Access Control System
Access Control System
Contents
Introduction ........................................................................................................................................................ 3
Why Electronic Access Control?........................................................................................................................ 3
Is access control difficult to specify and install? ................................................................................................ 3
How to survey a site and assess risks ............................................................................................................... 4
A word about identification ................................................................................................................................. 5
PIN-only entry systems .................................................................................................................................. 5
Token-based systems .................................................................................................................................... 5
Biometric systems .......................................................................................................................................... 6
Components in a token-based system .............................................................................................................. 7
Card ............................................................................................................................................................... 7
Reader ........................................................................................................................................................... 7
Lock ................................................................................................................................................................ 7
Door sensor .................................................................................................................................................... 8
Egress ............................................................................................................................................................ 8
Door Ajar Sounder ......................................................................................................................................... 8
Controller ........................................................................................................................................................ 8
Software ......................................................................................................................................................... 8
Types of System ................................................................................................................................................ 9
Intelligent readers ........................................................................................................................................... 9
Separate Controllers ...................................................................................................................................... 9
Networked systems ........................................................................................................................................ 9
Summary – Pros and Cons of different types of system .............................................................................. 10
Special situations ............................................................................................................................................. 10
Car Parks ..................................................................................................................................................... 10
Elevators (Lifts) ............................................................................................................................................ 10
Remote sites ................................................................................................................................................ 10
Alarm management ...................................................................................................................................... 11
Employees versus Visitors............................................................................................................................... 11
Integration ........................................................................................................................................................ 11
Cabling ............................................................................................................................................................. 12
Other Benefits from Access Control systems .................................................................................................. 12
Don’t forget… ................................................................................................................................................... 12
Token-based systems
This type of system is the most popular, and the type that the remainder of this document focuses on.
Biometric systems
After several years in existence, biometric systems are only now starting to find acceptance in the general,
as opposed to specialised, security market. Fingerprint recognition seems to be the most popular at the
moment in terms of cost, accuracy and acceptability. But facial recognition is a technique that has been
proven and when the price/performance ratio starts to improve we can expect to see significant market
change in favour of such systems. Iris recognition is being trialled by some banks for increasing security at
ATMs.
Reader
This is what identifies the person to the controller, by reading the card and sending its unique identity.
Some readers are more prone to vandalism than others, so risk-assessment needs to be carried out. If a
reader is attacked, it may result in unauthorised access (see “intelligent readers”) but usually will result in
authorised people being denied access. Some proximity readers can be hidden behind panels so that being
invisible better protects them.
Two readers may be required on some installations – either to enforce anti pass-back rules or to monitor
everyone’s whereabouts. But this only works if turnstiles are used…
Lock
The choice of lock depends firstly on the door – electric strikes or bolts, magnetic locks, turnstiles or barriers
are all options depending firstly on the architecture – and secondly on the required resistance to attack.
As the “lock” is normally located on the edge of the door furthest from the hinge, double-doors represent a
particular problem unless one door is fixed closed during normal operation (i.e. it is normally opened only for
emergencies or to allow large objects to pass through).
Another problem situation is a door that “swings” – i.e. opens both inwards and outwards so it can be pushed
open from either side. Frameless glass doors also require specialist solutions.
All lock types have their advantages and disadvantages – if you are unsure which type to choose then gather
as much information as possible about the door and seek advice from a supplier.
Door sensor
The door sensor is an optional piece of equipment, which serves two purposes:
For access control, the door sensor provides an extra level of security, in the following way. If the
lock release time is set to, say, 10 seconds, it is quite possible for someone to get through the door
in only two or three seconds after using their card. This leaves seven or eight seconds of 'un–
expired' time, during which (if no door sensor was fitted) the door could still be opened. However, if a
door sensor is fitted, then as soon as the door opens the lock release is de–energised. The door re–
locks as it closes.
For access monitoring, having a door sensor fitted means that all occurrences of the door opening
and closing can be monitored if a printer or PC is part of the installation. Also, relays can be set to
operate – and thereby sound an alarm – if a door opens when it shouldn't (i.e. the access control
system had not released the lock), or stays open for too long.
Egress
This is an optional piece of equipment, which allows people through a door – from the secure area to a less
secure area – without the use of a card or PIN. Pushing the button causes the lock to be released, just as if a
card had been entered (i.e. for the pre–programmed 'lock release time').
This is sometimes used as a 'reception' button, where someone inside the building can let someone else in.
More commonly, the egress button permits a person to exit the building or room. Although certain types of
door lock mechanisms permit egress by turning the handle on the inside, this may be detected by the ACU
as a 'door forced' situation. In other words, the door has opened but no card or PIN was used. Installing an
egress button gets round this problem.
Note that fire regulations may also require people to be able to exit an area without depending in any way on
electrical systems.
Controller
Controllers may be built-in to a reader or be separate. Separate controllers may control one door or several.
See “types of system” later for guidance on how to choose which is best.
Software
Software provides a means of programming cards and setting the rules for the system – normally this
information is sent to the controllers so that it is the controller(s) that makes the decisions. These rules are
also stored in a database on the computer so that (a) you can see what you have programmed and (b) if a
failed controller has to be replaced then it can be re-loaded with the necessary information.
Software will normally also monitor the system, recording events (e.g. who has gone through which door and
when) and saving the information to disk so that reports can be printed. Normally, you will be able to view
these events in “real-time” so that you can watch as people move around.
You cannot buy access control software from one manufacturer and use it with controllers and readers from
another manufacturer.
Intelligent readers
At the simplest level, a combined reader/controller provides a convenient all-in-one package that can be
installed quickly to control access at a single door. You could install more than one if you have more than
one door, but then every time you needed to add or erase a user, you would have to do this at several
locations.
