Smart Card Solutions for Higher Education

Transcription

1 Smart Card Solutions for Higher Education Helping Universities Maximize The Value Of Their One Card Solution Did you know contactless smart card solutions from HID Global can: Significantly reduce fraud. Cut registration lines in half as compared to magstripe cards. Provide student ID cards that last an entire college career. Eliminate the need to carry multiple cards for various campus needs. Overview Educational institutions face increasing security threats along with shrinking budgets and intense pressure to cut expenses across all levels and departments. Colleges and universities must keep their campuses safe in as cost-effective manner as possible. At the same time, each school has its own set of unique requirements and challenges, requiring flexible system architectures that satisfy today s demands while providing the foundation to meet future needs. HID Global solutions and services for educational institutions are developed from the ground up to solve these challenges and give security officers the confidence that their infrastructure can protect students, staff and faculty for years to come. Solving the Magstripe Problem The majority of today s colleges and universities use magnetic stripe (magstripe) cards as their primary technology. Unfortunately, magstripe technology typically uses little or no security protections, and more and more universities who use it are seeing a rapid increase in fake student ID cards. While administrators may be tempted to upgrade only to lowfrequency systems, this still leaves them vulnerable without delivering significant cost savings or an easy migration path to future capabilities when needed. The best option is to migrate all the way to contactless high frequency smart cards, which combine improved security with the convenience of being able to use a single card for multiple applications, including secure debit and payment capabilities. The expense of moving to contactless smart cards is outweighed by the long-term cost savings from greater convenience, less maintenance requirements, and improved management efficiencies as compared to magstripe, along with the ability to preserve access control infrastructure investments well into the future. The University of Arizona migrated from magstripe to contactless smart cards with higher security encryption technology. According to Stephanie Perez, the university s assistant director for CatCard Services in the Financial Services Office, moving to smart cards has eliminated the problem of magstripe damage and demagnetization that is common with high usage. The smart cards can support up to 26 applications and are now used for safe and secure keyless access throughout the campus in dorms, research facilities and various other buildings, as well as departmental ID verification and meal plan purchases. In the future, Perez says the university plans to add single sign on logical access, e-ticketing, campus voting, exam and class attendance, and explore enhanced smart phone applications.

2 2 Don t know where to start with your migration project? It s easier than you may think. Migrating from old to new systems is simple, affordable and manageable using multi-technology cards and readers that limit disruption to day-to-day workflow. Universities can retain their existing student ID and issue code numbering system as they move to new, contactless smart card platforms such as HID Global s OMNIKEY readers, which support any smart card for any application on any computer. HID Global can guide you through the process, helping to solve today s problems while planning ahead for tomorrow s needs. For instance, many universities may want staff and students to be able to open doors with their phones in the future. For these institutions, HID Global offers its iclass SE platform, which supports contactless smart cards and also includes new Seos digital credentials that can be carried on cards as well as NFCenabled smartphones. Based on open standards for improved flexibility and interoperability, the iclass SE platform improves security through a combination of mutual authentication and cryptographic protection mechanisms with secret keys, and a secure messaging protocol that is delivered on a trust-based platform within a trusted ecosystem of interoperable products. iclass SE also makes it possible for NFC-enabled smartphones to carry digital credentials for opening doors and other applications, with enhanced security and convenience. One of the greatest benefits of the iclass SE platform with Seos credentials is that any piece of data can be supported, including data for access control, cashless payments, biometrics, PC logon and many other applications. According to Ed Chandler, chairman of the independent security consulting and engineering firm Security by Design, Inc., this ability to support multiple data types is crucial for enabling systems to control utilization of many valuable assets both today and tomorrow. For instance, in cashless vending applications, a monetary value added to a Seos-based smart card can be adjusted each time the card is read during kiosk purchases. For more costly items such as those purchases in a campus bookstore, the card can be tied to a debit system managed by a third party. In a cafeteria, cards can be configured so purchases can only be made up to an authorized maximum level according to the user s meal plan. The cards can support other types of purchases, as well, including accessing fee-based document printing resources at a campus copy center. Once a secure, flexible and extensible reader platform is chosen, it is also critical to consider the secure issuance pieces of the smart card solution. Today s printers, card materials and software deliver the highest security by incorporating critical visual and logical technologies for trustworthier authentication and to help deter tampering and forgery. The latest software also makes it easy for administrators to synchronize card encoding information with the student enrollment database, eliminating the possibility of errors while simplifying future changes that might be required. Hardware choices range from Direct-to-Card (DTC ) solutions to High Definition Printing (HDP ) retransfer technology. HID Global s FARGO HDP printers exemplify the benefits of HDP printing technology. Unlike traditional DTC printers, HDP printers actually print a high-resolution image to a transfer film, which is then adhered to the card. This process not only provides for exceptional image quality, but also eliminates the possibility of print head damage caused by direct contact with the card s contact chip. HDP printers produce crisper, higher-definition images than DTC printers, on cards made from a

