2 Factor Access with Touchless Entry Feature

by Paul Brauss

Abstract

Two Factor Authentication (2FA) is becoming a powerful prevention protocol for thwarting unauthorized access, fraud, and cyberattacks. The physical security world is driving to protect sensitive information, and control staff and the public from accessing restricted areas. There is an increasing need to verify and authenticate user identity.  Adding to the solution in a time of pandemic is a recognition to incorporate a touchless approach to the solution.

INTRODUCTION

A survey of critical infrastructure companies worldwide, including utility, oil and gas, alternate energy, and manufacturing organizations, found that 70 percent had suffered a security breach in the past year, according to the Ponemon Institute report commissioned by Unisys, Critical Infrastructure: Security Preparedness and Maturity.  Many organizations are also not getting actionable real-time threat alerts about security exploits. According to 34 percent of the respondents in the Ponemon study, their companies do not get real-time alerts, threat analysis, and threat prioritization intelligence that can be used to stop or minimize the

impact of a threat or cyberattack.  Cloning cards to gain entry and access to critical points of a company is not uncommon and known to be easy. Any organization that understands risk management understands that an access control system must include a 2-factor protocol and a touchless, handoff approach is gaining a significant foothold.

The Challenges

Aside from video surveillance which is almost always forensic, critical infrastructure companies are relying on analytics for real-time feedback. This, however, does not stop someone who spoofs or swipes a card to enter authorized locations. As the critical infrastructure report recommended, deploying better authentication for applications and users is one way to combat remote attacks, with a call for “strictly enforced user credentials” to protect existing network

segmentation. Bringing awareness of this issue provides transparency into potential risks which can only help strengthen the goal of providing an efficient protection method. Enforced security policies and procedures will aid in reducing card theft and nefarious card activity, but the human

element poses the greatest risk. Relying on individuals to not “share” their cards, or inactivating or other maintenance for lost cards can be cumbersome. The turnover of employees and the temporary status of others only exacerbates the problem. A single line of defense when

considering human behavior and access control alone cannot provide a fail-safe plan.

WHAT IS 2 FACTOR AUTHENTICATION:

Access control systems control doors and locations. To prevent misuse, access control provides a way to monitor, control, and manage a door’s “status.” The access control software can allow or deny a user of the token based on door location, designated timeframe, and authorization privileges.

The inherent security risk in single token presentations is theft, loss, being loaned to another user, or the token cloned to gain access. Facial recognition as a biometric two-factor authentication assures the token matches the face and creates a much more secure environment.

Two-factor authenticators are classified as:

• something you know (Password)
• or something you have (Card, fob, a cryptographic key)
• and something you are (Face, fingerprint, iris scans).

Two-factor authentication assures the user is a valid subscriber. For example, a PIN and access card are not a true and secure two factor unless it is tied to a biometric authenticator. (Roger Grimes KnowB4, Inc podcast)

Facial recognition, like the solution introduced by Blue Line Technology, deployed with access control makes it very difficult to steal and use the entry tokens.

PARALLEL BIOMETRICS VERSUS INTEGRATED BIOMETRICS BENEFITS

In the market loaded with Access control products, the market is changing at a rapid pace with new technologies for an enhanced security platform. Companies are playing catch up to add new solutions for a growing legacy issue. How do you add 2-factor capabilities to the system without major integration changes? It is difficult to navigate through the decisions of access control suppliers for readers that integrate into their systems for visitor management, employee attendance, and door access. The logical choice is biometrics.

The typical biometric capabilities provide the opportunity to add a 2^nd factor to the existing access system. Access control manufactures are quick to point out that a biometric solution can be integrated into their platform.  There is a cost associated with this integration and a cost to maintain the integration. Access control manufacturers constantly upgrade their software with patches and new capabilities. This constant change poses a challenge with integrated biometrics.

The deterrence and behavior modification security experts are looking to achieve include:

1. Combat the cloning devices which have made it very easy and a minimum cost for devices that engineers understand make it simple to duplicate cards.
2. Stop employees that work together from passing cards back and forth to avoid the reporting of a lost or stolen card. In some cases, the expense of replacement is passed onto the employee. With the lost or stolen card, there is always the chance that the card is used in a malicious manner. We’ve all heard of lost or stolen access cards in an office environment. Just consider a lost or stolen card in a much more secure location. For example, Schools, Military bases, Airports, and Hospitals. These are just a few examples but are very critical to a secure environment.
3. Eliminate archaic pin code as an additional security measure. Pin codes have their own challenges, most often the pin codes must be changed or as we have seen in countless applications there is one pin number assigned for all employees.
4. 36 percent of security breach issues originate from insiders
5. Single-factor “time and attendance theft” is equal to 4 percent of overall employee costs due to misuse of cards and employees signing in for each other
6. Can the administration of a 2-factor be made easier? That’s what we at Blue Line Technology asked as part of their VOC (voice of the customer) design process.

Blue Line’s design is simple. It is not dependent on the legacy access system to make the product work. By running a parallel system, the biometrics is much more reliable. The read range, accuracy, and speed of entry are first and foremost. Also, another benefit is you do not have to change the readers that you have in place. The 2nd factor is added in parallel with little to no impact on your existing system. The Blue Line solution is also not bound to any new software updates or patches that may impact your legacy system. One question is what about administering the new parallel system? The initial enrollment is the only time that you should have any major data entry. This can be accomplished in 15 to 30 seconds per person and will need no other changes after that. Once you have the picture you are good. There is an additional benefit by not being integrated into the access system. If you have a legacy issue and your system is inoperative, you can switch to single factor biometrics and continue business as usual until the legacy system is repaired.

Blue Line believes it is much better to interface into all access control products than to integrate into a few!

THE SOLUTIONS…

DOWNLOAD THE PDF >>>