There is a security risk with these products, in that the controlling electronics is on the insecure side of the
door, and therefore open to attack. Consideration needs to be given to the likelihood of attack, and if the risk
is high then either some form of tamper protection will need to be fitted or a different type of system installed.
Separate Controllers
When protecting a single door, fitting a controller on the secure side of the door is more secure in high-risk
situations. No matter how the reader is attacked, the door will not open.
For multiple door situations, there are controllers that can control several doors each. This can represent
cost savings because there is only one controller, and it can also be more convenient because you can
programme cards in for multiple doors with a single action. But the practicalities and costs of cabling up
between the doors can outweigh the benefits depending on the cabling distances.
Networked systems
Intelligent readers and separate controllers fall into the category of “stand-alone” systems because they do
not need a computer and software to mange and monitor them. Computer linked systems should be
considered where any of the following apply:
more than one stand-alone system would have to be installed to secure the number of doors
required (in such cases you would otherwise have to perform programming operations at multiple
locations)
there are more than just a couple of different combinations of access rights (imagine the complexity
of programming a 16-door stand-alone system where some people are allowed through all doors,
some through some of the doors, others through a different selection of doors…)
more than one person can be expected to administer different aspects of the system (multiple
workstations make this easy and convenient)
a remote site needs to be controlled and monitored (either dial-up modems or a permanent network
connection can be utilised)
Such systems provide the ultimate in convenience and flexibility, and healthy competition ensures high
performance at sensible prices. Modern systems are intuitive and user-friendly and require minimal training
for administrators.
Special situations
Car Parks
People don’t want to get out of their cars so that they can use their card to raise the barrier – this is an ideal
situation for mid-range proximity readers. Up to 60 cm can be achieved with “passive” tags and if this is
acceptable it means that the readers used in the building may well be cheaper than if active tags were used.
If a car park cannot hold all the cars that might want to use it, then some form of occupancy control needs to
be implemented. This can sometimes be part of the barrier system, where a counter can be reset when the
car park is empty, and from then on counts all the cars in and all the cars out. The barrier will not be raised if
the counter is above a set limit. This form of control can also be applied by the access control unit, which
counts cards rather than cars and can be cheaper to implement as it may reduce the need for vehicle loops.
Elevators (Lifts)
Several systems offer the possibility of elevator control. Typically, this involves placing a reader in the
elevator car and when a card is presented, only the floors to which that card is allowed can be accessed.
This is achieved by re-wiring the floor call-buttons through relays in the ACU. When a card is used, the
appropriate relays change over and for the next few seconds the call-buttons may be pressed. Some more
modern elevators allow the relays to be wired into a command interface instead of having to re-wire the call
buttons. In high-rise elevators (30 floors and over) there sometimes a data interface through which
commands may be sent to enable and disable call-buttons.
Remote sites
Remote sites can be considered as being of two types – those where local administration and monitoring is
required, and those where it is not.
If local administration is required, then usually the two sites will be have to be linked together by a
permanent-available connection – for example a Wide Ara Network (WAN). This is because in any system
there is usually only one database – and any administration terminal must be linked to the database.
If local administration is not required then an occasional connection may be implemented – for example, dial-
up modem over conventional telephone lines. The central computer will connect to the remote site whenever
there are commands and card numbers to be sent, and will also connect on a regular basis to collect event
data. The access control units on the remote site will connect to the PC whenever there is an alarm to report.
Integration
Integration with other security systems – particularly CCTV – is becoming a common requirement. In an
unattended situation, rather than having the CCTV system switch through the cameras on a programmed
sequence, it is possible for the access control system to react to an unusual event occurs by sending a
command so that pictures are recorded of the location of the event for later analysis.
Another possibility is for high-security low-traffic situations, for example late at night, where you might want a
guard to decide whether to allow access or not. If the guard is not close to the point of access, which is quite
possible where more than one point of access exists, then when a user swipes their card, the system can:
1. alert the guard that someone wants to gain access
2. bring up a picture stored in the access control database of the true owner of the card
3. switch a CCTV camera so the guard can see the live picture of the person standing there
The guard can check that the two images match, and release the door by simple command to the access
control system. This need take no more than a few seconds – and the guard might be many miles from the
door!
Where guards provide security, they may well be responsible for dealing with alarms generated by the
access control system. If they are on tour round the site, they could be alerted by a message sent to their
pager or mobile phone. Also, while on tour, if they fail to use their card at a certain point by a certain time,
the system could raise another alarm to summon help in case they have been attacked.
Cabling
The limitations and economics of running cables needs to be considered:
Reader cables have limitations due to signal degradation over distance. Typically, 100 metres is the
limit – but it may be less depending on the reader technology, the specification of the controller and
also the amount of electrical noise in the vicinity.
Low-capacitance cable will normally be required for reader and communications cables.
Lock-strike cables have limitations due to voltage drop. Simple calculations will tell you what
specification of cable to use.
All cables should be screened, with separate “functions” carried down separate cables. Sometimes
you might get away without using following these rules – but if the installation doesn’t work reliably
you’ll need to re-cable, and this may be costly in man-hours!
Typical requirements per-door are:
Don’t forget…
In closing, let us remember one vital thing:
Don’t forget the people who have to use the system. If the system makes it hard for them to do their job – in
particular through queuing to get through turnstiles, or being refused access where they should have been
allowed - eventually it may have to be de-commissioned or significantly revised. Fortunately, many of the
aspects we have covered are of benefit to the employees as well as the employer, and problems like this are
rare.