Access Control System

INTRODUCTION
Access Control Technologies is to be used during the planning and design of
access control systems. This technology is intended for use by emergency response
personnel, disaster control personnel, civil disaster administrators, and local,
state, and federal security and law enforcement agencies. This provides basic
information to organizations whose primary functions may not encompass
designing, evaluating, or installing access control systems, but need introductory
level information related to the purpose, operation, and application of these types
of systems.
Any organization seeking to implement an access control system should do
so only with the assistance of personnel or organizations that specialize in
designing and installing such systems. Establishing an access control system
involves not only design, installation, integration, and testing, but also the long-
term issues of operation, training, and maintenance.

Objectives of Access Control

There are four objectives in access control that are part of an integrated physical
protection program:
• Permit authorized persons to enter and exit; and deny entry to
unauthorized persons. The systems covered in this handbook deal primarily with
this aspect of access control.
• Prevent entry of contraband material, such as weapons, explosives, and
tools, or the entry or exit of any other material restricted by security
management. (Note: this handbook does not cover such equipment or methods.)
• Notify security personnel of attempts to gain unauthorized access or to
tamper with or bypass the access control equipment. Some access control systems
can detect these attacks, but surveillance and intrusion detection systems are also
prudent supplemental technologies to consider.
• Maintain records of access control system activity, user permissions, and
facility configuration changes.

CMTI - Study Materials www.cmti.co.in

1
 Access control systems should be tailored to the needs and requirements of
the resource or area to be protected. The starting point for defining needs and
requirements is to perform a threat and vulnerability assessment. The type of
facility, the nature of the environment, the organization’s previous experience
with access control systems, and assumptions about potential threats will influence
the approach used to develop a solution. Other factors that should be considered
in the vulnerability assessment are the nature of activity in and around the site;
the size of the authorized population, varying degrees of accessibility, the physical
configuration of the facility, the surrounding natural and human environment,
fluctuations and variations in the weather, and training and support. An
experienced access control system professional is an essential member of any
program planning or vulnerability assessment team.
There are four main elements of an access control system:
• A barrier (e.g., vehicle gate, turnstile, door controller)
• Verification equipment (e.g., card reader, biometric scanner)
• A panel that controls the barrier
• The communications infrastructure that connects these elements and
connects the system to the reaction elements, such as an alarm
monitoring system.

Door Controller

Two-door controller designed to interface third-party read. Controller has an on-

board 10/100 Ethernet connection and communicates directly with the central
system. Using a powerful 32bit processor,
Controller has capability to give full off-line validation and decision making
capability at the point of entry, when host communication is not available.

Controller Should supports most third-party access control read heads conforming
to the physical Wiegand / Mag Stripe (data/data, clock/data) interfaces, covering
a range of technologies from RF Proximity to Biometric devices.

Controller Should supports two door configurations. It can either be configured for
two read heads on two separate doors, with optional Exit push buttons, or can be
configured to support two reader heads (an Entry/Exit configuration) for bi-
directional control on a single door. The same configuration can be applied to
turnstiles, one bi-directional or two uni-directional turnstiles.

CMTI - Study Materials www.cmti.co.in

2
Key Features

Support for two doors

On-board 10/100 Mbps Ethernet for direct communications to the Host system.
Structured database allows storage of large amounts of cardholder records for off-
line card validation
Reader communications via standard Wiegand or Mag Stripe interfaces
Eight supervised inputs (four available per door). Each input is four state, tamper
detect. Two relays (normally opened or closed) and open collector outputs
Self resetting fuses – saves maintenance time Onboard LED - provides visual status
Dedicated tamper input.

On-board Card Reading Technologies

Controller should supports a wide range of head technologies using the two
available on-board Wiegand connections. Supported card technologies include
Wiegand 26bit, Mifare, Corporate 1000 and many more.

Off-line Card Validation

The card database is initially downloaded to the reader’s memory from the host
computer with subsequent changes to card data automatically sent as updates.
This ensures that the reader has up-to-date card information when operating in
off-line mode. Operating in off-line mode the reader can hold up to 200,000 cards.

