A card access education.A CARD ACCESS SYSTEM, WITH its unique ability to both control and audit personnel movement, can be a key component of a risk management program. In the past, due to its cost, card access could only be justified in high-risk areas. However, as the cost of card access systems drops while the cost of mechanical locking systems increases, card access will become increasingly important. Many good reasons can be stated for using a card access control system rather than conventional locks and keys. While the lock and key approach has served well, it has some significant limitations that could not be overcome until recent advances in electronics. Since locks are mechanical devices that depend on the physical characteristics of a key to release a locking mechanism, each key for a given lock must be identical. If only one key exists, security of the lock is not threatened unless the key is lost. In a typical commercial or industrial facility, the number of keys in circulation can range from a few to several hundred. Each time one of these keys is lost, security of the area or areas its corresponding locks control is compromised. Security can only be restored by rekeying In cryptography, rekeying refers to the process of changing the encryption key of an ongoing communication in order to limit the amount of data encrypted with the same key. the affected locks and issuing new keys. If only one lock and a few keys are involved, the cost of rekeying locks and reissuing keys can be modest and the logistics manageable. As the number of locks and keys increases, rekeying quickly becomes impractical for all but the highest-security areas. For medium-security areas, the only practical response, until recently, was to do nothing and hope the key did not turn up in the wrong hands. While this position was never comfortable, the security manager simply had no cost-effective alternative. Unlike keys used in a mechanical lock, access control cards each contain a unique encoded number. When a card is presented at a reader, a table lookup Searching for one item in a list or matrix of data (the table). Table lookups are used in countless operations to obtain a value or set of values such as retail and wholesale prices, product descriptions, street addresses, network routes, IP addresses and machine addresses. determines if the card is authorized. The table can reside at the reader itself, at the controller to which the reader is connected, or at a central computer. If the card is authorized, the electronic locking device for that door is released to allow access. When a card is lost or stolen, its number is deleted from the lookup table An array or matrix of data that contains items that are searched. Lookup tables may be arranged as key-value pairs, where the keys are the data items being searched (looked up) and the values are either the actual data or pointers to where the data are located. . Security is not compromised, and replacing the card is the only cost. True card access systems should not be confused with common-code card systems. The cards in common-code systems all contain the same encoded number. Such systems offer no advantage over conventional key systems because all cards must be reissued every time one is lost. In true card access systems, each card contains a unique encoded number. This number provides a secondary benefit, which has been largely unrecognized and unexploited, particularly in small-scale systems. This benefit is the ability to generate an audit trail printout (PRINTer OUTput) Same as hard copy. of all cards granted access. At least half of the security benefit of an access control system lies in the deterrent value of its audit trail. As a minimum, this record will contain the following information: * date of access * time of access * access card number * card reader identification * type of transaction (access granted Access Granted is a television program on the Black Entertainment Television network (BET) which allows viewers to go behind the scenes of the making of music videos by various artists. Each episode features a different artist. or denied) This information can be printed on a logging printer or transmitted to a computer (typically a PC or compatible) for storage in a disk file. By saving this data on a disk, system managers can selectively search for information on a specific time frame, card number, or card reader. A greater benefit is that this data may be directly read by an appropriate time-and-attendance software package. With such a software package, the entire payroll function could be automated. Card access systems that void and validate individual cards have existed for well over 20 years, However, their high cost precluded use in all but the highest-security areas. When they were first introduced, installation commonly cost $12,000 to $15,000 per reader-controlled door. Since prices have now dropped to under $2,000 per door, the use of card access is cost-effective for even medium-security areas. The rapid growth of the card access industry has been fueled by this dramatic reduction in cost. Though the cost has dropped significantly, card access systems will always be more expensive than mechanical locks. To determine whether the cost of card access is justified for a specific application, two factors must be considered: the number of individuals authorized to access the area and the significance of the loss that could result from theft or vandalism by unauthorized as well as authorized personnel. (See Exhibit 1.) In addition, installation costs can vary widely from system to system. The following factors can dramatically affect installation cost: * Cable type. Some card access systems require shielded cable A shielded cable is an electrical cable of one or more insulated conductors enclosed by a common conductive layer. The shield may be composed of braided strands of copper (or other metal), a non-braided spiral winding of copper tape, or a layer of conducting polymer. , while others do not. Not only does shielded cable cost more than nonshielded cable, but the overall cable diameter is also much greater. Because of a wider cable diameter, a larger conduit may be necessary. * Alternating current (AC) requirements. Some systems require AC at the control unit as well as at each door. Others require AC only at the controller. * Reader styles. A broad range of card reader styles are available for both flush and surface mounting. While flush mounting is preferred, it can be costly if used with masonry or poured concrete walls. Surface-mounted readers should not protrude pro·trude v. 1. To push or thrust outward. 