Until the 1980s, access control and surveillance in companies and administrations was managed by humans. The security of sensitive areas was reduced to a system of locks and the discretion of a guard. As history has taught us, humans are not infallible, especially when it comes to controlling and filtering access for hundreds of employees with unsecured keys or passwords that can easily be exchanged or lost. It is therefore not surprising to have seen the development - and rapid deployment - of identification and access control technologies.
This growth has been made possible by innovative technologies such as secure badge readers, magnetic stripes or more recently UHF cards.
Let's take a look at the evolution of these technologies since the 1980s.
Scanning technologies, the first revolution in access control.
Unlike traditional lock systems, scanning technologies such as magnetic strips allow you to know exactly who is accessing which area.
Each magnetic badge has its own identifier that can be read by a card reader. This technology makes it possible to efficiently and simply filter the access of individuals to the various secure areas of a company or an administration. It is no longer necessary to have a guard or a video surveillance system to know who has entered where and when. In addition, using a badge is much simpler and faster than manually entering a code each time you change workstations or areas.
Magnetic stripe badges are widely used, but they have several inherent flaws that make them an obsolete technology in terms of security.
Firstly, they require physical contact. In addition to being laborious, this means wear and tear on the badges and therefore additional maintenance costs.
In addition, magnetic tapes can only store very little data, usually a unique identifier.
This identifier is not encrypted, which in the 1980s was not a problem because you had to have the card to be able to read or copy it, but today represents a major security flaw.
The 1990s: The advent of contactless technology.
The development of RFID technology - notably with the invention of passive radio tags - has enabled the advent of contactless access badges. During the 1990s, the world of access control was dominated by PROX (Low Frequency Proximity) technology. It offered several advantages over magnetic strips.
Firstly, physical contact between the badge and the reader is no longer required, which reduces wear and tear on the hardware, cutting costs and time spent on system maintenance.
Secondly, this technology is not limited to badges and access cards. It can be implemented in various objects such as key rings, offering more flexibility.
However, it retains some of the shortcomings of previous technologies: the use of low frequency (125KHz) offers a low data transfer rate (1kb/s) and a low storage volume (unique identifier of 96 to 128 bits). In addition, the identifier is not rewritable. The low transfer rate still does not allow for data encryption.
Smart cards, the second revolution in access control.
The 2000s marked the arrival of contactless smart cards using high frequency (13.56MHz). This evolution of the PROX technology is a real leap forward that addresses the main shortcomings of traditional contactless cards, namely storage volume and data security.
The use of high frequency offers a data transfer rate of 25 kb/s. This allows the integration of more advanced features such as data encryption. The reader and badge contain a set of cryptographic keys for mutual identification.
Another advantage of smart cards is that they can store a range of data (rather than a unique identifier). This data can be read and written, which means that the badge identifiers can be changed without changing the badge itself.
The increase in storage capacity has opened the door to the use of more complex applications such as contactless payment and biometric identification.
Since their invention, contactless smart cards have evolved considerably. These are now called second generation smart cards. They contain microprocessors and cryptographic coprocessors for optimal flexibility and security of use. In addition, identification systems now use international standards (ISO, NIST) that are constantly updated for optimal protection.
Conclusion
The world of access control has evolved enormously since the 1980s and continues to do so in order to keep pace with the new security and application needs of businesses.
It is important to note that the new access control technologies have not replaced the old ones. Indeed, many cards still use magnetic stripe systems today. However, the identification system must be adapted to the level of security required. Scanning technologies are inexpensive but very easy to hack with current technologies.
It should be borne in mind that the security of an access control system is limited to that of its most vulnerable component. For optimal security, it is therefore necessary to regularly upgrade the hardware.