Problem solve Get help with specific problems with your technologies, process and projects.

What are good features to look for in access control software?

When supporting environments with HID card readers and proxy cards, what qualities should control access software have? Identity and access management expert Joel Dubin weighs in on software and implementation best practices.

I can no longer get tech support for the software that runs our control access program. In an environment where we also use HID card readers and proxy cards, what are qualities that we should look for when searching for new software?
Using HID card readers and proximity cards sounds like the cards control both logical and physical security access: the physical controls for access to the facilities themselves, and the logical controls for access to computer systems and networks.

These card readers are contactless, meaning the card is brushed by the reader, rather than inserted or swiped.

Merging logical and physical security is becoming increasingly common because it provides a single point of control for all types of access. An employee's access can be changed globally by making one change to his or her profile in the system. It can also save an enterprise money, since one badge or card is used for all purposes, rather than having separate systems for access to computer networks and facilities.

With that in mind, the software should be compatible with both physical and logical infrastructure. It should mesh with existing identity and authentication management systems, but especially with directory stores, such as Active Directory and LDAP. With an Active Directory shop, for example, it's important not to rip out the plumbing for a system more compatible with LDAP.

The software should also provide for encryption of the authentication data on the cards, both at rest in data stores and during transmission from the HID card readers back to the IAM systems. Depending on the type of system used, make sure the software is compatible with ISO 14443A, the leading standard for contactless cards. This standard defines common protocols for transmitting the data between the card and readers, making it easier to integrate with existing IAM systems. .

The software should also come with a development kit, so it can be customized to meet specific needs and be compatible with the different type of readers.

More information:

This was last published in July 2008

Dig Deeper on Two-factor and multifactor authentication strategies