A card access education.
Many good reasons can be stated for using a card access control system rather than conventional locks and keys. While the lock and key approach has served well, it has some significant limitations that could not be overcome until recent advances in electronics.
Since locks are mechanical devices that depend on the physical characteristics of a key to release a locking mechanism, each key for a given lock must be identical. If only one key exists, security of the lock is not threatened unless the key is lost. In a typical commercial or industrial facility, the number of keys in circulation can range from a few to several hundred. Each time one of these keys is lost, security of the area or areas its corresponding locks control is compromised.
Security can only be restored by rekeying the affected locks and issuing new keys. If only one lock and a few keys are involved, the cost of rekeying locks and reissuing keys can be modest and the logistics manageable. As the number of locks and keys increases, rekeying quickly becomes impractical for all but the highest-security areas. For medium-security areas, the only practical response, until recently, was to do nothing and hope the key did not turn up in the wrong hands. While this position was never comfortable, the security manager simply had no cost-effective alternative.
Unlike keys used in a mechanical lock, access control cards each contain a unique encoded number. When a card is presented at a reader, a table lookup determines if the card is authorized. The table can reside at the reader itself, at the controller to which the reader is connected, or at a central computer. If the card is authorized, the electronic locking device for that door is released to allow access. When a card is lost or stolen, its number is deleted from the lookup table. Security is not compromised, and replacing the card is the only cost.
True card access systems should not be confused with common-code card systems. The cards in common-code systems all contain the same encoded number. Such systems offer no advantage over conventional key systems because all cards must be reissued every time one is lost.
In true card access systems, each card contains a unique encoded number. This number provides a secondary benefit, which has been largely unrecognized and unexploited, particularly in small-scale systems. This benefit is the ability to generate an audit trail printout of all cards granted access.
At least half of the security benefit of an access control system lies in the deterrent value of its audit trail. As a minimum, this record will contain the following information: * date of access * time of access * access card number * card reader identification * type of transaction (access granted or denied)
This information can be printed on a logging printer or transmitted to a computer (typically a PC or compatible) for storage in a disk file. By saving this data on a disk, system managers can selectively search for information on a specific time frame, card number, or card reader. A greater benefit is that this data may be directly read by an appropriate time-and-attendance software package. With such a software package, the entire payroll function could be automated.
Card access systems that void and validate individual cards have existed for well over 20 years, However, their high cost precluded use in all but the highest-security areas. When they were first introduced, installation commonly cost $12,000 to $15,000 per reader-controlled door. Since prices have now dropped to under $2,000 per door, the use of card access is cost-effective for even medium-security areas. The rapid growth of the card access industry has been fueled by this dramatic reduction in cost.
Though the cost has dropped significantly, card access systems will always be more expensive than mechanical locks. To determine whether the cost of card access is justified for a specific application, two factors must be considered: the number of individuals authorized to access the area and the significance of the loss that could result from theft or vandalism by unauthorized as well as authorized personnel. (See Exhibit 1.)
In addition, installation costs can vary widely from system to system. The following factors can dramatically affect installation cost: * Cable type. Some card access systems require shielded cable, while others do not. Not only does shielded cable cost more than nonshielded cable, but the overall cable diameter is also much greater. Because of a wider cable diameter, a larger conduit may be necessary. * Alternating current (AC) requirements. Some systems require AC at the control unit as well as at each door. Others require AC only at the controller. * Reader styles. A broad range of card reader styles are available for both flush and surface mounting. While flush mounting is preferred, it can be costly if used with masonry or poured concrete walls. Surface-mounted readers should not protrude more than two inches from the wall. A vertical mullion-style reader is also available and can be installed in a door frame. Using this style of reader can result in significant cost savings if glass is on both sides of the door. * Common power source. If the locking mechanism derives power from the control unit, a common power source is preferred. This common source avoids the need for a separate transformer and power supply if the locks require direct current (DC). A common supply is of greater benefit if standby battery backup is required since both the card access system and locks must be supplied with power during an AC outage.
Understanding the basic architecture of a card access system is also important. (See Exhibit 2.) The following information provides brief descriptions of each element in a typical system:
Control unit. This unit contains the microprocessor, program memory, and card number lookup table (access card memory). The lookup table should be stored in nonvolatile memory so that data is not lost during a power failure. Using a EEPROM (electrically erasable programmable read-only memory) is preferred since the memory chip or chips can be readily transferred from a failed control unit to a replacement unit. This approach can eliminate the time-consuming task of reloading access card memory.
Electric strike or magnetic lock. Electric strikes are modest in cost and work well on single doors. Magnetic or mag locks consist of a powerful electromagnet secured to the header of the door and a metal plate secured to the door. Mag locks provide a sealing force of up to 1,700 pounds and are better suited to double doors than are electric strikes. Mag locks are approximately three to four times the cost of strikes.