• Biometric Cum Smart Card Reader:

Biometric Finger Print Reader with Smart card (iCLASS Card: Up to 4” (10.2 cm)) &
PIN Pad Reader, Fingerprint sensor type-Optical, Resolution 500 dpi, 256-bit gray
scale, 18 x 22 mm sensor area, Timing- Card read < 0.5 sec Fingerprint capture < 2
sec, typical 1 sec, False Accept/ Reject Rate FAR < 0.01%, FRR <
0.01%,Certifications-UL294/UL (US), FCC Certification (US), IC (Canada), CE (EU),
C-tick (Australia, New Zealand), SRRC (China), MIC (Korea), NCC (Taiwan), MIC
(Japan), iDA (Singapore), RoHS, Mounting-Mounting plate attaches to US/EU/ Asian
back box, 52-60 mm screw hole spacing (vertical or horizontal). LCD/Keypad
reader housing latches onto mounting plate; fingerprint module secured to reader
with a screw RoHS.

CMTI - Study Materials www.cmti.co.in

3
 • Contactless Smart Card

The contactless smart card shall function as an access control card, used with
access readers to gain entry to controlled portals and to hold identification
information specific to the user.
The contactless smart card shall be a passive device, with an operating frequency
of 13.56 MHz, and shall meet ISO 15693 and ISO 14443B2.
The card shall contain a 64 bit unique serial number.

The contactless smart card shall have 32 Kbits (2Kbytes) EEPROM memory
configured with 16 application areas.

Each application area shall contain a unique 64 bit diversified authentication key
to reduce the risk of compromised data or duplicate cards. The contactless smart
card and card reader shall require matching keys in order to function together. All
radio frequency (RF) communication between card and reader shall be encrypted,
using a secure algorithm.

Wiegand card data, up to 84 bits in length, shall be encoded in Application

Area 1 for use with access control systems.

The contactless smart card will support programming and updating of custom
applications after issue, using an appropriate HID iCLASS reader/writer or
authorized HID iCLASS enabled reader/writer.

The contactless smart card shall meet the following physical characteristics:
Dimensions, per ISO 7810: 2.125” x 3.375” x 0.030” (53.98mm x85.60mm x
0.76mm).
Weight: 0.20 oz. (5.7 g)

CMTI - Study Materials www.cmti.co.in

4
Material and construction: PVC card materials. Card surface shall be glossy and of
a material compatible with direct to card dye-Sublimation or thermal transfer
printing. Card construction shall meet Durability requirements of ISO 7810.

Internal antenna configuration shall allow a single slot punch on the vertical (short)
side of card.

The card may be marked with an external ID number, either in nkjet or laser-
etched numbering, which may match the internal Programmed ID number. If the
external number does not match the internal number, a cross-reference list is
provided to detail the internal/external numbering sequences.

Optionally, the card may be printed with custom graphics, may be built to a
custom thickness and may contain security and anti counterfeiting features.

Contactless smart card shall meet the following environmental specifications:

Temperature: -40oF to 158oF (-40oC to 70oC)
Operating Humidity: 5% to 95% relative humidity non-condensing

• Access Control and Security Management Software

Access Control will be Software powerful and fully integrated access control,
alarm processing and photo badging system. In addition to the Lite server option,
the Virtual Software Only Kit can be installed onto the Windows workstation client,
thus providing a powerful yet compact hardware setup. The product can be further
configured to meet many unique operational requirements to make one of the
most comprehensive security management systems available.
Key Features
• Highly stable Linux operating system with JeOS
• Integral Lite server data backup and archive management software
• Windows® 7 based operator workstations (32bit & 64bit*)
• Web interface to Lite server for remote diagnostics and reporting
• Web interface featured “dashboard”, also Alarms monitoring and Device
status.
• Web interface for Visitor booking and separate web interface for Visitor card
issuing.
• License for 64 doors per system. Intelligent Ethernet-ready door controllers
card readers with on board database
• Supports all current read head technology and multiple technology per
system
• Advanced transaction / alarm reporting
• User definable fields

CMTI - Study Materials www.cmti.co.in

5
 • Web browser remote diagnostics of controllers
• Seamless integration with External Systems; CCTV, DVR, Intercom, Intruder
Alarm
• Central/Remote Configuration.

Built-in intelligence also allows the readers to be programmed and managed

remotely at the workstation, to change functional parameters and receive updates.
The server also features web based configuration pages for setup. Timed
configurations can be stored on the reader, enabling the reader to carry out “open
door” or “card only” commands automatically, even when off-line. Software can
broadcast messages to card readers to open doors in emergency situations or to
switch lighting, heating or similar external systems at pre-defined times.

