When Is Retrofit a Matter of Inches?

Thirty-two inches to be exact. That’s among the differences between ISO 15693 and ISO 14443. Now, before you stop reading, feeling snowed under by those weird numbers, realize that contactless smartcard standards are important and matching an existing standard to an enterprise application can make a big difference to your bottom line and relationship among the users of your card access system.

Both 15693 and 14443 are radio frequency identification (RFID) basics. The former, when packaged for enterprises, is called a vicinity card with read distances of up to three feet. The latter is more a proximity card with a read distance of up to four inches.

And, if you can stand yet another ISO number, 7816, compatible only with 14443, is the internationally accepted family of standards primarily dealing with aspects of smartcard interoperability regarding communication characteristics, physical properties and application identifiers of the implanted chip and data. Vicinity cards are not ISO 7816 compatible.

RFID experts such as Bob Fee of LEGIC Identsystems know that 14443 has garnered more headlines thanks to applications such as ePassports, FIPS-201 and financial payment systems.

ADVANTAGES THANKS TO APPLICATIONS

The U.S. Electronic Passport (e-Passport) is the same as a regular passport with the addition of a small contactless integrated computer chip embedded in the back cover. The chip securely stores the same data visually displayed on the photo page of the passport, and additionally includes a digital photograph. The inclusion of the digital photograph enables biometric comparison, through the use of facial recognition technology, at international borders. The e-Passport also has a new look, incorporating additional anti-fraud and security features. Since August 2007, the has been issuing only e-Passports.

FIPS 201 (Federal Information Processing Standards Publication 201) is a federal government standard that specifies personal identity verification (PIV) requirements for federal employees and contractors. Thanks to the PIV, smartcards grant access to the cardholder to federal facilities and information systems; assure appropriate levels of security for all applicable federal applications; and provide interoperability among Federal organizations using the
standards.

One example of financial applications based on ISO 14443 is the CatCard, the official identification card. All students, faculty and staff affiliated with the university need to carry the CatCard for identification. It features a digitized photo, digitized signature, a smart chip and magnetic stripe. The CatCard also allows a wide range of on-campus services such as meal plans, photocopying, printing, parking, vending machines and laundry.

The card includes a “free read” unique identification (UID) that replaces more personal identifiers for privacy concerns; a smart chip for small amount purchases; and the magnetic stripe for building access and meal plans.

With the popularity of RFID proximity, technology experts such as Fee question if “15693 has fallen from grace or is its prevalent use in competing applications just falling under the current radar?”

When comparing the two international contactless smartcard standards, it is a good plan for security leaders to look at the differences.

Key attributes of both standards:

Both are based on the same radio frequency of 13.56 MHz.
Both provide the same free read of the UID/card serial number.
15693 read range is up to 36 inches while 14443 is up to four inches.
15693 data exchange rate is 26 kbps while 14443 is 106 kbps and higher.
15693 is not compatible with ISO 7816 commands while 14443 is.

Compliancy is a marketing term, contended Fee, so he suggests buyers pay attention to details or seek advice from knowledgeable systems integrators.

WHAT ISO STANDARDS DON’T COVER

Standardization provides multiple benefits including interoperability, multiple sourcing and long-term product availability. While it is important to understand what standardization can offer it is also important to fully understand what’s not specified. Here is where the rubber really meets the road, according to Fee, and where security leaders who simply put out requests for proposals or RFPs without knowing the serious implications could end up purchasing products that are not compatible. Here are key items not covered by the standard.

Encryption is defined by the host application.
Key length.
Key management (e.g., how the “keys” are secured within your company).
Authentication process between reader and credential.
The IC’s memory structure. Some have pre-defined sectors limiting flexibility.
Memory access: How are individual data files accessed? Is a master directory required to be established and managed by someone year after year?
Application data structure.
Conditions for access rights on memory areas.

BENEFITS OF ISO 15693

There are a number of benefits of vicinity cards that fall to the bottom line.

Interoperability (use credentials across entire system).
Multiple sourcing (use various suppliers for same solution).
Long-term availability (you can switch suppliers easily).

Here are additional benefits of ISO 15693 including some manufacturer’s non-standard capabilities to enhance the standard.

Read/write to the credential on the fly (no re-badging to add/delete apps).
Mutual authentication between the reader and credential.
Encryption support including DES, 3DES and proprietary encryption.
Longer read range.
You don’t have to “tap” the reader so it’s great for access control, parking, transit, desks, cabinets, and even water parks for lockers and vending machines.
For the same size antenna the read range could be as much as 50 percent and 70 percent greater distance (vs. 14443).
Better solution for harsh environments where a reader has to have its antenna in metal or a smaller antenna size
must be used.
Data transmission rate that is five times faster than a 125K prox-based system. While the data rate of 26 kbps is less than ISO 14443 typical access control files are small so the lower speed is barely experienced unless a biometric is being used.
Price points are equivalent to or better than ISO 14443 solutions.

WHERE IS ISO 15693 BEING USED?

LEGIC’s Fee believes that there are literally thousands of companies using 15693 in varying degrees of compliancy.

So is the vicinity card a forgotten standard? In truth, it is alive and doing well. It could be the better standard when retrofitting electronic access control to a smartcard approach.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.