Trusting Identities On Connected Campuses
Improving campus security without compromising accessibility
- By Dominic Tavassoli
- April 01, 2017
As their enrollments grow, university administrators must struggle to expand facilities and services while often using obsolete and vulnerable campus id card systems without the necessary features, functions and flexibility. at the same time, an increase in school violence and fraudulent id card usage is challenging administrators to improve security without compromising campus accessibility or the overall quality of the campus experience.
Administrators must also meet growing demand for securely provisioning
connected services while protecting user privacy in today’s
increasingly digital world, and they also must navigate a shift in the use
of identities that is fueling broader adoption of mobile and advanced
smart card technology while putting greater emphasis on the cloud
and emerging IoT use cases. More than ever, they need to trust user
identities in both the physical and digital worlds, and employ these
trusted identities via a combination of both new and existing technologies
to create a secure and convenient user experience across all facets
of university life.
CHARTING A COURSE
The best path forward for today’s universities is to systematically
replace legacy technology with the latest “One Card” solutions that
deliver improved the end-to-end card issuance capabilities and a path
to new capabilities and ROI value. A successful One Card implementation
must deliver flexible student and faculty accessibility through
visual security, while also enabling cards to be used for many applications
from opening dorm room doors to making cashless transit system
payments or checking out media center materials. These systems
are dependent on physical cards so implementation must also support
campus “green” initiatives through features like wasteless ID card lamination
and eco-friendly card printers.
To make the upgrade to contactless smart card technology, universities
must evaluate the time, cost and logistics associated with replacing
existing card infrastructure and then re-badging tens of thousands
of campus card holders. What is required is a comprehensive, end-toend
ID solution and multi-year, phased process for upgrading an existing
card system. This enables incremental deployment of new contactless
smart cards while still using legacy student ID cards and the
existing campus hardware.
Key solution features include an integrated ID card system with
the power to issue new cards, multi-technology readers, card technology,
and a combination of ID card printers and encoders with card
personalization software. Some universities will need their readers to
support both new contactless smart cards and legacy magnetic stripe
cards, as well as wireless locks with built-in encryption and enhanced
security. Choosing the right card technology will deliver advanced
security and interoperability between locks, readers, and multiple
card applications. The cards, readers, and software technology should
be flexible enough for physical access control (i.e., opening doors) as
well as logical access control (i.e., used with desktop readers to pay
for cafeteria meals, or checking out library materials).
Also important is the choice of ID card printers and encoders, and
associated card personalization software. A big time-saver for universities
at registration time is the use of in-line personalization technology.
This enables the card office staff to print student information to
the card at the same time they are encoding and programming both
the magnetic stripe and contactless smart card technology, all in a
single, in-line issuance process. This approach significantly reduces
total issuance time, and eliminates mistakes that are often made when
data is entered manually. Additionally, some card production solutions
are offering the flexibility to print and encode through a commercial
print bureau, further easing the burden of time and errors.
Advances in print quality, lamination and visual security features
mean today’s cards are more secure and durable than those produced
by legacy printers.
Card issuance choices can also affect sustainability. Two key developments
include adopting “wasteless” lamination, and reducing carbon
footprints as defined through the GreenCircle® certification program.
With wasteless lamination, the lamination patches that are
applied to cards for increased durability are attached to one another in
a continuous stream of material on a single roll. Through technology
that ensure precise placement the need for an underlying carrier film
is eliminated so that, once the supply roll has been depleted, all that
remains is a single empty core. GreenCircle certification delivers further
cost savings through advancements in card lamination technologies
that have reduced the significant energy required to heat up and
maintain optimal operating temperature.
In addition to these latest smart card advancements, there are
other developments underway as the industry changes how it uses
PREPARING FOR A SHIFT IN THE
USE OF TRUSTED IDENTITIES
The more identities are used to access a growing variety of campus
facilities and services, the more important it is that they can be trusted.
New technology is driving new forms of digital connected trusted
identities, and a shift in how we use these trusted identities is
leading to increased adoption of mobile devices and the latest smart
card technology, a greater emphasis and reliance on the cloud, and a
new way of thinking about trust in the smart campus and Internet of
For instance, credential issuance for physical ID cards will soon
experience a digital transformation, as the use of cloud technologies
will enable service-focused models for badge printing and encoding.
Cloud -based models for delivering network-based ID badge issuance
management will feature the security of end-to-end encryption and
eliminate the need for stand-alone card printers attached to dedicated
PC workstations. This will transform the user experience and operational
management of ID badge printing, reduce costs, increase
administrative visibility, simplify system maintenance, and improve
security as compared to on-premises solutions.
Administrators are also increasingly aware that cell phones, which
seem to be permanently in their students’ hands, can provide a very
convenient and quite natural way to carry trusted campus IDs for
opening doors and performing other tasks that require presentation of
a secure credential. In addition to improving convenience, adding
mobile access to their campuses will enable universities to reap the
benefit of cost savings on credentials. Plus, students lose their cell
phones less often than they lose their cards so, ultimately, the cost for
replacement credentials will be reduced. University employees also
benefit from carrying credentials on their phones. They aren’t required
to wear their ID cards, so they may arrive at a facility without one and
have trouble gaining access. But since most carry their cell phone
everywhere, the ability to gain access is a given if these phones also
carry their credentials.
Rather than acting as competitive forms of ID, traditional physical
ID cards and mobile IDs that have been securely provisioned onto
mobile devices will function most effectively in harmony, multiplying
each other’s benefits. Digital identities in the form of smart cards have
been successfully used in business and for a variety of governmentissued,
card-based programs for over 10 years, including employee
IDs, national IDs, healthcare cards, government employee credentials
and even “smart” driver licenses.
The concept of mobile IDs is particularly compelling in the university
environment where trusted identities are already used for everything
from accessing physical areas, like dorms and research labs, to conducting digital transactions, such as
checking into a class using a time-and-attendance
system, making cafeteria purchases and
cashless transit system payments, and checking
out media center resources. New cloudbased
systems will issue both physical and
mobile IDs simultaneously in a one-step process
that make issuance easy for both the
organization and recipient.
Mobile IDs on the university campus
should be viewed as an extension of authentic,
university-issued credentials. In fact, having
both a physical and a mobile credential
can help to:
- Provide better, faster, more efficient access
to campus services.
- Safeguard privacy by protecting access to
- Improve mobility by using widely interoperable
credentials across both the physical
domain and for accessing university computers
and cloud-based services and
- Establish trust between the cardholder and
the university issuing the digital identity.
There will also be new ways to use trusted
identities for more than access control on
today’s increasingly connected campus. For
instance, trusted identities can be used to connect
people, places and things in applications
like automating campus guard tours. By combining
NFC trusted tag technology with a
cloud-based authentication platform, security
check points can be accurately tracked and
guards can be instantly dispatched for incident
response and to investigate and report fraudulent
activities throughout the campus. This
approach enables security guards to patrol
areas more easily and efficiently, automating
patrol stops and replacing manual sign-in processes.
With a simple tap of their mobile phone
to a secure trusted tag, a guard can digitally
prove that a security patrol took place at the
proper location, at the proper time.
Universities need to secure their facilities
and assets without restricting students, staff
and visitors from enjoying campus offerings.
As universities move from legacy to “One
Card” solutions and new mobile options and
managed service models, they will make
accessing their campuses more flexible and
secure, extend the value of their cards to enable
more capabilities, reduce costs while improving
efficiency, and support campus “green” initiatives.
At the same time, they will be paving
the way for additional capabilities down the
road, as trusted identities play more integral
roles across a wider range of applications in an
This article originally appeared in the April 2017 issue of CSLS.