2. To jut out; project. more than two inches from the wall. A vertical mullion-style reader is also available and can be installed in a door frame. Using this style of reader can result in significant cost savings if glass is on both sides of the door. * Common power source. If the locking mechanism derives power from the control unit, a common power source is preferred. This common source avoids the need for a separate transformer and power supply if the locks require direct current (DC). A common supply is of greater benefit if standby battery backup See UPS. is required since both the card access system and locks must be supplied with power during an AC outage out·age n. 1. A quantity or portion of something lacking after delivery or storage. 2. A temporary suspension of operation, especially of electric power. . Understanding the basic architecture of a card access system is also important. (See Exhibit 2.) The following information provides brief descriptions of each element in a typical system: Control unit. This unit contains the microprocessor, program memory, and card number lookup table (access card memory). The lookup table should be stored in nonvolatile memory See non-volatile memory. so that data is not lost during a power failure. Using a EEPROM (Electrically Erasable Programmable ROM) A rewritable memory chip that holds its content without power. Although EEPROMs spawned flash memory, EEPROMs are byte addressable at the write level, whereas flash chips must erase a block of bytes before rewriting. (electrically erasable programmable read-only memory (storage) Electrically Erasable Programmable Read-Only Memory - (EEPROM) A non-volatile storage device using a technique similar to the floating gates in EPROMs but with the capability to discharge the floating gate electrically. ) is preferred since the memory chip or chips can be readily transferred from a failed control unit to a replacement unit. This approach can eliminate the time-consuming task of reloading Reloading A term lenders commonly use to refer to the habits of borrowers taking out loans to repay the balance on other loans. Often reloading is done to take advantage of lower interest rates offered by other loans, and potential tax benefits. access card memory. Electric strike or magnetic lock. Electric strikes are modest in cost and work well on single doors. Magnetic or mag locks consist of a powerful electromagnet electromagnet, device in which magnetism is produced by an electric current. Any electric current produces a magnetic field, but the field near an ordinary straight conductor is rarely strong enough to be of practical use. secured to the header of the door and a metal plate secured to the door. Mag locks provide a sealing force of up to 1,700 pounds and are better suited to double doors than are electric strikes. Mag locks are approximately three to four times the cost of strikes. Also, in some applications, a mag lock is required to comply with fire codes. Ideally, the control unit provides power for the locking device. As an alternative, it can be equipped with a relay that switches it to an external power supply. Door contact. The door contact lets the control unit know whether the door is open or closed. This contact is required if the control unit is to detect and report forced entry or "door held open" conditions. Exit button. If a mag lock is used, an exit button must be installed to release the lock on the exit. A motion-detection device can be used in place of an exit button to unlock the door automatically when it is approached from the inside. Transformer. Preferably, only a single transformer will be required to power the control unit, card readers, and locking devices. Standby power Standby power, also called Vampire power, refers to the electric power consumed by electronic appliances in a standby mode. A very common "electricity vampire" is a power adaptor built on a plug with no power switch. supply. A battery backed-up standby supply power unit should be available for use during AC outages. The standby supply must support not only the control unit and card readers but also the locking devices. Alarm shunt To divert, switch or bypass. relay. One relay should be provided for each reader. It should be operated each time the control unit releases the lock. The alarm shunt relay should remain energized as long as the door is held open (as sensed by the door contact). This relay is typically used to bypass intrusion alarm system monitoring A System Monitor (SM) is a process within a distributed system for collecting and storing state data. There are many issues involved with designing and implementing a system monitor. of doors with card readers. I Door held open " relay. One relay should be provided for each reader. It should be operated if the door is held open longer than a user-defined period. This relay is typically connected to an intrusion alarm system and provides an advisory at a central monitoring station. The control unit should generate an audible prealert signal at the reader. This signal should sound before the relay operates and should guard against false "door held open" reports. If the door is closed within a specified period after the audible signal is generated, the relay should not be operated. Preferably, the device that generates the prealert signal will be integrated with the reader. Forced entry/tamper relay. One