|
||
|
|
|
              |
|
 |
 |
|||||||||||
|
 |
|
|||||||||
By William Van Winkle |
|||||||||||
Last month, we took a deep dive into the waters of IP video surveillance. We looked at that segment’s 40+ percent growth rate and many of the hardware considerations involved, including cameras, video servers, network bandwidth, and surveillance storage machines. As usual, our coverage was lengthy—OK, nearly encyclopedic. But believe it or not, we still left out a lot of important material, not least of which was the entire field of digitally-based physical security beyond IP surveillance. From smart cards to finger scans, this is a field that can often be sold hand-in-hand with video surveillance. If the idea of physical security is to protect personal or business assets, then it makes sense to offer buyers solutions that address more than what cameras alone can provide. |
|||||||||||
|
Obviously, action and espionage films have done much to popularize the idea and imply that physical security is a huge, grossly expensive affair that only a military agency could afford. And it’s true that most activity in the digital physical security space has revolved around government and enterprise groups. But this is changing quickly, and the push is on now to bring enterprise-level security down into the SMB world. You know the drill: Cool tech, falling prices, and new market segments equal a very big opportunity for channel resellers. In a nutshell, physical security boils down to protecting assets and responding to intrusion attempts against them. As we noted last month with IP cameras, video surveillance doesn’t do much to protect assets directly, but it definitely aids in the detection of and response to intrusion. Protection can be divided into environmental and mechanical fields, with the former covering everything from castle moats and razor wire to outdoor lighting and hungry dogs. We’re not here to counsel you on hungry dogs. When it comes to reseller involvement, we draw the starting line with mechanical protection—essentially doors and locks—with the one criterion that it be something that it involves the network. If there’s no LAN or computing element, then you’ve got no value to offer beyond the guys who’ve been selling such equipment for the last several decades. In fact, those are probably the guys you want to partner with as you push into physical security. Your job isn’t to replace or install locks. Your job is to help IT managers control those locks and make them part of a broader data-centric solution. Obviously, physical security, even the IP-based part of it, spans many smaller fields. As your proficiency in physical security grows, you may decide to tackle site analysis and consultation on things such as cleaning staff management and integrating enhanced 911 capability into large deployments. Depending on your general clientele, it may make sense to become an expert in ISO/IEC 27001:2005 (see www.iso.org), the only international standard for IT security techniques and management systems. This spans everything from the creation of a company’s security plan through physical security deployment and out to compliance with regional and industry standards, such as HIPAA and Sarbanes-Oxley. Becoming fluent in ISO 27001 not only distinguishes you but also gives your clients a competitive advantage because they can advertise having superior safeguards in place for customer data. But again, this drags us away from the core business of devices that move IP packets. A much easier way to crack the physical security market is with site analysis and securing the network. Software and firewall appliances naturally play a big part of this, but your service could involve things as simple as identifying and disconnecting open LAN ports or implementing MAC address filtering. Wireless LAN service may still be running with WEP encryption or, even worse, no encryption. And showing clients that you’re able to lock wireless doors puts you a lot closer to working with other elements of the company’s physical security. Also, keep in mind that security is a never-ending affair. You don’t just perform one site analysis, fix some issues, and forget about it. Customers need periodic checks that their security measures are remaining effective and that the applications fueling those measures are delivering as much ROI as possible. Physical security is a segment rife with long-term revenue opportunities. Rather than try to take on the whole physical security space, we’ve picked a handful of bright spots that represent either rising trend waves suitable to the whole market or niches particularly suited to channel resellers. If you’re not selling physical security yet, these may be some of your best bets for digging in.
Get Smart We’ve heard about smart cards for almost 20 years, but the technology would seem to still evade most businesses. Smart cards are often credit card-sized (85.60 x 53.98 mm) devices with embedded circuitry able to process data. Some smart cards are little more than non-volatile flash memory devices; the rest contain volatile memory and processing capabilities. There are also two methods for reading smart cards: contact and contactless. With contact cards, you have a gold contact pad, usually about 1cm square, that makes contact with various leads in the reader machine. Contactless systems (also called NFC for near field communications) rely on RFID communication based on one of two standards: ISO/IEC 14443, which works up to a distance of 10cm from the reader, and ISO/IEC 15693, which handles distances up to 50cm. If you’re one of the many who presume that smart cards, like e-cash, were a failed idea of the ‘90s, think again. The SIM card in your cell phone is a contact smart card. You know that little MasterCard PayPass pad you run into at Arby’s, McDonalds, Jack in the Box, Walgreens, CVS, 7 Eleven, various movie theater chains, and other locations? Those all use ISO 14443 contactless smart cards, although it’s telling that MasterCard seems to avoid using the term “smart card” in its marketing. Visa’s Visa Wave contactless card is the same sort of affair, although the product is still mostly used in Europe and Asia. In December of 2005, however, Visa launched a contactless pilot program at Atlanta’s Philips Arena using contactless-enabled Nokia 3220 cell phones. The downside of contactless approaches is that there is usually no way to tell if the card (or phone or fob) holder is the actual account owner. This is less of a problem with stored value smart cards, which tend to be of the contact variety. But the upside is speed of transaction. Rather than hassle with passing and swiping a card, the owner simply taps his contactless card against the reader. Vendors rarely require a signature for any transaction under $25.
