Is an ID tag on the vehicle or number plate recognition the solution?
“It is not enough to check the vehicle, you also have to ensure that the driver is authorised,” says Robert Jansson, sales director at Stid Security.
In reality, a vehicle from a trusted transportation provider, whose ID tag verifies eligibility, is often enough to grant drivers access to a guarded area. In recent years, automatic number plate recognition (ANPR) has been increasingly used to check eligibility.
“Number plate registration is a smooth and fast way to handle access control on incoming vehicles, but it is not recommended as a security solution. License plates can easily be stolen or falsified,” says Robert Jansson, who is concerned about the often-insufficient control of people who come with vehicles.
“Unfortunately, control of both entry and exit of vehicles is often more characterised by the need for convenience than the demand for security. Convenient solutions are usually based on one-factor authentication, which is far from satisfactory,” he comments further.
Security comes second
Robert Jansson is sales director for the card technology manufacturer Stid Security in the Nordics, Eastern Europe and South Africa and has 35 years of industry experience. He is concerned that security often comes second, which opens the door for criminals. For example, at the gates of the perimeter protection for entry and exit, there are sometimes staff or there is a remote operator who checks the vehicle’s authorisation and decides on access.
“Or there is only one card reader that checks the authorisation,” notes Robert Jansson.
“You want to get away from staffing. The question then is what is checked and how it is checked, that is crucial for the quality of the security you get. If you only check the vehicle’s authorisation, it is more of a convenience solution than a security solution”, he says.
One-factor authentication
Robert Jansson is concerned about the naivety that prevails when it comes to, for example, checking transport vehicles, not least in Sweden, where Robert has his base. He claims that it is usually just an ID tag on the vehicle that is detected by a reader to determine whether access should be granted. The driver is often exempt from control or both the vehicle and the human behind the wheel have a UHF tag, meaning both use one-factor authentication.
“In the best case, the driver is forced to leave the vehicle to go to a reader, swipe his card and enter his PIN, which is then two-factor authentication. However, this means that the very purpose of long-distance reading has been abandoned, namely that transport should be smooth and with a lot of incoming and outgoing traffic, unwanted queues can be created,” states Robert Jansson.
“Since fast passage had a higher priority than security, the authorisation check was focused on the vehicle, which made theft possible.“
Two-factor authentication
But it is possible to use two-factor authentication without the driver having to get out of the car.
“If you use virtual cards via the mobile phone, you can have both one-factor and two-factor authentication in the hand of the driver. In this way, the person’s authorisation can be ensured before the gate is opened,” says Robert Jansson.
The two-factor authentication works so that the driver’s mobile phone is detected, but only when the mobile phone is unlocked with a PIN code or a biometric template – with an addition of also having the particular credential card unlocked with a PIN code or biometric template – that becomes the virtual card’s signature sent to the reader. Thus, no unauthorised person can use the ID carrier and gain passage into the area.
Simultaneous reading of vehicles and drivers
In 2021, Stid Security launched the multi-technology reader Specter Nano, which can remotely detect and read the authorisation of vehicles and people quickly, flexibly, safely and simultaneously. The reader can handle multiple vehicles and people at the same time and not only reads the mobile virtual card for two-factor authentication of people, but also all kinds of windshield tags, cards and key fobs.
“The reading distances can be adjusted both with Bluetooth and UHF, and the fast reading means that the driver hardly needs to slow down, which contributes to ease of use without reducing security” explains Robert Jansson.
The working principle is simple. The vehicle approaches the reader and is detected by the encrypted UHF tag, and the driver can then already be detected via his virtual card in the phone.
“The risk of criminals entering an area via a stolen authorised vehicle is eliminated with this solution.”
“Two-factor rule”
The response to the launch of the Specter Nano has been very positive. However, being able to apply the “two-factor rule” via a single reader, where access is only granted if both the vehicle and the driver are authorised, is particularly appreciated in Norway, where there is a law on two-factor authentication if a transaction is to be logged in a pass system. If you bring one-factor authentication to a person, only the vehicle can be logged, not the person.
“Specter Nano is the first solution where, via a single reader, you can legally have a transaction of drivers and vehicles in a pass system. Interest in the solution is very high there,” he comments in conclusion.