relay should be provided for each door. It should be operated if the reader-equipped door is forced open. This relay must operate instantly if the control unit detects that the door has been opened without the use of a card or the exit button. Note that a forced entry cannot be detected unless a reader or exit button is used to control exit. The relay may also be operated should the control unit detect a tamper To meddle, alter, or improperly interfere with something; to make changes or corrupt, as in tampering with the evidence. condition at the reader. Like the "door held open" relay, the forced entry/tamper relay is commonly connected to an intrusion alarm system. Card readers. The three most common types of card access readers are Wiegand, mag-stripe, and proximity. A brief description of each follows: Wiegand cards. Embedded Inserted into. See embedded system. in the bottom half of the card is a series of parallel Wiegand wires. The Wiegand wire is a specially treated ferromagnetic Refers to a material, such as iron and nickel, that can be easily magnetized. See MRAM. wire. The wire produces a sudden change in magnetic flux when exposed to a slow-changing magnetic field. These flux reversals are picked up by sensing coils in the card reader. Each Wiegand wire in the card is assigned a value of 0 or 1 by being placed in the proper position relative to the sensing coils. As the encoded card numbers are built in, card security is high. For the same reason, lengthy delivery delays are not uncommon. Mag-stripe cards. These cards are widely used in commercial credit card systems. A stripe of magnetic material located along one edge on the back of the card is encoded with an ID number. The data on commercial credit cards is encoded on a low-coercivity (300 oersted Pronounced "erst-ed." The measurement of magnetic energy. The higher the Oe rating in a material, the more current is required to change its magnetic polarity. Named after the Danish scientist, Hans Cristian Oersted (1777-1851), it is used, for example, to measure the coercivity ) magnetic stripe A small length of magnetic tape adhered to credit cards, badges, permits, passes and tokens. The tape is read by magnetic stripe readers incorporated into ATMs, identification readers and payment terminals. in accordance with the American National Standards Institute See ANSI. (body, standard) American National Standards Institute - (ANSI) The private, non-profit organisation (501(c)3) responsible for approving US standards in many areas, including computers and communications. ANSI is a member of ISO. (ANSI (American National Standards Institute, New York, www.ansi.org) A membership organization founded in 1918 that coordinates the development of U.S. voluntary national standards in both the private and public sectors. It is the U.S. member body to ISO and IEC. ). The data is read by moving the mag-stripe card past a magnetic read head. These cards are not well suited to card access systems for two reasons. First, the data is subject to corruption, and second, anyone with a standard ANSI mag-stripe encoder A hardware device or software that assigns a code to represent data. See encode. 1. (algorithm, hardware) encoder - Any program, circuit or algorithm which encodes. Example usages: "MPEG encoder", "NTSC encoder", "RealAudio encoder". 2. can duplicate information and produce unauthorized cards. Cards that use a high-coercivity (4,000 oersted) mag-stripe are virtually immune to data corruption Data corruption refers to errors in computer data that occur during transmission or retrieval, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. but are still subject to unauthorized duplication. Some manufacturers have addressed the card security issue by encoding See encode. the data in a non-ANSI (encrypted) format. Proximity cards Proximity card is a generic name for contactless integrated circuit devices used for security access or payment systems. It can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards. . These cards contain an encoded number, which is transmitted to the reader by holding the card several inches from the reader. The several proximity technologies can be divided into two categories: passive and active. Passive cards do not require power to operate. The reader consists of a transmitter and a receiver. The transmitter constantly sweeps the working radio frequency RF) range. When a card is placed near the transmitter, the receiver picks up the frequencies corresponding to the resonant frequency resonant frequency, n the specific frequency at which an object vibrates. of the tuned circuits in the card. Active cards are basically miniature transmitters. When energized, the card transmits a preencoded binary sequence representing its ID number. The cost of proximity cards and readers is significantly higher than Wiegand or mag-stripe. Overall, the need for proximity capability must be assessed on an application-by-application basis. In choosing a reader technology, the following points must be considered: * card cost ($5 to $20) * card delivery (one day to 12 weeks) * card guarantee (none to five years) * cable cost (some require shielded cable, others do not) * resistance of readers to vandalism * availability of a mullion-style reader that installs in a standard 1 3/4" x 4" aluminum door frame (can result in significant installation cost savings) As card access systems become less expensive, their importance as part of risk management programs increases. It is necessary to be aware of card types, equipment and installation costs, and the general architecture of a card access system. This information will allow for educated choices of card access systems based on the goals of a risk management program. About the Author . . . Fred Dawber is president of Cansec Systems Ltd. of Mississauga, Canada. He is a member of ASIS 1. ASIS - Application Software Installation Server. 2. (language) ASIS - Ada Semantic Interface Specification. . |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion