Issue link: https://securitytechnologyexecutive.epubxp.com/i/282968
26 SECURITY TECHNOLOGY EXECUTIVE • February/March 2014 www.SecurityInfoWatch.com HEALTHCARE SECURITY: ACCESS CONTROL Not only are such scenarios cumbersome for the employees, they drive the physical access control management staff crazy. And as IT departments become more prevalent in access control hardware and software purchases and system management, smart card technology can help facilitate consolida- tion and standardization activities. Increase Security and Solve the Credential Problem Any type of card can be used – magnetic strip, prox- imity or proprietary smart card. However, hospitals are learning that they get their best return-on-investment (ROI) with open architecture contactless smart creden- tials. A smart credential's microchip can store, protect and modify information, and provide many opportuni- ties for information sharing and exchange. Smart cards offer a number of ways to verify an individual, includ- ing static and dynamic passwords, digital certificates and private keys, biometrics and photos. Smart cards may provide hospitals with a superior solution over other card products, increasing the secu- rity of data and providing added convenience to the user. And, by also adding open architecture capability to the mix, hospitals can provide secure access for staff to more applications and add value to the many proprietary sys- tems currently in the marketplace without having to go through software and interface tweaks so prevalent with proprietary credentials, including smart cards. The open architecture design of a smart credential means that it is capable of accepting a customized key for multiple, diversified applications. This lets hospitals add applications on their own terms, expanding as slowly or as quickly as they like. With memory options of 2K, 4K and 8K bytes, hospitals can get the memory they need, without paying for extra memory they don't. Not only can they access physical locations, but also the hospital's computer networks and EMR (logical access). Smartcards can be used to match a healthcare provider with the patient to ensure safety during care. Employees will also find them convenient for pay- ments at the cafeteria or vending machines, to check out scrubs, equipment and tools, for time and atten- dance, secure printing and other applications. With the price of smart credentials being comparable to proximity today, the roadblocks for deploying smart credentials during the hospital's next implementation, even if only for physical access control, are eased. Caveat – There is More than One Type of Smart Card To heighten security, ranging from protecting patients themselves to their medical records, hospi- tals need to use a contactless smart credential that is armed with mutual authentication and encrypted with (Advanced Encryption Standard (AES) 128- bit diversified keys. With such a capability, the card and reader verify that they are authorized to communicate bi-directionally. Additionally, 128-bit keys virtually ensure no one can read or access credential informa- tion without authorization. The technology behind AES has been approved by the NSA (National Security Agency) for classified information. A message authentication code (MAC) further protects each transaction between the creden- tial and the reader. This security feature ensures com- plete and unmodified transfer of information, helping to protect data integrity and prevent outside access, If implemented, hospitals should use an open solu- tion smart credential, one also built to adhere to ISO 14443, a four-part international standard for con- tactless smart credentials. This results in faster data transfer between credential and reader, up to 848 kbps baud rate (1K baud = 1,000 bits of data per sec- ond). ISO 14443 technology, the same standard used by the U.S. government, is especially recommended for hospitals applications requiring large amounts of data such as biometric templates to be used at phar- macies and other high security locations. The secure access solutions available with open system smart credentials have several ROI implica- tions. For example, when a smart card program is introduced, it immediately solves the problem of (for- gotten) passwords for network access, a nemesis for both users and administrators. Hospitals will reduce overhead costs simply by not having to administer passwords. Or, for added security, using a smart card along with a password adds the protection of dual authentication to sensitive systems. Also, the roll-out of smart credential solutions for physical access control is typically done in tandem with the implementation of card management systems that To heighten security, ranging from protecting patients them- selves to their medical records, hospitals need to use a con- tactless smart credential that is armed with mutual authentica- tion and encrypted with AES 128- bit diversified keys. STE_24-29_0314 Timme AccessCntrl.indd 26 3/14/14 11:13 AM