Campus ID News
Card, mobile credential, payment and security

Identity Management and convergence define a new world of physical security on campus

Chris Corum   ||   Jan 29, 2006  ||   , , ,

In 2006 a great new feature section will appear in each and every issue of CR80News. Our new Physical Security Corner will explore key issues related to the changing security landscape. Physical security is no longer a standalone “silo” within a campus … it is a vibrant, essential component with enterprise-wide implications.

Key themes running through this recurring feature article will be identity and convergence. That is because these are among the most significant defining features of the modern security landscape. Thus it seems fitting that we explore these two concepts for this inaugural installment of our Physical Security Corner.

Identity and physical security …

The concept of physical security assumes adequate identity management, but unfortunately this has not been the case. To explain this idea, an understanding of the identity management process is necessary.

Identity management can be thought of as a set of processes used to identify an individual within an organization and grant access to a defined set of privileges based on that individual’s unique status. Certainly from the traditional concept of physical security, identity management seemed obvious … we create a badge and the badge holder swipes or presents it to a card reader and is granted or denied access.

True this is a form of identity management, but is it “adequate identity management?” Most agree it is not. There are far too many weak points in the chain. Was the individual’s identity vetted prior to badge issuance? Was authentication conducted at the reader to ensure that the badge’s user is the person it was issued to? Is an effective system in place to revoke access rights for former users, lost cards, etc.?

Questions such as these indicate why adequate identity management must be a fundamental component of any security system. Though identity management has become a cross-industry buzzword and countless definitions are kicked about, key concepts or steps are common. Identity management consists of:

“Verification,” according to the OpenGroup, a standards and interoperability-focused consortium, “is the process of establishing identity prior to the creation of an account that can later be used as an assertion of identity.” It is the background check that ensures that the individual you are about to enroll in the system or provide a credential to access the system is indeed the person they claim to be. Verification can be lenient (e.g. “I am John Doe because I say I am”) or strict (e.g. fingerprint checks, interviews with past associates). The first requirements of HSPD-12, the new U.S. government mandate for standardized secure credentials across agencies, focus on verification of new and existing employees through extensive background checks. Interestingly, a source tells us that a number of existing employees using fake identities have already been uncovered via the process.

The OpenGroup defines authentication as “the process of gaining confidence in a claimed identity.” It is the means by which the person claiming to be “John Doe” is tested to determine that he is indeed “John Doe.” In traditional security architectures, authentication was limited to visual checks of the credential by a guard (e.g. flash pass) or simple possession and presentment to a reader of the issued credential.

In modern identity systems, multi-factor authentication (possession of the credential combined with some combination of passwords and biometrics) is desired. Validation of the credential’s authenticity is also key.

The other core step in the management process is the revocation of issued credentials and the subsequent notification of that revocation to impacted systems. Obviously, the days of former employees possessing still-valid credentials are past. Immediate revocation must be enabled to avoid potentially disastrous security breaches. In addition to this obvious need for revocation, many systems are purposefully revoking or suspending privileges of valid identities as a means to cyclically return to the first phase of the identity management process, Verfication. In so doing, the individual is subject to some form of re-verification, such as an updated check of criminal history files or suspected terrorist lists.

While there are many other important aspects to identity management – trust, provisioning, federation – these three cornerstones form the core of the concept. These and other concepts will underlie many of the future discussion in this Physical Security Corner.

Convergence and physical security …

As the importance of identity management was being recognized, so too was the concept that a single individual has many identities within and across an organization. At the core, many individuals have both physical access and logical (or network/data) access needs. Converging aspects of the identity management for physical and logical security affords great benefits in terms of user convenience, process redundancy, and enterprise-wide security.

The melding of the verification, authentication, and revocation processes for physical and logical security has become a major goal and challenge of modern organizations. Previously separate management and organizational structures (e.g. facilities and IT) are striving (sometimes struggling) to share this common ground.

Looking ahead to 2006 …

With these fundamental concepts in hand, we will move forward throughout the next year in our exploration of this new world of physical security. We will investigate core concepts of security systems, delve into specific issues such as maintaining databases for converging systems, and keep a constant eye on the impacts that initiatives such as HSPD-12 and global standardization efforts may have on your campus.

The editorial team at CR80News would like to thank security leader, Lenel Systems International, for the sponsorship that will enable us to bring you this dedicated feature throughout the New Year. Stay tuned. LogoCompare FIPS 201 Products
Research and evaluate FIPS 201 Approved Products and get the latest info on compliant credentialing systems at Click to visit
Subscribe to our weekly newsletter


May 26, 23 / ,

Penn State adds mobile ordering to campus app

Penn State has added a mobile ordering feature to its comprehensive campus mobile app, Penn State Go. The Penn State Eats Mobile function is available for use by students on the flagship University Park campus, as well as across the university's Commonwealth Campuses.
May 26, 23 / ,

NAU leverages delivery robots to support late-night dining

Northern Arizona is leveraging Starship delivery robots and the mobile ordering app in a clever way to prop up late night dining, and putting a twist on the ghost kitchen concept. The university has launched its Hole in the Wall dining window that now serves either pickup or robot delivery for students by offering a number of dining concepts all from a single, concession-style window.
May 25, 23 / ,

HID's Technology Partner Program helps companies develop mobile solutions

Trusted identity solutions provider, HID Global, has announced its HID Origo Technology Partner Program, the company’s first program dedicated to partners with a focus on mobile technologies. The Origo Technology Partner Program is designed to help technology partners by providing the ideal platform for organizations to design, test, and market products that integrate with HID Origo via APIs and SDKs.
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.