Campus ID News
Card, mobile credential, payment and security

Identity Management and convergence define a new world of physical security on campus

Chris Corum   ||   Jan 29, 2006  ||   , , ,

In 2006 a great new feature section will appear in each and every issue of CR80News. Our new Physical Security Corner will explore key issues related to the changing security landscape. Physical security is no longer a standalone “silo” within a campus … it is a vibrant, essential component with enterprise-wide implications.

Key themes running through this recurring feature article will be identity and convergence. That is because these are among the most significant defining features of the modern security landscape. Thus it seems fitting that we explore these two concepts for this inaugural installment of our Physical Security Corner.

Identity and physical security …

The concept of physical security assumes adequate identity management, but unfortunately this has not been the case. To explain this idea, an understanding of the identity management process is necessary.

Identity management can be thought of as a set of processes used to identify an individual within an organization and grant access to a defined set of privileges based on that individual’s unique status. Certainly from the traditional concept of physical security, identity management seemed obvious … we create a badge and the badge holder swipes or presents it to a card reader and is granted or denied access.

True this is a form of identity management, but is it “adequate identity management?” Most agree it is not. There are far too many weak points in the chain. Was the individual’s identity vetted prior to badge issuance? Was authentication conducted at the reader to ensure that the badge’s user is the person it was issued to? Is an effective system in place to revoke access rights for former users, lost cards, etc.?

Questions such as these indicate why adequate identity management must be a fundamental component of any security system. Though identity management has become a cross-industry buzzword and countless definitions are kicked about, key concepts or steps are common. Identity management consists of:

“Verification,” according to the OpenGroup, a standards and interoperability-focused consortium, “is the process of establishing identity prior to the creation of an account that can later be used as an assertion of identity.” It is the background check that ensures that the individual you are about to enroll in the system or provide a credential to access the system is indeed the person they claim to be. Verification can be lenient (e.g. “I am John Doe because I say I am”) or strict (e.g. fingerprint checks, interviews with past associates). The first requirements of HSPD-12, the new U.S. government mandate for standardized secure credentials across agencies, focus on verification of new and existing employees through extensive background checks. Interestingly, a source tells us that a number of existing employees using fake identities have already been uncovered via the process.

The OpenGroup defines authentication as “the process of gaining confidence in a claimed identity.” It is the means by which the person claiming to be “John Doe” is tested to determine that he is indeed “John Doe.” In traditional security architectures, authentication was limited to visual checks of the credential by a guard (e.g. flash pass) or simple possession and presentment to a reader of the issued credential.

In modern identity systems, multi-factor authentication (possession of the credential combined with some combination of passwords and biometrics) is desired. Validation of the credential’s authenticity is also key.

The other core step in the management process is the revocation of issued credentials and the subsequent notification of that revocation to impacted systems. Obviously, the days of former employees possessing still-valid credentials are past. Immediate revocation must be enabled to avoid potentially disastrous security breaches. In addition to this obvious need for revocation, many systems are purposefully revoking or suspending privileges of valid identities as a means to cyclically return to the first phase of the identity management process, Verfication. In so doing, the individual is subject to some form of re-verification, such as an updated check of criminal history files or suspected terrorist lists.

While there are many other important aspects to identity management – trust, provisioning, federation – these three cornerstones form the core of the concept. These and other concepts will underlie many of the future discussion in this Physical Security Corner.

Convergence and physical security …

As the importance of identity management was being recognized, so too was the concept that a single individual has many identities within and across an organization. At the core, many individuals have both physical access and logical (or network/data) access needs. Converging aspects of the identity management for physical and logical security affords great benefits in terms of user convenience, process redundancy, and enterprise-wide security.

The melding of the verification, authentication, and revocation processes for physical and logical security has become a major goal and challenge of modern organizations. Previously separate management and organizational structures (e.g. facilities and IT) are striving (sometimes struggling) to share this common ground.

Looking ahead to 2006 …

With these fundamental concepts in hand, we will move forward throughout the next year in our exploration of this new world of physical security. We will investigate core concepts of security systems, delve into specific issues such as maintaining databases for converging systems, and keep a constant eye on the impacts that initiatives such as HSPD-12 and global standardization efforts may have on your campus.

The editorial team at CR80News would like to thank security leader, Lenel Systems International, for the sponsorship that will enable us to bring you this dedicated feature throughout the New Year. Stay tuned. LogoCompare FIPS 201 Products
Research and evaluate FIPS 201 Approved Products and get the latest info on compliant credentialing systems at Click to visit

Related Posts

Subscribe to our weekly newsletter


Kent State autonomous store
May 23, 24 /

Kent State autonomous store uses campus cards from CBORD for entry, payment

Kent State University’s Flash Bistro is a grab-and go store that offers snacks and light meals. These days, the meals seem even lighter as students enter the store, pick up their food, and exit without interacting with a cashier or self-checkout device. With the help of Kent State’s transaction system provider, CBORD, students to present […]
Assa Abloy trade show booth video
May 15, 24 / ,

Entertaining video shows range of lock options from Assa Abloy and HID

Visiting a company’s booth on an exhibit hall floor is often informative, but it is not alway funny or entertaining. But when the tour is led by two of the security industry’s social media leaders, it can be both. In this video from ISC West, Phil Coppola, HID’s Mobile Evangelist, tours the Assa Abloy booth […]
Atrium and Towson autonomous convenience store with zippin
May 09, 24 / ,

Towson University and Atrium discuss new autonomous market

New technology at the Tiger Express convenience store at Towson University let's students walk in, grab products, and walk out without interacting with a employee or using self-checkout. In this CampusIDNews Chat, we get the lowdown from Myron Esterson, IT Manager, Auxiliary Services at Towson and David McQuillin, Vice President of Sales and Atrium Co-Founder. […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Attn: friends in the biometrics space. Nominations close Friday for the annual Women in Biometrics Awards. Take five minutes to recognize a colleague or even yourself.

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.