Integrated Photo Badging (VIPPS)

The Visual Imaging Pass Production System (VIPPS) is fully integrated with
Software allowing users to produce permanent and temporary ID badges. VIPPS can
be used to enrol fingerprint biometric templates onto the SOFTWARE system.
Biometrics Support

Software provides a fully integrated fingerprint biometric solution without the

need to use third party biometric equipment and software. The Software also
integrates with third party biometric systems including hand geometry, iris
recognition and fingerprint verification.

CMTI - Study Materials www.cmti.co.in

6
Integration
A level of integration is provided using industry standard interfaces to link with
third party systems. In addition with named subsystems such as Intruder, Fire, DVR
(Digital Video Recording), NVR (Networking Video Recording) Intercoms and CCTV.
Additional interfaces to other systems can be supported.

Access Levels

Access Levels and TEA

Card Holders can be assigned one or more Access Levels. Temporary extra access
(TEA) levels can be assigned using time settings or trigger readers to allow swipe
activated temporary extra access. An intuitive interface allows Access Levels to be
managed with tick box selection lists. An access levels creation tools are also
included. Unlimited Access levels can be configured. Each card can be assigned
up to five access levels. TEA supports features such as limited swipes or test
period timeout. TEA can be applied manually, automatically (Date/Times settings
etc) or by use of a trigger reader. For example a guard hut or reception area can
have a trigger reader located, a card holder can present their card, the guard or
card holder can simply swipe the card on the trigger reader and TEA shall be
automatically applied.

Access Level Changes Report

An “Access Level Changes” report has been added to the SOFTWARE Web suite of
reports. This lists access level changes for SOFTWARE Personnel, Visitors and
Vehicles and is useful for System Administrators and the ID Enrolment unit to track
the history of cardholder access rights.

The report can be configured using criteria such as Date/Time, Cardholder, and
Company. The report can then be viewed on the screen, printed, saved as a CSV
file or emailed.

Additionally, the saved report configuration (template) can then be scheduled to

run automatically at a desired time. Anti Pass back

CMTI - Study Materials www.cmti.co.in

7
Anti Passback zones can be configured into the system. Anti passback will disallow
a card holder to use their card twice at the same reader or any other reader within
the Anti passback zone. APB can be set with timeout in seconds, minutes, hours or
no timeout. A card holder can be made exempt from anti passback. An operator
can remotely remove an Anti passback lock from a card holder using the SOFTWARE
workstation.

Soft Anti-Passback
With Soft Anti-Passback, access is granted but an alarm is sent to the Alarm Event
Display (AED). This can be configured on a reader by reader basis which is applied
to all cardholders, or on a cardholder by cardholder basis.

SOFTWARE WEB Zonal Control (Anti-Tailgating)

Zonal Control is a tool to discourage tail-gating or a stricter version of anti-
passback. Readers are configured with an OUT ZONE and an IN ZONE.
A cardholder’s CURRENT ZONE equates to the IN ZONE of the last reader they used.

Ultimately, if the cardholder’s CURRENT ZONE is not the same as the OUT ZONE
and the timeout period has not expired, then a Passback failure outcome is given.

This allows stricter control of how cardholders move within the building or a zone,
making sure that the proper sequence or route is followed and the rules regarding
tailgating (not swiping) are enforced.

Zonal Control is configured using a new SOFTWARE WEB application allowing the
administrator to quickly and easily implement a new Zonal Control and Anti-
Tailgating configuration.

Threat levels

Threat Levels allows system security to be enhanced when there is an increased

threat from criminal or terrorist activities, or during times of limited occupancy,
such as holiday or site shutdown periods.

Using a dedicated threat level definition application, an unlimited number of

threat levels are configurable, each of which can be given its own name and colour
code and customised to provide a different level of security.

CMTI - Study Materials www.cmti.co.in

8
Changing the threat level is also performed within a dedicated application and will
determine the card holders who are allowed to gain access, the areas they can
access and the level of authentication at the doors. If required readers can, for
example, be switched to card-and-PIN or card-and- fingerprint mode.

Additionally, for added security SOFTWARE Threat Levels can require the
authorization of 2 operators who must enter their login credentials before the
threat level can be changed.

Cardholders are assigned a threat level flag.

If the system threat level becomes higher than a cardholder’s threat level flag then
their access will be removed.
Cardholders who still have access under the new threat level can be required to
enter their PIN and/or present their Fingerprint in addition to swiping their card at
selected doors.
The current threat level is always shown on the SOFTWARE workstation foreground.
Allows for user definable threat level descriptions and colors schemes.

