Smart Card Talk

May 2007 • Volume 12 Number 5

Feature of the Month

Using FIPS 201 PIV Cards with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience

FIPS 201-1 PIV II end-point smart cards provide enhanced interoperability and unify identity verification for use in both logical and physical access control. Users need to understand why there is a difference in the system behavior when using PIV smart card technology vs. the typical proximity cards and readers in wide use today in order to obtain the best possible user experience from the new PIV II card-enabled physical access control systems (PACS).

Operational Differences

Operational differences between the two technologies can impact the user experience. For example, the new PIV smart card is a departure from the low frequency proximity cards in use today. Agencies and installers must be aware of, and prepare for, operational differences between these technologies. Differences include:

Greater amount of information on the PIV card
Cryptographic processing requirements
Shorter read range
Data formatting requirements at the reader

Another difference is how the use of the card differs: individuals used to the “wave and go” nature of a proximity card will need to be trained to “touch and hold” the PIV card. All of these differences should be considered during installation and be a part of the end user training when implementing a PIV card-enabled PACS.

Data Encoding

Transaction time in PACS applications can be related to variances in the production of the PIV card and readers, such as data encoding. Example techniques that can be used during personalization that can decrease transaction time include:

Changing the order in which the data is encoded on the PIV card so that information needed for the PACS transaction is read first.
Having a default application automatically selected at power-up to reduce the time for the anti-collision and select sequence.
Implementing a processor quick start-up routine for contactless communications.

Reader Installation

Reader installation can have a significant affect on performance. Readers must be built to fit different locations like doorframes or hardened enclosures for exterior uses. Different mounting surfaces affect the read range by absorbing or reflecting the RF energy from the reader in different and unpredictable ways. As an example, the same 13.56 MHz contactless reader will behave differently when installed on a hallway drywall than when moved to a metallic door frame, near a metal conduit, near a metallic wall stud inside the wall, near an exit reader located on the opposite side of the wall, or on a metal post at an exterior entry control point. The varied density of these materials affects the RF fields and wave pattern (backscatter) at the reader itself. Each of these few examples represents a unique RF environment, which in turn affects reader performance and, ultimately, the user's experience with this new technology.

Manufacturers and installers can take a few steps to minimize (but not eliminate) these unpredictable variables. One step is to increase control of the reader RF environment. This can be achieved with a few additional steps:

Providing specifically-designed reader mounting hardware that minimizes the effect of such interference (such as spacers).
Providing additional installer training and following manufacturers’ installation instructions without deviation.
Using only mounting hardware and cabling supplied by the reader manufacturer.
Protecting cabling during installation.
Keeping wires at the reader connector as short as possible: long, unshielded connections will reduce the sensitivity of the reader.
Making available an installation test card. This will allow the installer to simply move the reader to the most favorable wall location before permanently mounting it on the wall.

Any of the above factors can affect the transaction time and user experience when using the new PIV II cards in a PACS. Many of these factors can be mitigated through minor changes at little or no cost, and with no impact on the NIST standards. In addition, user training can help to set user expectations for the performance of the new PIV II cards when used in PACS.

User Training

A short training session conducted by PACS operators will help a new cardholder use the new PIV card properly at an access control point. The instruction should ideally be conducted as the PIV cards are having physical access privileges registered in the local PACS. The instruction can be a two-part program -- verbal and practical. For practical instruction, user practice requires the installation of a PIV reader in the PACS enrollment office. The reader should be within easy reach of both the PACS enrollment operator and the cardholder. As physical access privileges are registered for the card, the cardholder can be guided by the enrollment officer in the proper card presentation procedure. The cardholder can also be briefed on the system responses.

Verbal Training

A brief explanation of the how the PIV card should be used and how it is different from the familiar low-frequency proximity cards.
A brief explanation of system responses (e.g., light indicator, audible signals)

Practical Demonstration

The PACS enrollment officer demonstrates how to properly present the PIV card to the reader. The officer points out the read and processing time before access grant responses appear.
The cardholder repeats the process. When needed, the enrollment officer provides guidance.
Improper procedures (e.g., card orientation, location) can and should be practiced as well. This provides the cardholder with some experience with the lack of system response due to incorrect card presentation.

These simple steps will add a few minutes to the PACS registration procedure. However, agency and department PIV cardholders are more likely to accept the new cards and readers if they understand why and how the user experience is changing.

About this Article
This article is an extract from the Smart Card Alliance Physical Access Council white paper, "FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience," published in May 2007. The white paper was developed by the Smart Card Alliance Physical Access Council to assist government agencies with the use of FIPS 201 PIV II end point smart cards in physical access control systems. The full white paper provides additional technical detail on the points discussed in this article. The Physical Access Council plans to develop on-going updates to the implementation recommendations to address other factors that may affect the performance of PIV II cards in PACS implementations.