Access badge
Encyclopedia
An access badge is a credential
used to gain entry to an area having automated access control
entry points. Entry points may be door
s, turnstile
s, parking gates or other barriers.
Access badges use various technologies to identify the holder of the badge to an access control system. The most common technologies are magnetic stripe
, proximity
, barcode
, smart card
s and various biometric devices. The magnetic strip ID card was invented by Forrest Parry
in 1960.
The access badge contains a number that is read by a card reader
. The number is sent to an access control system, a computer system that makes access control decisions based on information about the credential. If the credential is included in an access control list, the access control system unlocks the controlled access point. The transaction is stored in the system for later retrieval; reports may be generated that reveal who entered what controlled access point at what time.
The Wiegand effect
was used in early access cards. This method was abandoned in favor of other proximity technologies. The new technologies retained the Wiegand upstream data so that the new readers were compatible with old systems. Readers are still called Wiegand but no longer use the Wiegand effect. A Wiegand reader radiates a 1" to 5" electrical field around itself. Cards use a simple LC circuit
. When a card is presented to the reader, the reader's electrical field excites a coil in the card. The coil charges a capacitor
and in turn powers an integrated circuit
. The integrated circuit outputs the card number to the coil which transmits it to the reader. The transmission of the card number happens in the clear—it is not encrypted. With basic understanding of radio technology and of card formats, Wiegand proximity cards can be hacked.
A common proximity format is 26 bit Wiegand. This format uses a facility code also called a site code. The facility code is unique number common to all of the cards in a particular set. The idea is an organization has their own facility code and then numbered cards incrementing from 1. Another organization has a different facility code and their card set also increments from 1. Thus different organizations can have card sets with the same card numbers but since the facility codes differ, the cards only work at one organization. This idea worked fine for a while but there is no governing body controlling card numbers, different manufacturers can supply cards with identical facility codes and identical card numbers to different organizations. Thus there is a problem of duplicate cards. To counteract this problem some manufacturers have created formats beyond 26 bit Wiegand that they control and issue to an organization.
In the 26 bit Wiegand format bit 1 is an even parity bit. Bits 2-9 are a facility code. Bits 10-25 are the card number. Bit 26 is an odd parity bit. Other formats have a similar structure of leading facility code followed by card number and including parity bits for error checking.
Smart cards can be used to counteract the problems of transmitting card numbers in the clear and control of the card numbers by manufacturers. Smart cards can be encoded by organizations with unique numbers and the communication between card and reader can be encrypted.
Credential
A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so....
used to gain entry to an area having automated access control
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
entry points. Entry points may be door
Door
A door is a movable structure used to open and close off an entrance, typically consisting of a panel that swings on hinges or that slides or rotates inside of a space....
s, turnstile
Turnstile
A turnstile, also called a baffle gate, is a form of gate which allows one person to pass at a time. It can also be made so as to enforce one-way traffic of people, and in addition, it can restrict passage only to people who insert a coin, a ticket, a pass, or similar...
s, parking gates or other barriers.
Access badges use various technologies to identify the holder of the badge to an access control system. The most common technologies are magnetic stripe
Magnetic stripe card
A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card...
, proximity
Proximity card
Proximity card is a generic name for contactless integrated circuit devices used for security access or payment systems. The standard can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards.Modern proximity cards...
, barcode
Barcode
A barcode is an optical machine-readable representation of data, which shows data about the object to which it attaches. Originally barcodes represented data by varying the widths and spacings of parallel lines, and may be referred to as linear or 1 dimensional . Later they evolved into rectangles,...
, smart card
Smart card
A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...
s and various biometric devices. The magnetic strip ID card was invented by Forrest Parry
Forrest Parry
Forrest Corry Parry was the IBM engineer who invented the Magnetic stripe card used for Credit cards and identification badges....
in 1960.
The access badge contains a number that is read by a card reader
Card reader
A card reader is a data input device that reads data from a card-shaped storage medium. Historically, paper or cardboard punched cards were used throughout the first several decades of the computer industry to store information and programs for computer system, and were read by punched card readers...
. The number is sent to an access control system, a computer system that makes access control decisions based on information about the credential. If the credential is included in an access control list, the access control system unlocks the controlled access point. The transaction is stored in the system for later retrieval; reports may be generated that reveal who entered what controlled access point at what time.
The Wiegand effect
Wiegand effect
The Wiegand effect is a nonlinear magnetic effect, named after its discoverer John R. Wiegand, produced in specially annealed and hardened wire called Wiegand wire....
was used in early access cards. This method was abandoned in favor of other proximity technologies. The new technologies retained the Wiegand upstream data so that the new readers were compatible with old systems. Readers are still called Wiegand but no longer use the Wiegand effect. A Wiegand reader radiates a 1" to 5" electrical field around itself. Cards use a simple LC circuit
LC circuit
An LC circuit, also called a resonant circuit or tuned circuit, consists of an inductor, represented by the letter L, and a capacitor, represented by the letter C...
