A Plus ID » ID Security Systems Learning Center » Card Access Control Basics
Card Access Control System Basics
Access Control Basics
Access control is vital to providing a safe and secure environment. Restricting access at specific entry points to authorized people is the basic definition of access control. The process of designing an access control system that meets your needs involves mixing appropriate technology with facilities management and existing construction environments.
Implementing an access control system where none currently exists will definitely force change on the users of the facility. Before one begins to develop an access control strategy, one must make sure to understand general client expectations.
Although it would be seem obvious that no one would invest money in an access control system that did not limit access, the degree of access limitation you want, or can, apply to your facility will be extremely important. Design for access control is based on specific functions of the facility.
This section is designed to help you understand an electronic access control system. This has sometimes been considered a minefield in the past by companies mostly familiar with intruder alarms and CCTV. A Plus ID, however supplies "usable" technically advanced products that require little training.
Why Electronic Access Control?
Old-fashioned locks, keys and key pads leave much to be desired in anything other than a domestic environment, because:
- Keys are easily copied
- Each person may require several keys
- Lost and stolen keys represent a major security risk, requiring time and money to solve
- Key pad codes are often forgotten
- Key pad codes are often shared with others
- Neither system tracks entry/exit and maintains an event log
With a modern electronic system these problems are a thing of the past.
Electronic systems can provide additional security by enforcing time rules, by raising an alarm in the event of an unauthorized attempt to gain access, and by recording all access movements, in and out, for analysis in the event of a security breach or facility emergency.
Is access control difficult to specify and install?
When A PLUS ID in cooperation with their client determines the basic facility requirements, selecting system components can be quickly narrowed down.
Basic questions regarding the number of doors and people will usually indicate a specific operating parameter and system component types.
Survey a site and assess risks
Total security is something to aspire to, but most commercial organizations – as opposed to the government, the military etc. – evaluate how much security is appropriate to the risk, and this will inevitably involve budget considerations. The best security systems reduce the immediate risk while allowing for non-redundant expansion as needs grow – not just the need for more doors and more people but also the need for more security. Unfortunately, we do live in a time when each year, the risk increases.
In developing an access control proposal, A PLUS ID will provide a comprehensive site survey. This site survey will involve assessing where and what are the highest risks, and establishing how the risk may be reduced. For example, a high risk may be where there is a combination of the following factors: an un-secured door, with no people about on either side of the door, leading to an area where vandalism, theft or abduction may occur.
Once established which doors need to be controlled, A Plus ID will establish how much control to apply. This is rarely a case of "all-or-nothing" – where any person with a card can gain access wherever and whenever they want – and so it’s necessary to look at various enhancements to establish which ones can be applied:
||How it works
||Where it is of benefit|
||Each person can only go through certain doors.
||If some areas in the organization are felt to need higher protection than others, for reasons of, for example, theft or confidentiality. This is probably true for most organizations.|
||Each person can only go through certain doors at certain times.
||If there are times of day or days of the week when certain people should not be present – for example, a business whose normal office hours are 9-to-5 might wish to allow access only during the hours of 8 a.m. until 6 p.m.|
||After using a card, a person must type in a PIN before the door will open
||If there is a risk of lost or stolen cards being used. This risk may be at its highest when the number of people in the area is at its lowest – in which case this feature can be scheduled automatically.|
||After a card has been used to gain access to an area, it cannot be used again for a given time ("timed anti pass-back") or until the card has been used to leave the area.
||Where there is a risk of one person inside an area handing a card to someone outside the area. The risk is higher where turnstiles are installed, because ordinary doors allow "tail-gating" anyway.|
||A door will not open unless another door is closed.
||Where there is an "air-lock" situation – e.g. dust-free zones – or where tailgating can be prevented by two doors close together with room for only one person in between them.|
||Any "unexpected" event or "abnormal behavior" can be notified to a supervisor, who can then establish what happened and decide how to respond.
||This can benefit every installation. For example, if a door is left open too long, or a person tries to gain access where they are not allowed, then these represent risks that can and should be eliminated. There are many different types of events that can be detected and dealt with – too many to list here.|
||"Spare" inputs on the access control system can be used to monitor windows, fire exits and the like.
||If there is a risk that open windows and fire exits could allow people to by-pass the access control system.|
A word about identification
All electronic access control systems work on the bases of identifying a person before deciding whether to unlock the door. The means of identification fall into three categories.
