At the same time, effective security helps reinforce positive hotel reputations and protects hotel owners from the costs and damages that can result from criminal activity, be it theft, vandalism, or unauthorized access.
Protecting Access
The room key is, in many ways, the starting point for hotel security, since it protects access to areas that need to remain private. Since the late 1970s, when traditional metal keys started being replaced by various types of plastic key cards, the room key has become a wider access pass, authorizing guests to enter other areas beyond rooms, such as parking areas, wellness centers, workout rooms, dining facilities, meeting rooms, and more.
More recently, mag stripe keys have given way to contactless solutions, in part because contactless cards are more durable, easier to program, simpler to support in mobile formats, and much harder to copy. But even contactless solutions have evolved over time, with newer architectures supporting the latest cryptographic algorithms and offering greater flexibility in how to configure access privileges.
Features that Future-Proof Keys
The latest features not only protect against present-day known threats, they also help future-proof access by strengthening security for the long haul. To help hotel owners understand what protections are now available, and how they can be used to tailor security to individual needs, here’s an overview of architectural features to look for when specifying hardware for the next generation of keys:
AES authentication
The Advanced Encryption Standard (AES), which was introduced by the US National Institute of Standards and Technology (NIST), is the recommended specification for the encryption of electronic data, offering state-of-the-art protection.
AES with a key length of 128 bits brings the RFID Key Card to the next level of protection against known attack vectors, because the tools to break older mechanisms are more widely available, and easier to use without technical know-how.
Selectable Memory Protection
As part of product configuration, AES 128-bit encryption can be used to protect the information stored in user memory. Some architectures let you choose the level of data-protection restrictions prior to AES authentication. Having the flexibility to prevent or enable access to user memory makes it easier to configure cards for different situations and different access privileges.
Diversified Keys
Key diversification is a process of deriving keycard keys from a master key using some unique inputs of the keycard's IC. With the diversification process, each keycard gets a different value for each key. That way, if a key is broken, the vulnerability is limited to the key on that card. The rest of the system remains unaffected. The use of the key diversification process increases the security of the system by diversified keys on the RFID Basic Guest cards. It is important to note that the symmetrical keys in use need to be stored in a secure memory on both sides, at the reader as well as on the card, as the system is only as strong as the weakest point.
CMAC Protection
Cipher-based Message Authentication Code (CMAC) is an option for secure messaging. It provides an additional layer of security that protects the integrity of the message when data is communicated over the RF interface. Using CMAC protection with a key card helps ensure that access data isn’t manipulated at the point of transmission or retried.
Failed Authentication Feature
The keycard can be configured to allow a maximum number of failed authentication attempts, to prevent unlimited numbers of attempts to access the security keys used for encryption. Once the maximum number of allowed failed authentications is reached, any further attempts to use the authenticate command will be permanently declined. This feature strengthens the protection of the key within the keycard by limiting the number of attacks that can be mounted.
Random ID
This feature benefits contactless applications that deal in sensitive cardholder data. It lets the IC switch from a 7-byte Unique ID (UID) to a 4-byte Random ID (RID), which helps avoid tracking.
MIFARE® Portfolio: Right-Sized Security
NXP’s MIFARE-based keycards have been helping hospitality go contactless for more than a decade. Every day, millions of hotel guests around the world access rooms, collect loyalty points, and even make micropayments using secure MIFARE based solutions on physical cards and smartphones.
Our current portfolio includes a range of options, so hotel owners can match find the right type of security for their needs. For example, MIFARE Ultralight AES, which brings AES cryptography to single- and limited-use RFID guest cards, offers enhanced security features that increased privacy and safety during each guest’s stay. For an even higher level of protection MIFARE Plus EV2 and MIFARE DESFire® EV3 offer even greater flexibility, with support for configuring staff keys and other advanced features.
Take the Next Step
To learn more about the MIFARE portfolio and how it helps future-proof access to hotel rooms and other guest facilities, visit nxp.com and vingcard.com.
)