We are constantly seeing significant changes in access control systems. These changes are due to the need for increased security following the events of 11 September, 2001, as well as a need for systems that provide greater functionality, are easier to maintain and are more economical.
Because of new opportunities to use hardware developed for industries such as transportation, computer, mobile phone and automotive, it is now possible to use this technology to enhance access control systems. In addition to the improvements noted above, standards will be developed that have previously been missing in the security industry.
The access control industry is fragmented and consists of a myriad of proprietary configurations and assemblies at the hardware and software level. It can be likened to the personal computer business before the advent of the PC. We have now grown accustomed to and appreciate the features presented by the PC's common standard platform.
Notice how the open architecture PC won over the closed Mac. Users can purchase a modem or a hard-drive anywhere and expect it to work in their PC with a minimum of trouble. Although Windows is a closed proprietary system at the operating system level, its omnipresence has made it a de facto standard. Over the past five to seven years, the Internet has taken over our lives to a significant extent.
The access control industry will go through changes similar to those seen in the personal computer industry, including tremendous increases in functionality and maintainability at a lower cost. Major shifts will occur in regard to the significant players in the industry due to mergers, acquisitions, and business failures for those companies that do not make the right moves at the right time.
Today, the access credential of choice is the low frequency proximity card (125 KHz), which is very dependable, inexpensive and has a read range of approximately 150 mm. Proximity cards contain a code typically between 24 and 96 bits. Since the data rate is low (2 Kbps), longer messages can take too much time to transmit to be practical.
The single IC chip inside the cards has become so small that further declines in cost due to size reductions are minimal. The most significant part of the card cost is the interconnection of the lamination and chip, combined with the cost of making graphic-quality surfaces required for satisfactory printing.
The need for greater security will drive the proximity card credential into more advanced technology. Propelled primarily by the transportation market, the fare card has evolved through several generations into a contactless smartcard. This market has driven down the cost of contactless smartcards while increasing their functionality. Chip feature sizes of 0,35 micron are becoming common. Based on its reliability, value and speed, contactless smartcard technology is now ready for the access control market. Transmission speeds of 108 Kbit are common, making large memory sizes practical.
Enhanced security with contactless smartcards
Contactless smartcards are more than just a memory card with additional capacity. They also contain logic that protects the card's memory from being duplicated - the message that is transmitted between the card and reader cannot be read or copied. The secret lies in an encryption protocol that exists in the secret keys within the card and reader. Without the keys, the message is indecipherable.
Access control alone does not require large amounts of memory, but the possibility of multiple applications existing on one card does. For example, transportation, cashless vending and access control applications can all exist on a single card, without any risk of one application compromising the security of the others.
The larger the memory size, the more difficult it is to manage. This has resulted in the emergence of contactless cards with a built-in microprocessor that can support the operation and effective dynamic partitioning of the memory.
Contactless smartcards conform to at least two international standards, the first being ISO 14443. The A and B versions are the only two variants that have been recognised. Use of the 14443 standard results in a rather short read range; the early introduction of cards conforming to this standard may have resulted in disappointing performance and contributed to the slow acceptance of this technology.
The second international standard is ISO 15693, originally intended for tagging of articles and goods. However, its superior read range makes it suitable for access control as well as many other applications.
The full potential of smartcards for enhanced security cannot be realised without combining it with biometrics technology, which, like smartcards, has been slow to penetrate the access control market. While common in government security, biometrics technology has been user-unfriendly and too expensive to be used for building access.
Moreover, the templates, which are the digital representations of the biometric, are typically large and difficult to manage in access control system databases. The solution is to embed the template (such as a fingerprint) in the smartcard. Upon entry, the card and user's finger are presented to a reader.
Fingerprint biometry will become the technology of choice for access control over the next five years, as it is the only biometric technology that provides a cost point low enough for the security market. Other biometric technologies include optical, capacitive, ultrasonic and infrared. Although these technologies work well for logical access control and secure log-on to computers, many lack the inherent ruggedness and resistance to vandalism necessary for physical access control.
Until an inexpensive, fast DNA sensor is developed, biometric sensors will likely remain imperfect. However, when used in conjunction with a smartcard, they provide an acceptable security solution for the next generation.
Ideally, the comparison between the template and the finger is made by a sensor located inside the card reader. If the presented finger matches the template, the card reader sends the card code to the panel and the door is opened. The success of biometric readers will be caused by the confluence of three criteria: the presence of low cost smartcards with large memories, the need for higher security and a significant drop in the cost of biometric sensors. All of these conditions are currently being met and will influence buying decisions over the next five years.
