Keycards for Access Control Systems

Keycards have many different names. There are prox cards, swipe cards, and fobs; you may have also heard of magnetic cards, RFID/NFC cards, and even simple ID cards. Despite their different names and the fact that the technology used varies, their function is always the same: To efficiently and securely grant or restrict access to a certain area.

As the fastest-growing access control company in the U.S., we’ve put together a comprehensive guide of all the main types of access card systems and compared them with other options available on the market.

Hang on, I’ve heard of these! Doesn’t HID make them? If you asked yourself that question, then you’re right! Historically, the main provider of keycards is HID Global—it manufactures, distributes and sells access cards using their proximity readers. Despite being very popular, a major problem of certain types of HID keycards is that they can be easily hacked using $10 devices. That’s because most common cards run on the vulnerable Wiegand protocol, which allows hackers to copy cards and keycards quickly and inexpensively.

Here’s a tutorial on how to copy HID cards. Most of these cards use facility codes that can be calculated using free facility code calculators, like these.

Note that Kisi doesn’t recommend or condone keycard theft. But we want our readers to be informed and know the vulnerabilities of their current systems. Now that we’ve gotten that disclaimer out of the way, let’s dive into the world of keycards!

What is a keycard? How does it work with a reader?

A keycard is a security token that grants you access through electrically-powered doors. These systems require a keycard reader (installed on the door) and you gain access by either tapping your card on the reader (proximity reader), swiping it (swipe reader), or inserting it (insert reader).

With keycards, users no longer need to insert a metal or traditional key into a tumbler lock to gain access. Instead, there is an embedded access credential on the keycard magstripe, or as a chip in the card itself, and this is read by the keycard reader each time you attempt an unlock. If the unique code on your card is recognized by the reader, permission is granted for access.

How does the Reader communicate with the door lock?

Once the reader recognizes the access credential, it then communicates with the door lock. The smart access control reader will be wired to an electric lock on your door and it will send a signal to the lock to start an unlock event. With a good system, the whole process takes less than a second.

Now that you’ve learned how access cards work, it’s time to look at the pros and cons of choosing a keycard system over other types of door entry systems.

Given the disadvantages of keycard entry systems, it's imperative to identify better alternatives that can address these disadvantages. An attractive option would be mobile access control. This means using the credentials on your mobile phone to unlock doors.

Kisi is a cloud-based mobile access control system. This means that, in addition to keycards, users can unlock doors with their cellphones. By using the RFID and Bluetooth chips inside the phone, you can use your phone as you would an access card and tap it to the reader to unlock it.

Moreover, as a cloud-based solution, the management or admins will be able to reap the benefits of having a cloud-based system (as opposed to a traditional local-hosted system). Kisi hosts all the data and offers interesting data analytics and observations.

Get a quote from us and experience the ease and security of a cloud-based mobile access control system.

RFID cards are most widely used in commercial office spaces. These cards (sometimes referred to as 'tags' or 'fobs') can be classified by the range they communicate (low, high or ultra high) and the way the communication happens with the reader (active or passive).

RFID stands for “radio frequency identification,” and that’s the essential technology behind them. They emit identification information in the radio frequency range and the reader will pick up those signals and authenticate them.

As for NFC, that is a set of standards over RFID technology. NFC cards, meaning “near-field communication” cards, are RFID cards that operate over a specific frequency and have a clever bit of engineering that allows them to communicate quickly and securely over short distances.

How are permissions encoded on a magnetic keycard?

Each keycard system comes with a key encoding machine, which will configure the permissions granted to your card. The system should allow you to grant permissions for multiple doors, configure date and time for access, and even the number of times a user can access the space.

All these details are built into a very complicated algorithm, which is written into your keycard’s magstripe. This magstripe contains thousands of tiny magnetic bars, each can be polarized either north or south. Polarizing these magnets creates a sequence that is encoded on your card.

There are other ways to encode a keycard, but those are usually used for corporate spaces. These include newer models that have radio-frequency identification (RFID), or “smart cards,” which contain an embedded micro-controller to handle security. RFID keycards will be covered below.

Your RFID reader can operate on different frequency ranges:

• Low Frequency (LF) RFID operates around 30 KHz to 300 KHz and has a maximum range of 10cm. Your conventional office access card usually utilizes LF range. Prox keys are generally at 125kHz.
• High Frequency (HF) RFID operates around 3 MHz to 30 MHz and provide distances between 10cm and 1 meter. Examples of access cards that use HF RFID are NFC cards, which includes smart cards like MIFARE. NFC cards are a subset of high frequency RFID cards. All NFC cards operate at exactly 13.56 MHz, and this uniformity of communication allows NFC card manufacturers to make the communication more secure and more efficient
• Ultra High Frequency (UHF) RFID ranges between 300 MHz and 3 GHz and reads up to 12 meters. They are typically used for parking solutions or similar wide-range applications

Now that we covered the different types of RFID frequency, there is another parameter to consider. RFID can be distinguished into two broad categories: Passive or active tags (or cards).

• Active RFID tags have their own transmitter (and power source). Active RFID tags are used for cargo, machine or vehicle tracking.
• Passive RFID tags do not require a battery. The reader on the wall sends a signal to the tag. That signal is used to power the tag and reflect the energy back to the reader.

