The evolved principles of anti-pass-back

July 2012 Access Control & Identity Management

The term anti-pass-back is well known in the time & attendance and access control industry. For different people, this term has come to have different meanings. In its broadest sense, the concept of anti-pass-back can be viewed from three different angles:

1. Pass-back: Using token-based identification systems (cards, dongles, etc.), an employee is able to clock in through an access control system, and then pass his/her card back to one another person to use the same access token to gain entrance to a restricted area. This makes the employer vulnerable to having unauthorised personnel on his/her premises.

2. Pass-on: Conversely, having an employee sending his identification token to work with one of his colleagues, allows for the erroneous recording of working hours without having to physically show up for work. Needless to state that this kind of pass-on behaviour has a direct impact on a company’s wage bill, as productivity figures and presenteeism statistics are almost impossible to rely on with 100% certainty.

3. Tailgating: Tailgating refers to an employee following another employee through a door, boom gate, or any other access controlled mechanism without presenting his credentials. This can – to a large extent – be mitigated by the use of turnstiles. But even this is not foolproof (ask the skinny guys). If the necessity of providing credentials – be it token based or biometric – cannot be enforced, no system can prevent tailgating from occurring. In this instance, the system as a whole fails, and it is therefore a point that should be mentioned, but excluded from further discussions in this writing.

Dr Liam Terblanche
Dr Liam Terblanche

The anti-anti-pass-back

To combat these kinds of fraudulent behaviour, various solutions have been developed around the following principles: traditional-, regional-, timed- and nested anti-pass-back control.

Traditional anti-pass-back is a mechanism that simply relies on the alternative recording of In vs. Out movement. A person entering a parking lot must drive through the IN gate before being allowed to leave through the OUT gate.

Regional anti-pass-back takes this one step further in that the rules build on one another to provide better logic and control through various regions. A typical example of regional anti-pass-back is where a system disallows the entrance into a building if it was not preceded by an entrance onto the premises.

Timed anti-pass-back is a cost-saving solution where the system simply ‘forgets’ the status of a person after a given amount of time. An example would be entrance into a work area where a person can re-enter the same door without having to clock OUT through another door, if, say 20 minutes, have elapsed since the previous clocking.

The last iteration of the anti-pass-back principle is that of nested anti-pass-back where a designated sequence of entering/exiting certain doors is being enforced. This is typically implemented in high-security areas where the actual predetermined sequence forms part of the security of the system as a whole.

So how is anti-pass-back enforced?

‘Hard’ anti-pass-back simply denies access when the predetermined anti-pass-back rules are not met. ‘Soft’ anti-pass-back has a more forgiving approach in that it allows access through the controlled area, but follows that with a notification to the administrator that the anti-pass-back rules have been violated. It has been found that the soft approach has the added benefit of not creating bottlenecks at high-usage areas like turnstiles whilst hundreds of fellow employees try to enter the premises at the same time. Consultative and even disciplinary processes typically forms part of the soft anti-pass-back implementation.

Does biometrics spell the end of anti-pass-back requirements?

If one precludes the principle of tailgating, pass-back and pass-on behaviour, anti-pass-back in its traditional sense become irrelevant. It is physically impossible to clock through a device and then pass on ones fingerprint to another person to move through that same controlled point. But like every absolute, there is a way around it.

What has been found is that an employee may stand to the side of a turnstile, clock with his finger, and then stand back so that his friend steps through the now unlocked turnstile. He would then proceed to produce his biometric credentials again, to gain access to the premises for himself.

Although timed-anti-pass-back can mitigate this risk by introducing a delay before the same person can clock again, most modern-day biometric solutions are configured to act in isolation, meaning that the person can simply walk over to the next turnstile and clock in again within seconds after his first clocking.

The solution

Traditional token-based access control solutions required dedicated cabling so that real-time control could be established and hard anti-pass-back rules enforced. With modern-day biometric devices where access rules, time masks, public holidays and shift requirements can be loaded onto the device itself, the cost of installing these solutions has been hugely reduced as a simple network access point is typically all that is needed.

As soon as hard anti-pass-back control is required, however, additional dedicated communication between these devices re-introduces the cost of more cabling, Wiegand interfacing, additional controllers, and backup systems. The author is of the opinion that soft anti-pass-back in conjunction with biometric access control solutions is by far the simplest, most affordable, and almost equally secure solution available.

Proper configuration of the warning system of the soft solution is imperative. If a person misbehaves as in the example mentioned above, a warning – either via e-mail or SMS – to his superior could result in immediate intervention without breaching any security constraints.

In the end, it is a risk/cost trade-off. Having a real-time hard anti-pass-back system in conjunction with biometrics is by far the most secure solution one can have, and one would imagine various instances where this requirement would be a non-negotiable. Gaols and nuclear reactors are just two of those that spring to mind.

But for a large number of traditionally hard anti-pass-back scenarios, the replacement of token-based identification systems with that of biometrics eliminates the concepts of pass-back and pass-on behaviours to a large degree. Using timed anti-pass-back on the devices and soft enforcement of the anti-pass-back rules, a biometric access control solution can give you very similar levels of security at a fraction of the cost.

For more information contact Accsys, +27 (0)11 719 8000, pr@jhb.accsys.co.za, www.accsys.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

A contact-free hotel experience
Issue 7 2020, Technews Publishing , Access Control & Identity Management
Check-in and go straight to your room without stopping at the reception desk at Hotel Sky in Sandton and Cape Town.

Read more...
AI digitises coronavirus management
Issue 7 2020, NEC XON , Access Control & Identity Management
NEC XON is using NeoFace Watch and specialised thermography cameras to measure temperature and identify employees and visitors.

Read more...
Combining visual and IR face recognition
Issue 7 2020, Suprema , Access Control & Identity Management
The FaceStation F2 offers face recognition and anti-spoofing performance.

Read more...
Anviz unveils FaceDeep5
Issue 7 2020, ANVIZ SA , Access Control & Identity Management
Anviz Global has unveiled its new touchless facial recognition identity management and IoT biometric device.

Read more...
Touchless biometric options
Issue 6 2020, Entry Pro , Access Control & Identity Management
When it comes to estate access control management, the foremost topic of conversation at the moment seems to be the importance of touchless biometrics.

Read more...
Fast access to Kevro production facilities
Issue 6 2020, Turnstar Systems , Access Control & Identity Management
Employee and visitor access at Kevro’s Linbro Park premises in Gauteng is controlled through eight Dynamic Drop Arm Barriers from Turnstar.

Read more...
Know your facial recognition temperature scanner
Issue 6 2020, ViRDI Distribution SA , Access Control & Identity Management
Facial recognition with temperature measurement is, for the most part, available in one of two technologies – thermopile and thermography/IRT.

Read more...
Suprema integrates with Paxton’s Net2 access control
Issue 6 2020, Suprema , Access Control & Identity Management
Suprema has announced it has integrated its devices with Paxton’s access control system, Net2.

Read more...
Contactless check-in at hotels
Issue 6 2020 , Access Control & Identity Management
Onity has delivered the DirectKey mobile access solution to hotel chains around the globe, which allows for contactless check-in and property access.

Read more...
UFace facial recognition now in SA
Issue 6 2020, Trac-Tech , Access Control & Identity Management
Trac-Tech has secured the distribution rights to the UFace range of contactless biometric facial recognition and identity management IoT devices.

Read more...