Maintaining physical security is important to many government, corporate, and private institutions. One aspect of physical security is controlling access to facilities such as corporate offices, datacenters, and storage rooms. Many institutions administer access control by issuing access cards to authorized persons. Each authorized person presents their access card at the entrance of a facility in order to gain access. In some environments, the access card is presented to a security guard, and the security guard checks the validity of the access card by comparing a photograph printed on the card to the person requesting entry. The physical appearance of the access card, as well as graphics printed on the card may be used to verify that the card was issued by the institution. However, as access to modern printing and manufacturing techniques has increased, it has become easier to forge access cards that rely only on printed graphics.
In some contemporary access-card systems, information stored on the access card is read by a card reader positioned near each entrance to the facility. In some implementations, the electronic reader reads a card identifier from the access card. The card identifier is then transmitted to a central computer system that compares the card identifier to a list of authorized card identifiers. If the card identifier is in the list of authorized card identifiers, an electronic latch near the card reader is activated, unlocking the entrance to the secure facility. In some implementations, the card identifier is read using a barcode or magnetic stripe on the access card. However, for a variety of reasons, many card readers use radio frequency (RF) communication to read information from the access card. RF-based access cards are convenient because authorized persons can merely position their access card near the card reader to gain access to the facility. In some implementations, the communication between the access card and the reader is able to span a distance of several feet or more in normal use.
Since the communication between the access card and the reader occurs over a distance, there is a risk that an unauthorized person might intercept the communications between the access card and the card reader in an attempt to gain access. In certain situations, by using specialized equipment, unauthorized persons are able to interrogate certain types of RF-based access cards from across a room without the card owner's knowledge. In some situations, the information gained by such eavesdropping can be used to create a forgery of the authorized person's access card without their knowledge.