Access badge

An example DoD Common Access Card
A private security officer with an access card/ID card

An access badge is a credential used to gain entry to an area having automated access control entry points. Entry points may be doors, turnstiles, parking gates or other barriers.

Access badges use various technologies to identify the holder of the badge to an access control system. The most common technologies are magnetic stripe, proximity, barcode, smart cards and various biometric devices. The magnetic stripe ID card was invented by Forrest Parry in 1960.[1]

The access badge contains a number that is read by a card reader. This number is usually called the facility code and is programmed by the administrator. The number is sent to an access control system, a computer system that makes access control decisions based on information about the credential. If the credential is included in an access control list, the access control system unlocks the controlled access point. The transaction is stored in the system for later retrieval; reports can be generated showing the date/time the card was used to enter the controlled access point.

The Wiegand effect was used in early access cards. This method was abandoned in favor of other proximity technologies. The new technologies retained the Wiegand upstream data so that the new readers were compatible with old systems. Readers are still called Wiegand but no longer use the Wiegand effect. A Wiegand reader radiates a 1" to 5" electrical field around itself. Cards use a simple LC circuit. When a card is presented to the reader, the reader's electrical field excites a coil in the card. The coil charges a capacitor and in turn powers an integrated circuit. The integrated circuit outputs the card number to the coil which transmits it to the reader. The transmission of the card number happens in the clear—it is not encrypted. With basic understanding of radio technology and of card formats, Wiegand proximity cards can be hacked.

A common proximity format is 26 bit Wiegand. This format uses a facility code, also called a site code. The facility code is a unique number common to all of the cards in a particular set. The idea is an organization has their own facility code and then numbered cards incrementing from 1. Another organization has a different facility code and their card set also increments from 1. Thus different organizations can have card sets with the same card numbers but since the facility codes differ, the cards only work at one organization. This idea worked fine for a while but there is no governing body controlling card numbers, different manufacturers can supply cards with identical facility codes and identical card numbers to different organizations. Thus there is a problem of duplicate cards. To counteract this problem some manufacturers have created formats beyond 26 bit Wiegand that they control and issue to an organization.

In the 26 bit Wiegand format bit 1 is an even parity bit. Bits 2-9 are a facility code. Bits 10-25 are the card number. Bit 26 is an odd parity bit. Other formats have a similar structure of leading facility code followed by card number and including parity bits for error checking.

Smart cards can be used to counteract the problems of transmitting card numbers in the clear and control of the card numbers by manufacturers. Smart cards can be encoded by organizations with unique numbers and the communication between card and reader can be encrypted.