we will move forward throughout the next year in our exploration of this new world of physical security. We will investigate core concepts of security systems, delve into specific issues such as maintaining databases for converging systems, and keep a constant eye on the impacts that initiatives such as HSPD-12 and global standardization efforts may have on your campus.
The editorial team at CR80News would like to thank security leader, Lenel Systems International, for the sponsorship that will enable us to bring you this dedicated feature throughout the New Year. Stay tuned.
Compare FIPS 201 ProductsVersion 4.16 of Onity’s Integra3 software solution enables campuses to support online doors via ethernet rather than modem or RS485. The solution from Onity is used by more than 200 colleges and universities in North America for online and offline door control.
ONITY UNLEASHES INNOVATIVE SOFTWARE ON INDUSTRY TO MEET EVOLVING NEEDS
OF HIGHER EDUCATION FACILITIES
As the first electronic locking software to fully comply with Ontario, Canada, Building Code provisions, the Integra3 Version 4.16 improves campus safety and efficiency
ATLANTA (J, 2005) — Onity, the leading provider of electronic facility control solutions, recently announced the availability of its newly enhanced Integra3 software—a popular electronic locking system used by nearly 200 North American colleges and universities to improve control and security.
Now supporting online doors via Ethernet, Version 4.16 replaces previous connections to software through either modems or hard-wired RS485 networks.
With a new Alternative Fire Code (AFC) mode, the Integra3 software is the first in the electronic locking industry to meet all the provisions of the Ontario, Canada, Building Code, Section 3.3.4.5., which requires that doors not automatically lock when a person exits the room—instead of relying on the key holder to relock the door themselves.
“Not only does the AFC mode open the doors for Ontario universities seeking more control over facility access, but it also offers a revolutionary safety feature for schools in case of fire or disaster–when students’ rooms may require easy re-entry,” said Onity’s Vice President of Business Development Adam Yapkowitz.
Helping to eliminate recoding work for housing staff and improve security, Onity’s Version 4.16 is also the first software to allow for individual expiration of access to various doors for each user to happen on different dates. For example, if a campus maintenance worker will be repairing heaters in several rooms, but only will need access to one floor a day, that can be pre-coded instead of him having to return to the Housing Office daily for recoding.
Additional features of the Integra3 Version 4.16 include: Enhanced operator password security; enhanced system administration tools, such as the ability to see which machines and users are running the software; and enhanced interface engine support.
“Our latest software is ideal for institutions that require a combination of online and offline access integrated within a single, easy-to-use software package, and for any colleges or universities looking to improve the system for access currently in place,” Yapkowitz said.
ABOUT ONITY, INC.
Since 1941, Onity has become the world leader in delivering the finest electronic locks backed by legendary service, and has a sales and service network that spans more than 115 countries. With stand-alone electronic locks installed on more than 3 million doors globally, Onity’s ever-expanding family of electronic solutions today includes Electronic locking systems, Electronic in-room safes, and Energy management solutions.