PIN-only entry systems
These are the least secure. Those with a common code – where everyone uses the same number – are the cheapest and least secure.
Slightly better are unique PIN systems, where each person has a different number and these do at least allow you to delete a single code if it has become "compromised". But there is still the risk of deliberate or accidental passing on of a code, and little way of knowing that this has happened.
This type of system is the most popular, and the type that the remainder of this section will focus.
Token based systems, using cards, tags etc., provide much better security. Each token is usually unique – or as near to unique as makes no matter – and if you are concerned about stolen tokens you can require a PIN number in the way that cash machines do.
The choice of card technology can seem bewildering at first, but each technology has its own set of unique characteristics and pricing structure. Fundamentally, there are two types – those that you have to insert or swipe, and those where the card is read at a distance. The latter kind is mostly short range (i.e. proximity) working from 2" up to 6".
After several years in existence, biometric systems are only now starting to find acceptance in the general, as opposed to specialized, security market. Fingerprint recognition seems to be the most popular at the moment in terms of cost, accuracy and acceptability. Facial recognition is a technique that has been proven and the price/performance ratio is no longer cost prohibitive.
Components in a token-based system
This is what the person carries in order to identify himself or herself to the system. It may be credit-card-sized, or it may be more like a fob on a key-ring. It may have to be "swiped" through a slot in the reader or merely brought to within a few inches ("proximity").
If there is no pre-existing reason for choosing one technology over another (e.g. if the cards have to also be used in another system such as a time-and-attendance recorder) then the choice of technology will be based on cost of readers, cost of cards, level of security offered and personal preference:
||Mis-reads are common. Readers are usually not weatherproof. Cards are easily damaged through accidentally erasure of the coding.|
||Old technology; often site-specific so long lead-times at manufacture|
||Small readers, mis-reads are rare. Cards are more secure and more robust than mag-stripe.|
||Medium to High
||Easy to use and cost effective. Most cards are "passive" (i.e. contain no battery) and therefore have an unlimited life.|
||Can read when you don't want them to; e.g. walking down corridors past doors. Most cards are "active" (i.e. contain a battery) and therefore have a limited life.|
|Smart Card (e.g. Mifare)
||Can be useful where several different systems are installed and only one card per person is wanted.|
* Card security – the risk of copying - is not a single issue. It relates to the need for time, equipment, money, and special material. It also relates to the risk of the copying being detected.
ID Card Reader
This is what identifies the person to the controller, by reading the card and sending its unique identity.
Some readers are more prone to vandalism than others, so risk-assessment needs to be carried out. If a reader is attacked, it may result in unauthorized access (see "intelligent readers") but usually will result in authorized people being denied access. Some proximity readers can be hidden behind panels so that being invisible better protects them.
Two readers may be required on some installations – either to enforce anti pass-back rules or to monitor everyone’s whereabouts. But this only works if turnstiles are used.
Access Control Locks
The choice of lock depends firstly on the door – electric strikes or bolts, magnetic locks, turnstiles or barriers are all options depending firstly on the architecture – and secondly on the required resistance to attack.
As the "lock" is normally located on the edge of the door furthest from the hinge, double-doors represent a particular problem unless one door is fixed closed during normal operation (i.e. it is normally opened only for emergencies or to allow large objects to pass through).
Another problem situation is a door that "swings" – i.e. opens both inwards and outwards so it can be pushed open from either side. Frameless glass doors also require special solutions.
All lock types have their advantages and disadvantages – if you are unsure which type to choose then gather as much information as possible about the door and we will suggest an appropriate solution.
Magnetic access control locks have become very popular as they provide rapid solutions in a wide variety of circumstances – often without the need for major surgery to the door, frame or pre-existing "furniture".