Also, in some applications, a mag lock is required to comply with fire codes. Ideally, the control unit provides power for the locking device. As an alternative, it can be equipped with a relay that switches it to an external power supply.
Door contact. The door contact lets the control unit know whether the door is open or closed. This contact is required if the control unit is to detect and report forced entry or "door held open" conditions.
Exit button. If a mag lock is used, an exit button must be installed to release the lock on the exit. A motion-detection device can be used in place of an exit button to unlock the door automatically when it is approached from the inside.
Transformer. Preferably, only a single transformer will be required to power the control unit, card readers, and locking devices.
Standby power supply. A battery backed-up standby supply power unit should be available for use during AC outages. The standby supply must support not only the control unit and card readers but also the locking devices.
Alarm shunt relay. One relay should be provided for each reader. It should be operated each time the control unit releases the lock. The alarm shunt relay should remain energized as long as the door is held open (as sensed by the door contact). This relay is typically used to bypass intrusion alarm system monitoring of doors with card readers.
I Door held open " relay. One relay should be provided for each reader. It should be operated if the door is held open longer than a user-defined period. This relay is typically connected to an intrusion alarm system and provides an advisory at a central monitoring station. The control unit should generate an audible prealert signal at the reader. This signal should sound before the relay operates and should guard against false "door held open" reports. If the door is closed within a specified period after the audible signal is generated, the relay should not be operated. Preferably, the device that generates the prealert signal will be integrated with the reader.
Forced entry/tamper relay. One relay should be provided for each door. It should be operated if the reader-equipped door is forced open. This relay must operate instantly if the control unit detects that the door has been opened without the use of a card or the exit button. Note that a forced entry cannot be detected unless a reader or exit button is used to control exit. The relay may also be operated should the control unit detect a tamper condition at the reader. Like the "door held open" relay, the forced entry/tamper relay is commonly connected to an intrusion alarm system.
Card readers. The three most common types of card access readers are Wiegand, mag-stripe, and proximity. A brief description of each follows:
Wiegand cards. Embedded in the bottom half of the card is a series of parallel Wiegand wires. The Wiegand wire is a specially treated ferromagnetic wire. The wire produces a sudden change in magnetic flux when exposed to a slow-changing magnetic field. These flux reversals are picked up by sensing coils in the card reader. Each Wiegand wire in the card is assigned a value of 0 or 1 by being placed in the proper position relative to the sensing coils. As the encoded card numbers are built in, card security is high. For the same reason, lengthy delivery delays are not uncommon.
Mag-stripe cards. These cards are widely used in commercial credit card systems. A stripe of magnetic material located along one edge on the back of the card is encoded with an ID number. The data on commercial credit cards is encoded on a low-coercivity (300 oersted) magnetic stripe in accordance with the American National Standards Institute (ANSI). The data is read by moving the mag-stripe card past a magnetic read head.
These cards are not well suited to card access systems for two reasons. First, the data is subject to corruption, and second, anyone with a standard ANSI mag-stripe encoder can duplicate information and produce unauthorized cards.
Cards that use a high-coercivity (4,000 oersted) mag-stripe are virtually immune to data corruption but are still subject to unauthorized duplication. Some manufacturers have addressed the card security issue by encoding the data in a non-ANSI (encrypted) format.
Proximity cards. These cards contain an encoded number, which is transmitted to the reader by holding the card several inches from the reader. The several proximity technologies can be divided into two categories: passive and active.
Passive cards do not require power to operate. The reader consists of a transmitter and a receiver. The transmitter constantly sweeps the working radio frequency RF) range. When a card is placed near the transmitter, the receiver picks up the frequencies corresponding to the resonant frequency of the tuned circuits in the card.
Active cards are basically miniature transmitters. When energized, the card transmits a preencoded binary sequence representing its ID number.
The cost of proximity cards and readers is significantly higher than Wiegand or mag-stripe. Overall, the need for proximity capability must be assessed on an application-by-application basis. In choosing a reader technology, the following points must be considered: * card cost ($5 to $20) * card delivery (one day to 12 weeks) * card guarantee (none to five years) * cable cost (some require shielded cable, others do not) * resistance of readers to vandalism * availability of a mullion-style reader that installs in a standard 1 3/4" x 4" aluminum door frame (can result in significant installation cost savings)
As card access systems become less expensive, their importance as part of risk management programs increases. It is necessary to be aware of card types, equipment and installation costs, and the general architecture of a card access system. This information will allow for educated choices of card access systems based on the goals of a risk management program. About the Author . . . Fred Dawber is president of Cansec Systems Ltd. of Mississauga, Canada. He is a member of ASIS.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||a primer on card access control systems|
|Date:||Mar 1, 1991|
|Previous Article:||A high-rise solution.|
|Next Article:||Certified Protection Professional Progress Report.|