I’ve recently had a small ponder on the subject of the University’s ID cards and ways to make them more useful, since user experience is something I care strongly about and how we identify people is a big part of that.
Something I’d really like to see is the University have a proper unified access system, after recently talking to a student who carries their ID card and three other completely blank white cards to allow them access to various rooms and buildings. One other staff member sports two white cards (completely blank) and a keyfob on top of their ID card. At one point I carried my student ID card, staff ID card and no fewer than four mysterious blank white cards all issued by various University departments.
Asking someone to carry multiple additional credit card sized pieces of plastic and potentially clip other things to their keyring is over the top when people are already carting around driving licences, debit cards, store loyalty cards and lord knows what else. On top of the sheer quantity of plastic is the inherent flaw in having blank cards – yes they provide no information on which doors they open which is great if they’re lost, but equally they provide no information on which doors they open which is really annoying if you have more than one of them.
I propose that to solve this problem the University replaces all staff ID cards with RFID enabled ones (Mifare 1K cards for preference, the exact same ones as the current mysterious blank white cards). As soon as this is done they issue all new students and card replacements with RFID cards.
A blank white Mifare 1k card, bought in a pack of 100, will cost around 70p. Yes this is more than the current blank cardstock, but the extra expenditure is virtually nothing in the grand scheme of things (you could easily spend 50-60p on giveaway pens). The card externally looks and feels exactly the same, so all of the University’s current information and security features will work, including the barcode to retain perfect backwards compatibility. In short there is no risk whatsoever to existing ID card processes and systems in moving from ‘dumb’ cardstock to RFID cardstock.
Since the new cards follow the exact same standards as the current mysterious blank white cards a person’s ID card can now be treated as a security card. There is absolutely no requirement at all for multiple cards, since in the past I’ve had my blank white cards merged into one. Keep a note of which person each ID card belongs to and should they lose a card or leave you simply look up their name in the system and revoke the card access, then as soon as they get a new ID card you restore their access.
In theory such as system (should our building security sport half-decent interfaces to anything) could even be tied into HR and student information systems, which is where what I do comes in. Imagine that when a student enrolls their card is printed as usual and automatically programmed to let them into the rooms which are appropriate for their course. When a member of staff is issued with their ID card there’s no subsequent waiting for a departmental administrator to fish a mysterious blank white card from a filing cabinet somewhere, they’re simply instantly granted access to their building and office. Finally, when someone moves or leaves their security access is seamlessly updated.
Yes, RFID will cost more (pennies per card), but as far as I can see all we’re going to do is maintain compatibility with barcode based systems, streamline and simplify the building access systems, and since Mifare 1k is a fairly de-facto standard for RFID applications (cashless systems, security, you name it) then we’ve put in part a major part of infrastructure for future developments.
So what do you think? Arguments for and against are more than welcome.
Whilst we’re at it I think all staff should have to wear their ID badge whilst on campus, either round their neck or on a belt loop.
Sounds like a good idea to me. Although, I’m fairly sure extra rooms can be added to the white cards as needed, (Certainly used to be the case – I had one that would open several different rooms) so I’m a bit puzzled as to why anyone would be carrying multiple white cards around. Still, I can see the advantages of an RFID system.
You can add multiple rooms to one white card – the problem is that because it can’t be guaranteed that a person will have one already Security run off a stack of them for specific needs which are then handed out by administrators. I got one for computing labs, one for the robotics lab, one for the LPAC and one for the office and then had to get signed bits of paper from all four ‘owners’ of those cards that they could be merged into one.
My point is that if we can guarantee that everybody has a card which is compatible by default (their ID card) then the process shifts from “give the person a white card” to “sign the form which tells Security to allow their card access”. It’s tidier, easier to manage (Security always have a list of who has access to each space) and more secure.
I agree with Nick.
Hi Nick (and other contributors),
I work for an Access Control manufacturer based in the UK. We cover a huge breadth of technology from barcodes all the way up to highly encrypted proximity cards (Legic) and have to say that all the points you have raised are completely valid. Perhaps more importantly, they can all be easily achieved too.
The added security of being able to control a student or staff members access privileges from PC based software (which can also be used remotely) also streamlines the process. New rooms and areas can be added and removed at will and this in turn provides far higher security that is far easier to manage.
Also, allowing a handful of people access to the software that determines access privileges will stop the possibility or cards being wrongly administered or stolen.
In short, everything you have mentioned is achievable and the scope for such systems (dependent on budget) is huge. The cards can be integrated into pretty much anything. Something neat we tend to suggest is controlling access into university halls with a card and using ‘muster’ reports to streamline fire evacuation procedures. You can also use one card to control your library accounts, vending machines, parking, Time and Attendance at lectures, PC logons…..the possibilities are endless.
The company I work for can cope with most of these possibilities but not all. If you do have any further questions let me know, our developers love a chance to show off and can answer any question imaginable.
Our website is http://www.nortechcontrol.com if you’re interested in learning more.
This is something we’re working towards in my organisation. The biggest (read: most expensive) hurdle we’ve had to overcome is standardising the sheer number of different models of access control hardware (and subsequently their software versions) that have been installed over the years across the estate.
We’re in a reasonably happy place right now where we have settled on a standard and are gradually working to it, this includes a flexible API that we’re actually starting to integrate into other physical security systems. In turn this is generating some brilliant data which we are pattern matching for any anomallies that might indicate a stolen or abused access card.
Nick/Alex – quite happy to discuss the route we went with you any time, as well as the numerous pitfalls we’ve fallen into along the way.