3 3 variety of materials, including those with embedded electronics. Designed to reduce misprints and waste, HDP units also feature high reliability and durability, a modular design and fast print speed. Better Ways to Badge A secure and efficient printer/encoder solution is critical for issuing student ID cards, even and especially during the busiest periods at the beginning of each term. Students don t want to stand in line for hours during registration, only to be told that they must come back tomorrow to get their badge. Additionally, industry experts like Security By Design s Ed Chandler say that cards needn t be issued every year each card should be issued for the life of the student s involvement with the institution. Today s printers, card materials and software work together to solve today s challenges, delivering fast and efficient instant issuance capabilities while also optimizing card security by incorporating visual and logical technologies for multi-layered validation. HID Global s smart card solutions help you to stay ahead of, or even eliminate, those long lines every semester, making the whole experience quick and painless for you and your students. And while some university card services teams may be nervous about printing smartcards, it is not very different than printing magstripe cards, with very similar workflow processes. Whether a DTC or HDP printer/encoder solution is selected, make sure that it features a small footprint so it can be installed wherever needed. Another prerequisite is ease of setup and use. Secure issuance solutions should be intuitive and require little or no training. Printers should also be field-upgradable so they can meet new requirements, as student ID system needs change and evolve. And finally, select a software application that supports multiple uses, and features easy-touse card templates that streamline the card creation process, including synchronizing all data used in the card. HID Global addresses these and other considerations, with a combination of printer/encoders, technology and non-technology cards, and card personalization software. Efficiency features like the Live Link TM toolset in HID Global s Asure ID Exchange software enable real-time data communication with most third-party database applications, simplifying the job of setting up external database linking. To explore these capabilities, sign up here for an Asure ID trial and see how easy it is to get started on a card issuance project. It s also important to consider the trade-offs of going with a low-end printer vs. one that may cost more initially, but reduces expenses over time. For instance, high-throughput solutions such as HID Global s HDP8500 industrial card printer can run operations in parallel, speeding issuance by encoding one student s card while it s printing another. The HDP8500 also supports both centralized and distributed printing, so universities can pool two or more desktop units at the card services office for large-volume, centralized card runs, as well as individual units at locations such as residence halls where authorized users there can print cards and issue them to students. This can alleviate long card pickup lines while improving student convenience. Another good investment is printers with built-in programmers/encoders, which combine what previously were multiple processes into a single in-line card personalization step, significantly boosting issuance speed, convenience and efficiency. With this approach, only one automated step is required to synchronize pre-programmed data on the card s electronics with personal data printed on the outside of the card. Users simply submit a card into a desktop printer equipped with an internal smart card encoder, and the card is personalized inside and out. This speeds issuance while eliminating the risk of human error during manual entry, which can lead to large numbers of cards being thrown away. Field-upgradable units enable universities that already own a card printer to add an encoder in the field so they can leverage smart card benefits well into the future. When

4 4 they re ready to maximize their smart cards functionality, they ll already have the smart issuance part of the equation figured out. There are also other ways to speed operations. One is to pre-print cards with some of the required information ahead of time, either in-house or using a service like HID Global s Secure Identity Services. The remaining items can be printed at the time of issuance using faster, partial-ribbon printing. These static, preprinted items can include the school seal, logo, mission statement and other visual security elements (VSEs) such as higherresolution images and holographic card overlaminates, as well as permanent laser-engraved personalization attributes that are difficult, if not impossible, to forge or alter. Universities can also enable incoming students to upload photos in approved formats ahead of time. Some campuses upload card information while students are standing in line using tablets and other mobile devices. Also, by printing all static information on one side of the card ahead of time, the balance of printing can be done on one side only, further reducing print time as well as the expense and space required for installing a card flipper for dual-side printing. The University of Arizona has found that single-sided, partial-ribbon printing not only saves time, but also significantly cuts ribbon and retransfer film costs. The card services office preloads new students information into its ID management software, and then encodes cards after printing, which takes approximately 30 seconds. In the future, the university plans to use inline personalization so it takes only a single click during the print cycle, and the card is personalized and ready for use. Logistical enhancements are also important for the card services office. This can include positioning customer service reps inside the door and optimizing floor layouts for visibility and traffic flow. By implementing these and other best practices, card offices can reduce student lines, and print hundreds of cards a day using just two highly efficient printers. Whatever your specific needs, HID Global has the broad product selection and extensive expertise to help turn today s monumental campus ID badging process into a streamlined and error-free experience for staff and students, alike. Visitors Must Also Be Considered Students, faculty and staff aren t the only people on campus -- any university physical access control system platform must also support visitors. Proper visitor registration is one of several important security safeguards that all colleges should address, and protecting campus residence halls is of particular concern. HID Global s field-proven and time-tested visitor management systems keep students and staff safe, while also reducing the cost of theft, vandalism and other risks associated with unauthorized guests. Visitor security at college campuses begins with knowing who is visiting the different buildings on campus and the purpose of their visit. How this is accomplished will depend greatly on the type of environment. For instance, managing visitors professionally and securely in an open campus environment is very different than in single-entry environments, and yet just as important if not more. And because most college campuses are open environments, with many people moving about the campus, it can be very challenging for administrators to monitor visitor and guest activity. Nevertheless, it is critical to control access to residence halls at all times, and to be able to set access restrictions during specified hours, or to implement campus-wide access rule updates in minutes when needed.