These proximity cards are low frequency 125kHz and fall under the category of passive RFID cards, given that they have no means of getting power.

How do RFID keycards work?

Passive cards have three components sealed in the plastic: An antenna (mostly coil or wire), a capacitor and an integrated circuit (IC), which contains the user’s ID number. The RFID reader on the wall has an antenna, which continuously emits a short range radio frequency (RF) field.

When you hold the card on the reader, the card absorbs the energy from the RF field generated by the reader—the technical term is that it's an induced current. This energy creates (induces) a current powering the integrated circuit, which in turn makes the chip emit its ID number.

The reader sends the ID back to the server closet or IT room, where the main access control system panel usually resides. The sent ID signals that this user wants to unlock the door. The format the reader communicates in is often the Wiegand protocol.

Swipe cards or magnetic stripe cards work by storing data in a magnetic layer placed on a card. This magnetic layer is capable of data storage by altering the tiny magnetic particles—in case you wondered how your credit card works.

Swipe card access which is used in physical security, but also for credit card payment or identity verification. You must pull through or swipe the card through a magnetic reader to be able to confirm the data stored on it, and enable the card access system to do its work.

A swipe card door access control system is a common security solution for premises that need to continually let in and out many same people, such as employees in a large organization. Although the magnetic stripe is the key differential that makes them what they are, swipe cards can contain additional means for storing, reading and writing data, such as RFID tags or microchips. Swipe cards are a convenient and affordable solution to control access, but they usually provide limited security protection that needs to be supported by extra technology or authentication factor to suffice for top security requirements.

How do swipe cards work in access control?

Unlike badge entry systems, magnetic swipe card access systems use magnetic strips at the back of the card to encode data. The magnetic readers' head reads the data when you swipe the card through it and enables access.

This is the most common technology used when you are doing your shopping for groceries, when you pull some cash out of an ATM machine or when you present your license as an ID document on specific locations.

When the card access system is made of a standalone reader, all swipe cards will be connected to that single access control device. This is rarely the case, though, as most organizations need either more cards or require additional security which can be obtained from several units distributed in a network. Network or PC-based card access combine multiple magnetic readers in a joint software that can be used to monitor the access events from all readers from a central point.

Swipe card access control systems have a number of advantages that make them convenient for access control over other technologies, such as RFID or NFC (proximity) cards, smart cards or combination cards:

As the most simple and traditional access control method, swipe card access control has some disadvantages over the alternative forms of access control.

A key fob is a type of access badge or security token. It acts as a wireless remote control device that allows users to access their buildings, offices, and cars. Such key fobs are usually utilized for locations with regular human traffic but requires entrants to authenticate their access, and it does that by initializing the built-in security access system each time the fob is activated.

Key fobs are used in apartment buildings, condominiums, offices and buildings worldwide, which often contain a RFID tag. It operates similarly to a proximity card, where they communicate access credential information (via a reader pad) with a central server for the building. Key fobs can be programmed to allow time restricted and location restricted access to permitted areas. Locking and unlocking a door with a key fob usually only requires you to push a button on your fob. Some key fobs provides two-factor authentication where an user has a personal identification number (PIN), which authenticates them as the device's owner.

Key fobs are an integral component of keyless entry systems, especially in the automotive industry where they are used to unlock your car door from a distance. However, it still requires a physical object to be issued to users before they can begin electronically unlocking their doors. This means that losing your key fob is still a very real possibility that would prevent you from accessing your space, and undermine the security of your building or car.

How Do Key Fobs Work?

The key fob (or wireless remote) usually operates in conjunction with a reader and an electronic lock (e.g. an electric strike). The key fob communicates with the reader using radio wave signals—RFID technology. The reader receives the ID information from the fob, authenticates it, and in turn relays an instruction to your door lock to perform an unlock event if the credentials are authorized.

Both the key fob on your keychain and the access control system have memory chips that allow the fob to work. When the button is pressed on the fob, it sends a code to the door with the instructions as to what the door should do, whether that is to lock or unlock the door. If the code sent to the access control system matches, it will perform that action and unlock the door. The code is randomly generated each time the fob is used.

This code utilizes a 26-bit Wiegand protocol when communicating instructions from the fob to the system. It is a binary code with 256 different possible combinations per fob, and there can be up to 65,535 ID numbers that would work for each code. Matching each code with each ID, you can issue up to 16,711,425 fobs without ever duplicating a user. Programming the key fob is essentially making sure that the access control system and the fob are synchronized so that the door would recognize the codes the fob is sending.

The frequency of the transmitter determines the maximum distance that will allow the key fob to send a code to the door. Quick note: If your fob only works when you get near the access badge, it might be utilizing a simple coil e.g. a 125kHz 'transmitter'. Therefore, it only works near the transmitting coil as the magnetic field decays very fast.

For more information:

http://www.ebay.com/gds/What-Is-a-Key-Fob-/10000000177633636/g

http://www.rfidjournal.com/site/faqs

http://electronics.howstuffworks.com/gadgets/high-tech-gadgets/rfid.htm

http://www.instructables.com/id/How-to-Transplant-RFID-Chips/