We all know key cards — they’re rectangular, plastic door-openers that make crummy boomerangs. They occasionally cause anxiety attacks when they get misplaced or fall into the wrong hands.
Though mobile access security is the “new kid on the block” and poised to surpass key cards in popularity, right now, key cards are the workhorse of commercial access control.
But what exactly makes a key card secure?
Understanding Key Cards
You sit in front of a computer screen. A dialogue box asking for your username and password pops up, followed by a jolt of excitement as you recall when you harnessed your creative muse and created your username and password – PirateJohn72, Password123. Pressing the keys with a bit of extra zeal, you type your name and password. Access granted. You’re inside your computer.
A key card works in a similar way.
Credentials — or security tokens — which have been programmed into your keycard interact with the card reader. The reader then transmits credential data to a controller for authentication. If the credentials match, the door unlocks as part of the key card entry system.
Key cards and readers come in all different shapes and sizes; these include:
- Proximity cards
- Swipe cards
- Smart cards
- Weighted cards
Access Control Key Cards often use passive key cards. Under the key card’s white coating, there are three featured parts – an antenna, a capacitor, and an integrated circuit. The integrated circuit contains the unique user identity (PirateJohn72, Password 123).
RFID vs. NFC Tech
Modern commercial access control systems are dominated by two types of technology:
- Radio Frequency Identification (RFID)
- Near-field Communication (NFC)
These are the “messenger” signals trying to link a user’s identity with the building or suite credentials. But what’s the difference between these technologies.
What is an RFID Door Entry System?
RFID cards — commonly called “tags” or “”fobs” — predate NFC technology. RFID cards interact with electromagnetic interrogation pulses given off by nearby RFID readers. The card transmits its token to the reader, which passes it to the controller and the controller evaluates the credentials.
RFID signals come in different radio frequency ranges as well – low, high, and ultra-high – and communicate with card readers either actively or passively.
Though RFID cards still appear in many commercial office spaces, they are prone to attack. When the technology first arrived in the 1990s, users often worried about their privacy and security. The development of cheaper technology and hacking devices has only exacerbated the concern. A majority of physical access control systems still use low-frequency, 125KHxz proximity cards. Additionally, hackers have had plenty of time to identify and exploit potential flaws in the technology.
Fun Fact: Apart from access control, RFID microchips are occasionally implemented in livestock and pets for identification purposes.
What is an NFC Door Key Card Entry System?
Near-field communication (NFC) is an emerging security technology created in the mid-2000s by Philips and Sony. It has quickly risen in popularity in access control systems. Like RFID, NFC employs radio signals. These signals are more advanced and secure than the RFID predecessor.
A major difference between the two technologies is the transmitter. Instead of a physical key card, NFC transmitters are often smartphones, though NFC cards exist. Apple Pay and Google Wallet are popular apps using NFC technology.
Threats to NFC and RFID Cards
As discussed, RFID cards come in different ranges. Low-frequency RFID cards are prone to hacks. Despite their limited range, signal boosting devices have been known to cause security risks.
Electromagnetic interference also causes issues for RFID and NFC cards. If a malicious party locates the radio signal being broadcasted by the reader, a cloned keycard can be created using the frequency.
The major drawback to NFC security is its range. It operates four inches from the reader, whereas RFID readers interact within a range of a few feet. These NFC radio waves propagate in the vicinity of the reader and not just to the wanted receiver Therefore, it is possible for unwanted users to pick up the signals.
The Dawn of Bluetooth Low Energy and Mobile Access Control
It may come as a surprise, but hardware-based access control systems often put buildings at greater risk. Real-time security data is more difficult to gather with a hardware-based system. Mobile access control is a different story.
Bluetooth Low Energy (BLE) systems use soft credentialing, like digital keys, to facilitate heightened security.
But the most important difference among BLE, NFC, and RFID systems is their communication process. Unlike the other two technologies’ readers, which broadcast radio waves, BLE readers remain idle. The reader waits for the signal from the access key. When a key comes into contact, all the data passing from the phone to the reader gets heavily encrypted. Perhaps, even more importantly, a BLE system remains functional even during a power outage.