5 5 Procedures that should be enforced include requiring all visitors on campus to wear a visitor badge that was issued when they were checked in. Hand-written systems are simply not feasible, because they don t offer adequate security, and they are not scalable enough to support campus expansion. Visitor management solutions like HID Global s EasyLobby system solve these problems. They can be used to track students visiting another student s residence hall, and also track and badge all non-student visitors. They also can be used to screen each visitor on states registered sex offender databases and flag those visitors at the time of check in. And they can flag visitors who, for instance, may have repeatedly violated check-in procedures or stayed too long, and issue alerts upon their arrival. Additional benefits of visitor management systems include more robustly securing the campus, making students and administrators safer, and capturing visitor data more quickly, accurately and automatically. Administrators optionally can have the system scan driver s licenses and other government IDs before granting visitors entry. The system also can be used for reconciliation at the end of visiting hours, so that campus administrators know which guests still are on campus and which have checked out. Additionally, visitor management systems can be used to create longterm, durable visitor badges for family members and other guests who will be visiting the student periodically through the school term. This simplifies guest sign-in and check-out. Optionally, barcodes can be incorporated into the visitor badges, facilitating guest check-in and check-out with a simple barcode scan. When setting up a visitor management system, make sure that it is secure and yet doesn t create a burden or hardship for administrators or guests, or impede traffic flow in and out of the facility. It is also important to select the right printer, with the appropriate feature and suitable levels of reliability and durability. Reader selection is also important. For instance, depending on the campus environment, it may be advantageous to specify vandal-resistant readers. Increasingly, we are also seeing visitor management integrated with the university s access control systems to provide complete security solutions. This integration enables lobby attendants to easily and safely provide temporary credentials to guests through the visitor management system, rather than requiring the lobby attendant to interface with the access control system. The University of Arizona has such a campus colleague/visitor system in place. Guest information that is entered into the visitor management database is seamlessly passed to the card office ID management system. The visitor is now eligible for card issuance. The same campus card is issued to the visitor with tap and go technology for door access. When the visitor is no longer active in the system, the card is deactivated for keyless access and other campus services. The visitor can reactivate this visitor card for future use. The keyless access system is programmed to automatically update door access, in real time, when cards are replaced. All access to campus facilities and services can be tracked. Integrating visitor management with access control also eliminates the problems of having a supply of live cards at the reception desk for those who have forgotten their permanent cards. Integration also ensures that the visitor system has a record of all visitors who have been provided an access card, so there is a complete audit trail, including information about the dates and times when cards were active. University residence halls should be safe and comfortable places, and today s visitor management systems ensure that only authorized guests are on the premises, and that there is an easy way to manage, monitor and audit their activities.

