Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS

Identity Management and convergence define a new world of physical security on campus

Chris Corum   ||   Jan 29, 2006  ||   , , ,

In 2006 a great new feature section will appear in each and every issue of CR80News. Our new Physical Security Corner will explore key issues related to the changing security landscape. Physical security is no longer a standalone “silo” within a campus … it is a vibrant, essential component with enterprise-wide implications.

Key themes running through this recurring feature article will be identity and convergence. That is because these are among the most significant defining features of the modern security landscape. Thus it seems fitting that we explore these two concepts for this inaugural installment of our Physical Security Corner.

Identity and physical security …

The concept of physical security assumes adequate identity management, but unfortunately this has not been the case. To explain this idea, an understanding of the identity management process is necessary.

Identity management can be thought of as a set of processes used to identify an individual within an organization and grant access to a defined set of privileges based on that individual’s unique status. Certainly from the traditional concept of physical security, identity management seemed obvious … we create a badge and the badge holder swipes or presents it to a card reader and is granted or denied access.

True this is a form of identity management, but is it “adequate identity management?” Most agree it is not. There are far too many weak points in the chain. Was the individual’s identity vetted prior to badge issuance? Was authentication conducted at the reader to ensure that the badge’s user is the person it was issued to? Is an effective system in place to revoke access rights for former users, lost cards, etc.?

Questions such as these indicate why adequate identity management must be a fundamental component of any security system. Though identity management has become a cross-industry buzzword and countless definitions are kicked about, key concepts or steps are common. Identity management consists of:

Verification
“Verification,” according to the OpenGroup, a standards and interoperability-focused consortium, “is the process of establishing identity prior to the creation of an account that can later be used as an assertion of identity.” It is the background check that ensures that the individual you are about to enroll in the system or provide a credential to access the system is indeed the person they claim to be. Verification can be lenient (e.g. “I am John Doe because I say I am”) or strict (e.g. fingerprint checks, interviews with past associates). The first requirements of HSPD-12, the new U.S. government mandate for standardized secure credentials across agencies, focus on verification of new and existing employees through extensive background checks. Interestingly, a source tells us that a number of existing employees using fake identities have already been uncovered via the process.

Authentication
The OpenGroup defines authentication as “the process of gaining confidence in a claimed identity.” It is the means by which the person claiming to be “John Doe” is tested to determine that he is indeed “John Doe.” In traditional security architectures, authentication was limited to visual checks of the credential by a guard (e.g. flash pass) or simple possession and presentment to a reader of the issued credential.

In modern identity systems, multi-factor authentication (possession of the credential combined with some combination of passwords and biometrics) is desired. Validation of the credential’s authenticity is also key.

Revocation
The other core step in the management process is the revocation of issued credentials and the subsequent notification of that revocation to impacted systems. Obviously, the days of former employees possessing still-valid credentials are past. Immediate revocation must be enabled to avoid potentially disastrous security breaches. In addition to this obvious need for revocation, many systems are purposefully revoking or suspending privileges of valid identities as a means to cyclically return to the first phase of the identity management process, Verfication. In so doing, the individual is subject to some form of re-verification, such as an updated check of criminal history files or suspected terrorist lists.

While there are many other important aspects to identity management – trust, provisioning, federation – these three cornerstones form the core of the concept. These and other concepts will underlie many of the future discussion in this Physical Security Corner.

Convergence and physical security …

As the importance of identity management was being recognized, so too was the concept that a single individual has many identities within and across an organization. At the core, many individuals have both physical access and logical (or network/data) access needs. Converging aspects of the identity management for physical and logical security affords great benefits in terms of user convenience, process redundancy, and enterprise-wide security.

The melding of the verification, authentication, and revocation processes for physical and logical security has become a major goal and challenge of modern organizations. Previously separate management and organizational structures (e.g. facilities and IT) are striving (sometimes struggling) to share this common ground.


Looking ahead to 2006 …

With these fundamental concepts in hand, we will move forward throughout the next year in our exploration of this new world of physical security. We will investigate core concepts of security systems, delve into specific issues such as maintaining databases for converging systems, and keep a constant eye on the impacts that initiatives such as HSPD-12 and global standardization efforts may have on your campus.

The editorial team at CR80News would like to thank security leader, Lenel Systems International, for the sponsorship that will enable us to bring you this dedicated feature throughout the New Year. Stay tuned.

FIPS201.com LogoCompare FIPS 201 Products
Research and evaluate FIPS 201 Approved Products and get the latest info on compliant credentialing systems at FIPS201.com. Click to visit FIPS201.com.

Related Posts

Subscribe to our weekly newsletter

RECENT ARTICLES

Mobile credential buy-in video image
Dec 14, 24 / ,

Key steps to get buy-in for mobile credentials on your campus

  In this episode of CampusIDNews Chats we explore how to get buy-in for mobile credentials on your campus and lay the groundwork with your colleagues and administration. Our guest Tim Nyblom, Director of End User Business Development for Higher Education for HID Global, starts with the concept of university branding. But often the ID […]
Penn State Go mobile app
Dec 05, 24 / ,

Penn State moves to Transact Mobile Ordering

After years of experience and a variety of mobile ordering solutions, Penn State is transitioning to the Transact Mobile Ordering app. At the institution’s main location – the University Park campus – a number of dining locations have already launched the service. All on-campus locations will be up and running by spring according to an […]
Spreadsheet
Dec 04, 24 /

UConn card office's recently published budget shows declining revenues

Like other institutions, University of Connecticut students pay mandatory fees to fund various non-academic programs and services. One of these fees, UConn’s General University Fee, helps support the One Card Office as well as Recreational Services, the performing arts center, Student Activities, the Student Union, and more. The General University Fee for the 2024/2025 academic […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Attn: friends in the biometrics space. Nominations close Friday for the annual Women in Biometrics Awards. Take five minutes to recognize a colleague or even yourself. http://WomenInBiometrics.com

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.