“The most prevalent card type in the U.S. is a proxcard, short for proximity card,” says Ram Ramaprasad, director of product management at Zebra Technologies. “These are the cards that get used for access into buildings. You hold the card up to the reader and the door opens. Those readers are available from a lot of different manufacturers today. The encoder comes from a company called HID, and they’re very big in that space. There’s a new technology, as well. You’ve probably heard of RFID Gen 2. For example, Wal-Mart and the U.S. military are implementing it for tracking things, materials. We’re putting it in our cards too. The advantage is that those cards can be read from a distance of 20 to 30 feet. So when you come into a building, a picture of you can flash up on the security guard’s or admin’s screen for comparison against what the guard sees on his camera monitor.” One of the best, simplest examples around of smart card usage is the CharlieTicket and CharlieCard employed by the Massachusetts Bay Transportation Authority. The CharlieTicket is a paper ticket with a magnetic stripe that allows mass transit passage either for a set period of time or through deduction from a value stored on the card. (CharlieTickets can also be reloaded with more currency value.) If you’ve ever used a gift certificate card a la the ubiquitous Starbucks plastic, you get the idea. CharlieCards operate in much the same way, only they are plastic cards with embedded contactless smart card technology, so they can simply be tapped against fare collection pads. Smart Solutions So how do you get started with smart cards in the SMB space? Banks, arenas, mass transit, fast food and cinema chains—these are fine but not exactly SMB bread and butter. You can read headlines from smart card industry association Eurosmart forecasting 16.6% growth for 2007, representing well over 4 billion smart cards shipped, but this loses some luster when you read on to find 200 million of these are Chinese ID and transportation memory cards, over 400 million are banking cards, and so on, never mind the mountains of SIM cards sold annually. Only when you read the final fine print in Eurosmart’s release do you see that the 500 million anticipated contactless cards for next year do not include physical access control cards. In this last point, we have a solid lead toward a channel solution. Certainly, you can turn to the likes of ViVOtech (www.vivotech.com), one of the world leaders in contactless smart card products. The company excels in smart card solutions for cell phones, and don’t miss the ViVOpay OEM, a bare reader supporting ISO 14443 and other contactless standards that mounts into custom POS and kiosk enclosures. This is a hot path if you deal with retail accounts plagued by high traffic concerns.
A name you might be more familiar with is security and encryption titan RSA, now owned by EMC. RSA started as an encryption algorithm devised in 1977 and ushered in the era of public/private key security, initially meant for safeguarding messages. Part of RSA’s extensive product portfolio includes its Smart Card 5200, a white, printable PVC card with embedded 64KB EEPROM, 8-bit CPU, and the ability to use several cryptographic protection schemes. The contact cards can store up to five RSA SecurID Software Token seed records and up to three biometric templates. These cards dovetail with RSA’s line of smart card readers, some of which incorporate two-factor authentication with smart card insertion plus biometric fingerprint capture. At this point, we’ve left talking about retail applications and moved into physical access security. Physical access often entails the authentication of at least two factors based on any of three things: what you have on you, what you know, or who you are. Without validation of these, you won’t be granted access to a system, through a door, etc. ATMs use two-factor authentication all the time—a bank card (what you have on you) plus a PIN (what you know). RSA’s SecurID system combines a username with a PIN and a code generated through RSA’s algorithm. This code is displayed on the RSA smart card or token. Users can be periodically prompted by the RSA-compliant access software for a new “tokencode”. The user simply looks at the token’s display, which shows a new code every 60 seconds, and enters it. Because the token is using the same algorithm as the control application, this functions like a public/private key system and preserves the system’s security. The SecurID product line is extensive and best suited to medium and large businesses ...more |
|||||||||||
 Back to top
|
|||||||||||
Copyright © 2007 RAM Magazine. All rights reserved.
Do not duplicate or redistribute in any form. |
|||||||||||