6 6 Getting the Most Value From Your Cards Protecting students, staff and property is one of the university s most important responsibilities. The highest security is delivered through contactless smart card technology, and the greatest efficiency and convenience comes from a single-credential access control solution that also includes other value-added applications. Here are some examples of the many applications that can increase the value of your contactless campus ID smart card: Facility Access: Cards can be used to open doors to dorm rooms, the library and media center, the fitness center, cafeteria, on-campus healthcare facilities, computer labs, and to gain access to entertainment and athletic events. Visitors can also be issued temporary cards, ensuring the campus is safe and protected. Cashless Payments: Contactless smart card technology provides the necessary security to not only get through cafeteria turnstiles but also to make meal plan purchases. They also can be used to pay for laundry, printing, copying and other campus services. Additionally, they can be used to redeem discounts and participate in loyalty programs, and to make debit and other cashless payments in partnership with financial institutions. Parking and Transportation: Contactless smart cards help campus parking facilities function smoothly, safely and reliably, with the option of electronic access control to eliminate the need for guards at entrances. Students, faculty and staff can also use their cards to access bus, rail systems and other transportation services, as well as car and bicycle sharing systems. Protecting Valuable Assets: The same card that is used to enter buildings can also be used to borrow items at these locations, such as library books or media center items. The card can also work with both wired and wireless locks installed on secure storage receptacles like cabinets and gym lockers. These locks can be connected to the building s online access control system for nearonline and near-real-time control. Cards also can be used to protect and monitor even higher-value resources like fleet vehicles, and industrial, laboratory or other equipment. Protecting High-Security Areas: Contactless smart cards can implement additional factors of authentication where needed. Institutions with high-security R&D labs, for instance, might wish to deploy biometric technology, as the University of Arizona has done in selected areas of its campus. It is important to note that biometric templates can be included directly on cards, which simplifies deployment while speeding the authentication process as compared to storing all templates on all biometric readers. Finally, new legislation or regulatory requirements might also prompt the need for this or other types of multi-factor authentication. Time and Attendance Monitoring: There is increasing pressure for universities to monitor and record student attendance. One of the most sensible options is to integrate these processes into an existing access control system, thereby optimizing value and minimizing cost, disruption, and system duplication. Attendance-taking at classes, lectures or other events are much faster if students can use their cards to very quickly check in as they enter the room. Cost and Sustainability Initiatives: Another important card application is secure document management and printing, which reduces paper, toner, maintenance and energy costs while ensuring that authorized users access resources properly. Cards can also be used for building automation programs to control access to lighting and HVAC systems, and they can be used to secure campus Electric Vehicle (EV) charging stations and service equipment, making it easy for eco-conscious campuses to support these emerging clean transportation initiatives.

7 7 Data Security: Contactless smart cards also can be used to control access to student records, healthcare information and other sensitive campus data. Seos credentials used in HID Global s iclass SE platform can carry contactless One Time Password (OTP) login solutions that enable students, staff and faculty to easily tap in and tap out for computer login and logout with the enhanced security of multi-factor authentication. Mobile Access Control: With proper planning, universities also can implement contactless smart cards that are portable to NFC-enabled mobile devices. According to Arizona State University s director of business applications and fiscal control, Laura Ploughe, Leveraging a campus card solution means putting technology in the hands of students that fits their needs, is convenient, is secure and is as mobile as they are. Ploughe played an instrumental role in the execution of an ASU-based pilot of HID Global technology that enables NFC smartphones to carry digital keys. The pilot showed how mobile access control delivers a more hassle-free security experience for users who can carry all of their credentials on a device they rarely lose or forget. It is expected that mobile access control solutions will co-exist with ID cards on the typical campus, enabling institutions to implement a choice of smart cards, mobile devices or both. In addition to moving multiple new applications onto smart cards and NFC phones, there also must be a strategy for identity management and credential sharing across these applications, both on and off campus, and often in partnership with third-party service providers. At Arizona State University, solutions that integrate with partner services provide a value we can t afford to be without, Ploughe said. These services range from banking, food service, transit, facility access, equipment usage, safety certification compliance and cashless payment, to multi-factor authentication with biometrics, secure logical authentication, and attendance authentication at testing centers for accreditation vetting. Ploughe says that ASU can leverage all of its card uses in a much better way by taking advantage of the multiple solutions that HID Global offers, from card printing, to secure authentication, to visitor management, to multi-technology offerings including mobile access control. As a campus that is growing in enrollment, physical presence, and research to become the New American University, it is important to leverage these new technologies, combine them, be innovative, and step into mobility as a strategy for the future. Also, we need to use these technologies to meet the needs of off-campus users, as well, ensuring they receive the same service as our on-campus users, where possible, Ploughe says. Security By Design s Ed Chandler agrees. Once students have their One Card, they should be able to use it for secure on-line registration and other off-campus student interactions with the university, Chandler says. Student convenience is improved through remote, automated and secure programs, and these on-line offerings also drive significant potential cost efficiencies. Chandler says these efficiencies could extend to many on-line education processes where the application of the credential can unlock curriculum and potentially facilitate remote testing. To make this work, an OTP application can be added to the Seos credential, delivering savings through more efficient interactions between students and the university. For more about the smart card applications that HID Global and its CONNECT partners can help you deploy, click here. hidglobal.com 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design, OMNIKEY, iclass SE, Seos, FARGO, HDP, DTC, Live Link, Asure ID, and EasyLobby are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners hid-smart-card-higher-ed-wp-en