TIP-based authentication technology

1 Overview

This article refers to the address: http://

Access control systems are moving away from the limitations of traditional cards and readers, entering a new field of configurable credentials and contactless technology. In new areas, mobile phones and other devices can carry "digital keys" that are received over the air or over the Internet. With the increasing mobility of people, new demands for the security and reliability of identity authentication have emerged, pushing virtual authentication to replace key card access. In order to cope with the challenges of uninterrupted connectivity and the explosive growth of fully distributed smart devices, it is necessary to develop an infrastructure solution to support evolving access control system applications and drive all related new product development efforts. Near Field Communications (NFC) is a technology that is expected to achieve the above goals, but to ensure its security, the industry must establish an integrated chain of custody-based authentication method - by this method, the system Or all endpoints in the network can be authenticated so that authentication information between endpoints can be reliably transmitted at all times. Next, this article will introduce HID Global's recently developed Trusted Identity Platform (TIP) as an example.

2 System Introduction

TIP is a secure and trusted network that provides an authentication transport framework for the delivery of secure products and services. It is a comprehensive framework for creating, delivering, and managing secure authentication. Simply put, the infrastructure is a central security repository that delivers services to known endpoints (such as credential cards, card readers, and printers) over a secure network connection and based on a public encryption key management security policy. HID Global refers to it as a “regulated” system—all devices connected to the system are known to exchange information reliably and securely. The TIP architecture is fully scalable, and its transport protocols and encryption modes conform to a variety of standards to support multiple applications. TIP systems can also implement virtualization and cloud-based models to deliver service delivery over the Internet without compromising security.

TIP provides a protected authentication transport network that verifies all endpoints or nodes in the network, so the information transfer between nodes is trusted.


Figure 1 TIP model diagram

The TIP model (shown in Figure 1) contains three core elements, Secure Vault, Secure Messaging, Key Management Policy and Practices. The security library provides secure key storage for known and trusted endpoints. The secure communication method uses a symmetric key method that conforms to industry standards to transmit information to each endpoint. The key management policy and specification set the security repository. Access rules and rules for distributing keys to endpoints.

Let's take a closer look at how to set up endpoints and reliable information transfer.

Only after the TIP node protocol is implemented will the endpoint be enabled and then recognized by the "secure library" and registered as a reliable network member. The endpoint then communicates with the Security Library.

Endpoints such as credential cards, card readers, and printers communicate with the "safety library" through software workflows, and their access and processing rules are strictly controlled by HID Global's "key management policies and specifications" - only certified devices It is possible to join the network (unlike any Internet where any computer can access any website), thus forming a hidden and strict authentication mechanism.

TIP messages between endpoints are encrypted using industry-standard encryption methods for secure information transmission in compliance with public security policies. These TIP information packets are protected by two nested symmetric keys, which contain "Secure Identity Object" (SIO) information. Multiple SIOs can be nested into a single TIP message to provide a variety of instructions to a variety of different devices, such as access cards, smartphones, and computers. Each device can have different access control features if necessary. For example, the simplest SIO is to simulate the credential program data on an iCLASS card.

Once the authentication between the "secure library" and the endpoint device is passed, the device is considered "trusted" in the network. Trusted devices no longer need to communicate with the secure library and can work independently. In this way, the transmission of information between endpoints (such as credential cards and card readers) is "trusted", and the resulting transmission of information (such as opening a door or logging into a computer) is also considered To be "trustworthy."

With the support of short-range wireless communication technology, mobile phones using this technology can be supported as TIP endpoints, so they can be programmed with different SIOs to implement analog cards or more complex applications, which can be authorized to pass through the access control. The system can also implement complex access control rules that are interpreted by itself.

3 Development status and prospects

TIP has been deployed since the end of 2010 and has announced its partnership with HID Global's first partner, NSF chip leader INSIDE Contactless, to take the lead in a believable, virtual and on-demand authentication network. step. INSIDE Contactless is one of the few companies that are driving NFC trials around the world. This groundbreaking collaboration will enable NFC-enabled handsets to incorporate iCLASS? access control and credential information like physical smart cards. This credential information will be provided through HID Global's TIP system and will be used in conjunction with other network services and real-time communications in the future. HID Global plans to launch other similar partnerships that combine HID Global's non-contact solutions with other vendors, NFC technology and other widely used technologies for user authentication, cashless vending and computer security. Sign in and other applications to create a platform that is widely available (covering everything from mobile phones to laptops). These platforms and applications will significantly increase the value proposition of contactless smart card credentials.

Fireproof Safes

Fireproof safes (Fire-resistant safes) are designed to protect its contents from high temperatures and fire.


All of our products can pass CE and UL certifications;

Digital and mechanical variants available;

The effective time of resistance to damage is from 0.5-2 hours;

Door bolts are in a 4 way coverage 

Fire Safe

Financial Fireproof Safe,Lcd Display Fireproof Safe,Mechanical Safe ,Double Key Fireproof Safe


Posted on