There are two types: face-to-face for outward opening doors and shear locks for inward opening and swing doors. These locks are available in a range of strengths and designs. Note that some designs will reduce "headroom" and may have health-and-safety implications if there is a risk of injury from the metal edges of the mechanism.
The door sensor is an optional piece of equipment, which serves two purposes:
- For access control, the door sensor provides an extra level of security. If the lock release time is set to 10 seconds, it is quite possible for someone to get through the door in only two or three seconds after using their card. This leaves seven or eight seconds of 'un–expired' time, during which (if no door sensor was fitted) the door could still be opened. However, if a door sensor is fitted, then as soon as the door opens the lock release is de–energized. The door re–locks as it closes.
- For access monitoring, having a door sensor fitted means that all occurrences of the door opening and closing can be monitored from the security server.. Also, relays can be set to operate – and thereby sound an alarm – if a door opens when it shouldn't (i.e. the access control system had not released the lock), or if the door stays open for too long.
This is an optional piece of equipment, which allows people through a door – from the secure area to a less secure area – without the use of a card or PIN. Pushing a button causes the lock to be released, just as if a card had been entered (i.e. for the pre–programmed 'lock release time').
This is sometimes used as a 'reception' button, where someone inside the building can let someone else in.
More commonly, the egress button permits a person to exit the building or room. Although certain types of door lock mechanisms permit egress by turning the handle on the inside, this may be detected by the security server as a 'door forced' situation. In other words, the door has opened but no card or PIN was used. Installing an egress button eliminates this issue.
Note that fire regulations require people to be able to exit an area without depending in any way on electrical systems.
Door Ajar Sounder
An access control system is useless if the door is propped open. If a door sensor is fitted, then a sounder can be used to alert anyone in the vicinity that this has happened. Loud buzzers are very effective at persuading people not to do this in the first place!
Separate door controllers control one door or several. All authorization and event logs are contained within a door controller. This means that if the security server were to fail the authorizations would continue through the door controller and the facility would remain secure.
Software provides a means of programming cards and setting the rules for the system – normally this information is sent to the controllers so that it is the controller(s) that make the decisions. These rules are also stored in a database on the computer so that (a) you can see what you have programmed and (b) if a failed controller has to be replaced then it can be re-loaded with the necessary information.
Software will normally also monitor the system, recording events (e.g. who has gone through which door and when) and saving the information to disk so that reports can be printed. Normally, you will be able to view these events in "real-time" so that you can watch as people move around.
People don’t want to get out of their cars so that they can use their card to raise the barrier – this is an ideal situation for proximity readers.
If a car park cannot hold all the cars that might want to use it, then some form of occupancy control needs to be implemented. This can sometimes be part of the barrier system, where a counter can be reset when the car park is empty, and from then on counts all the cars in and all the cars out. The barrier will not be raised if the counter is above a set limit. This form of control can also be applied by the access control unit, which counts cards rather than cars and can be cheaper to implement as it may reduce the need for vehicle loops.
Remote sites can be considered as being of two types – those where local administration and monitoring is required, and those where it is not.
If local administration is required, then usually the two sites will be linked together by a permanent-available connection – for example a wireless access point. This is because in any system there is usually only one database – and any administration terminal must be linked to the database.
If local administration is not required then an occasional connection may be implemented. For example, dial-up modem over conventional telephone lines. The central computer will connect to the remote site whenever there are commands and card numbers to be sent, and will also connect on a regular basis to collect event data. The access control units on the remote site will connect to the PC whenever there is an alarm to report.
An access control system will generate event data that may be useful in analyzing what happened after an incident has occurred. However, nobody is likely to want to sit in front of a screen watching this happen in "real time". This is where alarm management comes in – this is the principle of notifying someone only as and when a specified event occurs.
The general principles of good alarm management systems can be summed up as follows:
- It must be hard to miss the fact that an alarm has been raised
- It must be easy to establish what the event was, and where it happened
- If there is more than one alarm, it must be easy to establish which is the more important one (importance is pre-defined by the system administrator)
- The operator must be able to find out what he or she is supposed to do about the alarm
- The system administrator must be able to find out what alarms have occurred, which operators dealt with them and how quickly they did so.
