Access on the edge
November 2017, Access Control & Identity Management, Integrated Solutions
As technology advances, access control readers, especially biometric readers, have taken on more functions. They can now store large databases, enabling offline operation when networks are down, while eliminating the need for external controllers by incorporating relays on the device, allowing for direct input of sensors such as door-left-open and alarms and even direct connection of release-to-exit buttons where biometrics only control one way access.
Benefits derived from this include simplified installation and, in most cases, cost effectiveness. This came about with the era of ‘IP convergence’ as previous readers left processing and communication to the controller and did not have a direct network interface. Then, with IP on the rise, processors became cheaper and the new thing became having a direct network interface on the device. This created excitement for corporate IT departments and fitted right in with keeping control in the hands of the corporate, leading to endless conversations of the changing role of security managers or merging the same into the IT department.
The challenges created by distributed access control topologies
What this power play did not consider was that these devices were not the standard Window, iOS and Linux platforms which could be included in the midnight anti-virus and malware scan, and as with anything new it was not necessary as these black boxes ran propriety OS kernels and communication protocols and were therefore not exposed. This created new challenges and therefore opportunities for villains, which now had these in their reach and who could try and make them do what they wanted, or if not successful, would simply break them, creating loopholes and overrides in the ‘unbreakable security’. Soon we heard about device weaknesses and malware taking over IP cameras and security devices.
Then the hot topic of identity theft and the privacy of personal information also had its say. If devices are intelligent, can operate offline and sit outside of the office, what stops someone from stealing my data by stealing the device? A good and logical question coming from a supposed non-expert in access terminal data storage and biometric data reconstruction. It remains a valid question though, as consumers cannot always ensure that best practices are followed by manufacturers and that someone cannot peep into these mostly proprietary black boxes. Going hand in hand with the device on the edge, since it controls the relay to open the door, what stops someone from removing the device and triggering the lock?
Some of these downfalls enter the realms of Mission Impossible and James Bond, but as we know these are drivers of innovation in technology, luring those infiltrating cyber security, in turn causing manufacturers to improve and sell more products. This is the infinite loop we are in with technology: produce, break, improve, sell and repeat.
So are we going back to centralised topologies?
Most of these decentralised challenges have been resolved, for now, by adding peripherals to move the relay back into the roof, data encryption and including certificates for devices. So decentralised is here to stay, but going through the process has helped us relook the benefits and downfalls of both. Some questions that came about were:
• Is it really more cost effective to have network cables going to each door?
• Yes, it’s definitely nice to have everything on one device, but does it always make it easier?
• Having a direct network connection to a device surely introduces convenience when managing devices, but how does it weigh up against having to manage communication to all these devices and does it create more points of failure?
• Today, an intelligent biometric access control device, managing half a million records, costs about the same as a non-intelligent device a decade ago. However, if we removed some of that intelligence could we make solutions even more efficient and cost effective by performing the functionality on a controller?
In short, the answer depends on the implementation. There is no one size fits all.
Centralised topology definitely has a place, but some things have changed. When using centralised controllers we now need to have more power. Users became used to 150 000 matches per second on a device and if we want to move back to centralised, we need to make sure we keep offering the same, but for multiple unintelligent devices. Controllers also need to offer the same flexibility, managing external inputs, provide Wiegand interfaces to ease upgrading current systems and support OSDP as a form of secure open platform communication to mention a few.
Suprema’s CoreStation address all these needs. It is not here to replace our leading decentralised topology, but rather to offer our clients more options to better suite their security needs and pockets, depending on their requirements. No need to choose because one segment of your access control implementation might benefit by centralising door control where others might be more effective utilising decentralised.
Manufacturers and system designers now also have this intelligent controller with massive high-speed fingerprint matching, using Suprema’s pace-setting algorithms, available to them to translate all the benefits to their users.
Intelligent biometric controller
CoreStation fulfils the demand for biometric technology within more secure, larger-scale access control applications that utilise a centralised topology. It has the capacity to handle half a million users with a fingerprint matching speed of up to 400 000 match/second and simultaneous matching speeds of up to 8 devices in 1 second.
On the security side, the CoreStation enhances levels of security over edge-based IP access control topologies. Taking full advantage of centralised access control, CoreStation provides for secure storage of biometric data and secure wiring options. In addition, by featuring secure TLS 1.2 communication and 256-bit (AES-256) encryption, CoreStation offers the most stringent data security available today.
CoreStation provides a multi-port interface for fingerprint/RF readers and also supports locks, sensors, release-to-exit and alarm devices. It delivers comprehensive access control functionalities for up to 132 access points through the company's BioStar 2 security platform and also allows access control manufacturers to take advantage of the same for their platforms. The device interfaces with a complete set of reader technologies including RS-485 (OSDP) and Wiegand further extending its flexibility and scalability.
In a statement announcing CoreStation, Suprema’s global business director, Hanchul Kim, commented that “with its extension module peripherals, reader compatibility and versatility in application, CoreStation will provide perfect access control solutions for both new installations as well as a replacement of existing systems.”
Suprema offers you more choice and flexibility in designing your security system with recently launched BioEntry R2, a dedicated slave fingerprint/RF reader which together with the CoreStation, completes your biometric-enabled centralised access control system.