Access control system wiring configurations
Current wiring configurations
In a typical system the control functions fan out from a control panel to the various doors in a facility. The card readers are connected to the door by Wiegand protocol, and the control panel may or may not be connected to a host computer through RS485.
All other functions at the door, such as the Door Open/Shut sensor, the Request to Exit switch and the auxiliary controls, are wired directly back to the control panel. This wiring is a large part of the installation cost of an access control system.
Future wiring configurations
In the future, access control systems will likely consist of a group of doors under the control of an intelligent group controller (IGC). This controller will supervise a group of door controllers through RS485. Each IGC will communicate with the System Supervisory Software through TCP/IP, either directly through a LAN or over the Internet.
Each IGC will have its own database and will be capable of monitoring and controlling a group of doors by itself. From the IGC to the door controller, all program code will be Flash Memory. The host will have the ability to change program code in all units of the system through control messages.
Star-type door wiring configurations
The wiring at the door is made more compact and simple by the presence of the door controller. It connects to all of the functions of the door in a star configuration. Typically, the controller will be positioned above a door in the ceiling and will receive messages from both the incoming and outgoing card readers through Wiegand protocol. The IGC can download special code to the controller's flash program memory for special functions or for system upgrades and maintenance.
Other future wiring configurations
A second future system configuration is suitable for smaller installations or one where the doors are further apart and have TCP/IP available close to each door. This configuration might be appropriate for a new building. The card readers on the doors have RS232 connections, and would be appropriate for use with smartcard readers.
This system would have the capability to download data from the host, down through the WAN or LAN, through the Intelligent Door Controller, to the smartcard. This capability would be useful in maintaining another application on the card.
All of the communications in this type of system would be encrypted to protect the integrity of the system. Each channel would be secure, from the data path between the card reader and the card to the Intelligent Door Controller. Inexpensive hardware providing this capability has been developed for the mobile phone and other industries.
Smartcards will be especially useful in systems where it is not possible or economical to wire the card readers to a central controller. It is possible to put all of the data necessary to control access to a facility onto a card (ie, the day(s) and time(s) a person can enter the facility). All that is required for a reasonably secure system is an internal clock in the card reader. Disenrolment can create problems, but ingenious schemes have been devised to bypass this issue.
New technology has enabled wiring to be easier and more manageable, with the exception of the area surrounding the door. It is still necessary to connect each piece of hardware with different and unique wiring, which is time consuming and prone to error. Once again, technology borrowed from a different industry can provide a solution.
In the automotive industry, door locks, windows and switches used to be uniquely wired to their respective control points. This required large amounts of copper, despite the endeavours of manufacturers to cut down on the weight of the vehicles in order to save fuel. They devised a very simple control bus, which enabled all the devices noted above to be strung on a common bus and addressed uniquely. The automotive industry drove down the cost of this technology and created powerful chip sets to support it.
Bus type door wiring
Each node or hardware device has a standard connector that links it back to the door controller through a common bus. The door controller knows what hardware exists around the door (just as a PC knows what devices are attached to it). The door controller would be 'plug-and-play', similar to a PC.
The rules controlling each device on the door can be preset by the door controller manufacturer, or can be downloaded from the host computer to the Flash Program Memory. Alternatively, global rules can be changed for different countries.
Standards will emerge in several places in the access control system of the future. The higher-level communication link between the intelligent controllers and the host provided at the lower levels by TCP/IP will become industry standards. The first offerings in the market must provide this protocol as an open standard or it will fail, as did the Mac in its rivalry with the PC.
Likewise, the bus-controlled door wiring must also be an open standard. Very few companies offer all of the necessary components around a door (ie, electric door strikes, magnetic locks, electric locks, pushbuttons and card readers), so few can achieve this without cooperation throughout the industry.
The access control industry will experience dramatic changes by borrowing technology from the transportation, computer, mobile phone and automotive industries. Businesses protected by proprietary components must consider whether to start working with the rest of the industry towards developing an open standard, or be left behind.
Installation companies will undoubtedly look forward to stocking hardware that can be used on a wide range of manufacturers' systems. Large corporations will specify access control systems that can be upgraded over time and support multiple application platforms.
For more information contact Assa Abloy Identification Technology Group.
© Technews Publishing (Pty) Ltd | All Rights Reserved