Employees versus Visitors
Even trusted employees should be controlled. Essentially, by giving them a card you are saying, "I trust you". But even if you have thoroughly vetted all your staff, and have done psychological or background profiling to establish trustworthiness, circumstances change.
By restricting access only to those areas and only during those times decided by the Administrator, the risk is minimized. Also, if someone has been told exactly where they can and can’t go, and they try to "bend the rules" by trying their card in a prohibited area – or if someone has stolen their card and is trying gain unauthorized entry because they don’t know where that card is allowed – the system will alert the proper authorities!
Anti pass-back also prevents a dishonest employee from gaining access through a door or turnstile and then passing their card to someone else.
And if you don’t discover until much later that a security breach has occurred – the event log will show you all events from the system – doors opening, closing, being left open too long, fire doors propped open. It may well be that the monitoring is as useful as control in providing deterrence.
A Plus ID systems provide these additional features and they naturally are included within the software.
Un-attended visitors should be treated in the same way as employees, with one extra consideration – if a visitor does not return his or her card then it should be voided. A Plus ID can do this automatically.
Integration with other security systems – particularly CCTV – is becoming a common requirement. In an unattended situation, rather than having the CCTV system switch through the cameras on a programmed sequence, it is possible for the access control system to react as an unusual event occurs by sending a command so that pictures are recorded at the location of the event for later analysis.
Another integration feature of A Plus ID access control systems is for high-security low-traffic situations, for example late at night, where you might want a guard to decide whether to allow access or not. If the guard is not close to the point of access, which is quite possible where more than one point of access exists, then when a user swipes their card, the system can:
- Alert the guard that someone wants to gain access
- Bring up a picture stored in the access control database of the true owner of the card
- Switch a CCTV camera so the guard can see the live picture of the person standing there
The guard can check that the two images match, and release the door by simple command to the access control system. This need take no more than a few seconds – and the guard might be many miles from the door!
Where guards provide security, they may well be responsible for dealing with alarms generated by the access control system. If they are on tour around the site, they could be alerted by a message sent to their pager or mobile phone. Also, while on tour, if they fail to use their card at a certain point by a certain time, the system could raise another alarm to summon help in case they have been attacked.
Intruder alarms are normally active out-of-hours, while the access control system is mainly used during work hours. However, at the point where these two overlap – e.g. first person in and last person out – the access control system can over-ride the intruder system by shunting intruder detection contacts or arming or disarming the system. Also, if a security incident occurs, comparing event logs from the two systems can provide useful evidence.
The limitations and economics of running cables need to be considered:
- Reader cables have limitations due to signal degradation over distance. Typically, 100 meters is the limit on 24awg – but it is substantially more with proper cable gauges.
- Low-capacitance cable will normally be required for reader and communications cables.
- Lock-strike cables have limitations due to voltage drop. Simple calculations are employed to determine what specification of cable to use.
Other Benefits from Access Control systems
There are many ways in which an access control system can benefit an organization.
Security can be further enhanced if the access control card also bears a picture of the rightful holder. If staff members are instructed to challenge anyone not wearing a card, or if the picture doesn’t match the face, then every employee suddenly becomes an additional security guard.
Because the system can record all comings and goings, the data can be used for other purposes. For example, calculation of the time spent on the premises can be used for attendance totals, and this in turn can be cross references with payroll records in case of discrepancies. Further, in the event of a fire alarm or other catastrophe, the system can list all those people on the premises and also those who have presented themselves at muster points. This does require significant enforcement of rules requiring every person to swipe in as well as out even if someone holds the door open for him or her.
In closing, let us remember one vital thing:
Don’t forget the people who have to use the system. If the system makes it hard for them to do their job – in particular through queuing to get through turnstiles, or being refused access where they should have been allowed - eventually it may have to be de-commissioned or significantly revised. Fortunately, A Plus ID along with MDI has mastered all of the aspects we have covered of benefit to the employees as well as the employer, and problems such as this are rare.