Modern Identity Badge Security

365 Words

A typical identity badge is an open authentication credential. It will happily authenticate to open doors and such no matter who swipes it. This is a major weakness. It is not a secure factor of authentication. From the time it is stolen till the time it is reported stolen and deactivated, it can be used by thieves for nefarious purposes. What’s the alternative?

Mobile phones these days have NFC capability. They also have sophisticated user-authentication capabilities like pin/passcode and biometric identification. So, a badge stored on a mobile device that’s activated only upon thorough user-authentication is much more secure. But we may not have the mobile handy at all times. A better alternative is a smart watch, like Apple Watch.

Apple Watch can lock itself whenever it is removed from the wearer’s wrist. This works through its sophisticated biometric sensors on its back. This makes it uniquely secure. The user who wears the watch will have to unlock it after they put it on their wrist, thus enabling the badge. If the watch is removed or stolen off the user’s wrist, it will immediately lock itself, disabling the badge. This completely eliminates the vulnerability of a stolen badge while having the same or better convenience of a badge on your lapel or hip belt.

For more secure variant of this, we could have dedicated badge wrist bands that does only this and nothing else. They can be authenticated via an interface built into the band or they could be authenticated via a secure hand-shake protocol interface on a mobile device. Removing the band would disable the badge and would require re-authentication again.

In an extremely secure environment situation, authentication and arming the badge can be done at a security/guard checkpoint with a dedicated terminal. This way we can eliminate all uncontrolled or open-ended interaction devices and significantly minimize the attack surface.

In secure spaces (buildings, rooms etc), we could have life signs sensors (people detectors) and badge sensors that can detect people without badges or with badges that are disabled. Such a mechanism can enable securing even spaces from unauthorized presence where visual cameras are typically not deployed, like bathrooms, work areas and conference rooms.