By Jeff Koziol, Business Development Manager – Higher Education, Allegion
It’s critical to have an open and interoperable platform for your student ID cards. As card offices in colleges and universities look to move away from legacy, low-security mag stripe and 125 kHz prox technology, different smart card options present themselves – some more proprietary than others.
Benefits of open credentials
When it comes to the benefits of “open” credentials, not being entirely dependent on a single manufacturer is significant. Proprietary relationships limit your ability to work with different vendors or manufacturers. As a result – due to lack of competition – vendor complacency and business breeds entitlement. With proprietary systems, dissatisfaction in a vendor’s quality, delivery, pricing, service or support may be difficult to overcome and fork-lifting carries a hefty price tag.
Alternatively, in an open or non-proprietary environment, competitive forces keep your vendor partners peaked to meet or exceed your expectations, breeding continuous improvement. If they don’t, they are in danger of losing your business to whatever eager vendor is next in line to earn and keep your business. This is the root of the “three-bid” policy that many public and private campuses require on large projects.
What’s more, open credentials provide a level of interoperability that closed, proprietary credentials do not offer. Open credentials are designed to an industry standard and supported by a variety of manufacturers and vendors to give you the ability to select the best-in-class options for your applications.
In the campus card market, this is critical, given the need to address all use cases touched by the student card. Vendor “A” may be the desired reader by a campus for door access applications, while Vendor “B” is the more desirable reader for POS, copy/print, laundry and vending applications. With open credentials, you can include both vendors in your ecosystem versus being entirely dependent on the proprietary vendor.
Supply chain challenges
As many have learned firsthand over the last 12 months, supply chain issues can impact different aspects of our lives.
We all likely have toilet paper shortage stories to share, or more recently, seen droves of near empty new-and-used car lots. And it’s the latter issue that points to a broader shortage. Most of those near empty lots are directly related to the supply limitations of chips and circuit boards that have become a vital part of today’s modern automobile.
Those in the higher ed space have seen the challenges that limited chip and circuit board supply creates for the availability of smartcards, card readers, electronic locks and access control panels. Lead times for many of these products and solutions have been extended from days to weeks to months.
This new phenomenon of supply chain issues has shed light on a much larger benefit: the ability to lean on multiple manufacturers in situations where obtaining credentials can be challenging.
How do we get there?
One starting point is to move toward an open system. There are four key areas to consider: chip types, encryption keys, diversification method and card format.
Consider moving to an industry standard like ID cards with embedded DESFire chips from NXP, the most dominant ID card chip supplier. There’s no doubt they serve billions, given the number of cards deployed in the major geographical markets. To do that, they have thousands of partners who offer ID cards and various readers to authenticate with those cards. But moving to NXP DESFire cards alone does NOT get you there.
It is highly suggested that campuses considering NXP DESFire move in the direction of having a custom encryption key and be able to take ownership of the encryption key upon request, should the campus have the means to protect and store it.
Beware of manufacturers’ “default” keys, which are used across a variety of distributors and end consumers and will NEVER be shared in any circumstance. Default encryption keys essentially put you right back into that proprietary vendor arrangement.
Other potential challenges include the key diversification method and the bit format in which the cards are produced. Ensure the key diversification method being used by the vendor is documented by NXP and is supported by other NXP partners.
It is recommended that you suggest a bit or card format providing a balance of available facility codes and badge IDs. Larger campuses will require a greater range for the badge ID, given that they may turnover up to 20,000 new cards each academic year and this technology may be in place for 10-12 years.
Whatever you select for your card format, make sure it can be supported by all readers and devices part of your campus ecosystem and the software that will manage them. Many software companies that work with binary (bit) data allow the campus flexibility to set up different card formats with different bit structures.
Here are some basic, but poignant, questions you can ask to best evaluate card technology options for your campus:
- I know I can get my cards through multiple distributors, but is there only a single manufacturer for these cards?
- How can we maintain a competitive sourcing arrangement for pricing and delivery?
- Can our campus ever take possession of the encryption key?
- To what industry standard is that encryption key developed?
- Is the ecosystem of reader partners limited in number, limited to using proprietary reader modules or completely open to any DESFire partner?
While we look forward to when supply chain issues no longer dominate world and industry news, it isn’t a guarantee they won’t appear again in the future.
Open credentials have always offered a competitive balance to the campus customer by being interoperable to a wide range of ecosystem partners. But now we must also consider a previously overlooked advantage: Non-proprietary campus credentials offer the flexibility to acquire materials from multiple supply sources to keep your card offices stocked and ready.
Of course, there’s always the mobile credential discussion. But we’ll save that for a future article.