text 7 Aug Is Our Government Fooling Themselves?

I recently read an article published by an industry magazine informing its readers that the new government standards for access control will require the use of smart cards along with either proximity, pin pads, or all the above.  This move was to insure that whoever needs access is who their credential says they are.

The Problem
The problem is that the use of smart cards takes away the decision making from the Access Control System.  Here is how the smart card process works.

  1. A person swipes their Smart Card.
  2. The Same person places their finger or hand on the biometric reader
  3. The reader then compares the data from the biometric read to the data from the card
  4. If there is a match then it passes the o.k. to swipe the proximity or dial the pin pad.

The issue lies in the whole smart card process.  Everyone knows that a proximity card can be duplicated, and a pin number can be lifted.  How long do you think it will take someone to recreate their own smart card to house their print?  Chances are, it has already been accomplished.

The Solution
Government facilities, or any other high security complexes, should use biometrics as a piece of their access control credential requirements; however, they should not use smart cards.  A more secure method is to evoke the whole process with the proximity reader.  Here is the correct process:

  1. A person passes their proximity card next to the proximity reader
  2. The Same person then places their finger or hand on the biometric reader
  3. The Access Control CPU compares the data from both readers with the stored data in the database.
  4. If there is a match then it passes the o.k. to dial the pin pad or opens the door.

The main difference is what is deciding if the biometric data is correct.  By using a database instead of a smart card reader, chances of passing a forged credential is severely minimized.  Someone could still hack into the database and change the record entry in the biometric table; however, then the IT department gets involved and yet another set of road block are set up.

Final Thoughts
It is nice to find that our government is upgrading their standards as far as ESS is concerned; however, I just hope they do it properly and the article I read was wrong.


Design crafted by Prashanth Kamalakanthan. Content powered by posterous.