need additional cryptographic certification The physical access readers and controllers will also have to undergo a makeover with PKI at the door, says Hirsch’s Zivney. There will be two choices for the architecture of new physical access systems: do the processing of PKI certificates at the reader or do it at the controller. Either way the processor on the device that is chosen will need additional cryptographic certification.

Most likely the choice will be to go with a smart controller instead of a smart reader, Zivney says. “The argument is that there’s too much risk in putting the intelligence on the unsecure side of the wall,” he says.

While upgrading the infrastructure for physical access control systems will be time consuming and costly, a bigger concern with PKI at the door is how long the transaction will take. Experts say it could take as long as a second and a half to open a door. This may not seem excessive but imagine trying to get through a turnstile with hundreds of other employees in the morning. Some fear that transaction duration could be the deal breaker in many environments.

Others disagree. “It’s the difference between wave and go and touch and go,” says D’Agostino. “It does require some crowd behavior effort, but just as people learned how to get on and off an escalator they’ll learn how the system works.”

To deal with the time issue some are suggesting a switch from PKI, or asymmetric keys, to a symmetric key scheme, says MacGregor. “People say that symmetric keys are faster than PKI at the door,” he says.

But PKI is more secure and may actually be easier to deploy and manage than symmetric keys, MacGregor says. With PKI the secret is stored on the card and it never leaves that card. There is a public certificate on the physical access control system but it’s not a secret. “It’s widely distributed and there is no security vulnerability,” he says.

With symmetric keys the same certificate stored on the card also has to be stored on the physical access control system. This leads to more complex key management than with PKI. “Public keys don’t need to be protected,” MacGregor says, “but all these symmetric keys need to find their way to a reader on a door and must be protected in transit, in use and at the reader.” This results in far more vulnerable situations and more opportunities for compromise.