. When a card is presented to the reader, the reader's electrical field excites a coil in the card. The coil charges a capacitor
Capacitor
A capacitor is a passive two-terminal electrical component used to store energy in an electric field. The forms of practical capacitors vary widely, but all contain at least two electrical conductors separated by a dielectric ; for example, one common construction consists of metal foils separated...
and in turn powers an integrated circuit
Integrated circuit
An integrated circuit or monolithic integrated circuit is an electronic circuit manufactured by the patterned diffusion of trace elements into the surface of a thin substrate of semiconductor material...
. The integrated circuit outputs the card number to the coil which transmits it to the reader. The transmission of the card number happens in the clear—it is not encrypted. With basic understanding of radio technology and of card formats, Wiegand proximity cards can be hacked.
A common proximity format is 26 bit Wiegand. This format uses a facility code also called a site code. The facility code is unique number common to all of the cards in a particular set. The idea is an organization has their own facility code and then numbered cards incrementing from 1. Another organization has a different facility code and their card set also increments from 1. Thus different organizations can have card sets with the same card numbers but since the facility codes differ, the cards only work at one organization. This idea worked fine for a while but there is no governing body controlling card numbers, different manufacturers can supply cards with identical facility codes and identical card numbers to different organizations. Thus there is a problem of duplicate cards. To counteract this problem some manufacturers have created formats beyond 26 bit Wiegand that they control and issue to an organization.
In the 26 bit Wiegand format bit 1 is an even parity bit. Bits 2-9 are a facility code. Bits 10-25 are the card number. Bit 26 is an odd parity bit. Other formats have a similar structure of leading facility code followed by card number and including parity bits for error checking.
Smart cards can be used to counteract the problems of transmitting card numbers in the clear and control of the card numbers by manufacturers. Smart cards can be encoded by organizations with unique numbers and the communication between card and reader can be encrypted.
See also
- Access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
- BiometricsBiometricsBiometrics As Jain & Ross point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological data [36]" . consists of methods...
- Card printerCard printerCard printers, often also called plastic-card printers, are electronic desktop printers with single card feeders which print and personalize plastic cards. In this respect they differ from, for example, label printers which have a continuous supply feed. Card dimensions are usually 85.60 ×...
- Common Access CardCommon Access CardThe Common Access Card is a United States Department of Defense smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel.The...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- CredentialCredentialA credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so....
- Door securityDoor securityDoor security relates to prevention of door-related burglaries. Such break-ins take place in various forms, and in a number of locations; ranging from front, back and side doors to garage doors.- Common residential door types :...
- Electronic lockElectronic lockAn electronic lock is a locking device which operates by means of electric current. Electric locks are sometimes stand-alone with an electronic control assembly mounted directly to the lock. More often electric locks are connected to an access control system...
- FortificationFortificationFortifications are military constructions and buildings designed for defence in warfare and military bases. Humans have constructed defensive works for many thousands of years, in a variety of increasingly complex designs...
- ID Card
- IP video surveillance
- Keycards
- LocksmithingLocksmithingLocksmithing began as the science and art of making and defeating locks. A lock is a mechanism that secures buildings, rooms, cabinets, objects, or other storage facilities. A key is often used to open a lock...
- Lock pickingLock pickingLock picking is the art of unlocking a lock by analyzing and manipulating the components of the lock device, without the original key. Although lock picking can be associated with criminal intent, it is an essential skill for a locksmith...
- Logical securityLogical securityLogical Security consists of software safeguards for an organization’s systems, including user identification and password access, authentication, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a...
- Magnetic stripe cardMagnetic stripe cardA magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card...
- Optical turnstileOptical turnstileAn optical turnstile is a physical security device designed to restrict or control access to a building or secure area. Optical turnstiles are usually a part of an access control system, which also consists of software, card readers, and controllers...
- Photo identificationPhoto identificationPhoto identification is generally used to define any form of identity document that includes a photograph of the holder.Some countries use a government issued card as a proof of age or citizenship.Types of photo ID cards include:*Passports...
- Physical Security ProfessionalPhysical Security ProfessionalA Physical Security Professional is a certification process for individuals involved in the physical security of organizations. This certification process is offered by ASIS International...
- Proximity cardProximity cardProximity card is a generic name for contactless integrated circuit devices used for security access or payment systems. The standard can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards.Modern proximity cards...
- SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
- Security engineeringSecurity engineeringSecurity engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts...
- Security lightingSecurity lightingIn the field of physical security, security lighting is often used as a preventative and corrective measure against intrusions or other criminal activity on a physical piece of property. Security lighting may be provided to aid in the detection of intruders, to deter intruders, or in some cases...
- Security policySecurity policySecurity policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls...
- Smart cardSmart cardA smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...
- Swipe card
- Wiegand effectWiegand effectThe Wiegand effect is a nonlinear magnetic effect, named after its discoverer John R. Wiegand, produced in specially annealed and hardened wire called Wiegand wire....