Image Storage

All digitized imaging data for each pass is passed from the operator’s workstation to
the central computer database. Lost/expired badges can be reproduced on demand
without the need to re- photograph employees or regular visitors. The data can
simply be recalled, the expiry or visit
date entered, and the pass printed. Passes are produced as and when required.

Card Types & Formats

This powerful feature can be used to ensure a card holder is issued the card
required by system policy. A card format configured for use by Admin Staff for
example cannot have Security level access applied to it, as Security level is not
an attribute allowed for the Admin Staff card format. In addition it allows the
administrator to assign different Pass Designs to different card formats, so a
Security level card will look very different from an Admin card. This feature
offers enhanced security especially when card holders are required to wear their
cards in plain view, e.g. on their lapel.

CMTI - Study Materials www.cmti.co.in

9
Document Import
Personnel, Visitors, Vehicles and Companies support document import meaning
that captured images/scans can be associated with individual records.
Applications include for example, associating a driving license or parking permit
with a Vehicle record, or a safety certificate with a Visitor record.

Card History report

The Card History application within SOFTWARE Personnel, provides historical
reporting on the usage of access control cards within SOFTWARE.

The “Previous Card” tab will display all the basic information as well as the Date
Returned and Return Reason. Also, the”Hotstamp History” tab will display
information about any user who has used, and returned, the same card as the
current Personnel record. Details include all changes to access levels for the
specified card holders.

Automatic Card Parking of Passes/Tags

SOFTWARE has the ability to automatically disable Cards, Passes or Tags after a
pre-defined period of inactivity known as ‘Card Parking’. SOFTWARE checks the
date the tag was last used and if inactive for more than a pre-set period, access is
denied only to selected “restricted” readers.

Integrated Visitors booking and card management

The SOFTWARE Visitors module offers a comprehensive visitor management
solution that is fully integrated with SOFTWARE access control system. The Visitors
application provides a powerful tool to monitor and control access for temporary
cardholders (visitors). Once a visit has been completed visitor cards can be easily
returned and reused.

System administrators can easily add a visitor record to include information such as
visitor details, reason for visit, and scheduled time of appointment along with the
name of the sponsor responsible for the visitor.

CMTI - Study Materials www.cmti.co.in

10
Visitors’ image can be captured on arrival and saved with their details. Temporary
ID cards with photographic pass design can be printed and assigned to a Visitor
with pre defined Access privileges and Time zones and TEA. Alternatively, a batch
of designated Visitor cards can be used and issued to visitors for the duration of
their visit. A history of visits is stored for reporting.

Visitor Search Facility

This application comes equipped with an easy to use Query/ Browse toolbar.
Administrators such as reception clerks can quickly search for visitors by name,
company or using an advanced “expected arrivals” option.

Trace Visitors
A visitor card can have a Trace added allowing the visitors movements to be
visually tracked using the
Alarm Event Display (AED) graphical maps application.

CMTI - Study Materials www.cmti.co.in

11
SOFTWARE Vehicles

Integrated Vehicle Management Module

The SOFTWARE Vehicles application allows users to produce a professional printed
pass or vehicle tag for all vehicles which require access to secure areas, with
details of vehicles such as Vehicle Make, Model and Registration number. Valid
cardholders on the SOFTWARE system can then be associated with the vehicle as
authorized ‘Approved Drivers’.

A trace can also be applied to vehicles creating a visual display of vehicle

movement via the
SOFTWARE AED (Alarm Event Display) module.

SOFTWARE Vehicles also features: Vehicle anti-pass back, customized user

definable fields, and the automatic disabling of vehicle passes/tags through
SOFTWARE Card Parking function.

Vehicle passes/tags can be issued and returned for reuse on other vehicles;
providing a cost effective use of technology tags.

SOFTWARE T&A (Time and Attendance) Module

The SOFTWARE Time and Attendance (T&A) module is a reporting method for the
office manager/administrator who requires statistics on the in and out movements
of staff.

Integrated into the SOFTWARE system, T&A provides a very powerful, configurable
tool that allows the administrator to run reports on the number of hours worked by
staff. Rather than installing a separate timekeeping system, existing pass cards
and readers can be used for both Access Control and Time and Attendance.

Any number of readers on the system, at any location, can be configured as

designated IN and OUT readers for the purposes of Time and Attendance. As each
member of staff presents a card their transactions are populated into the
SOFTWARE database.

Easy to read reports are generated to provide an overview of employee IN and OUT
times by individual, group or company over a specified period of time.

The Time and Attendance module automates time-consuming administrative tasks

and provides accurate employee attendance data that can be used with many third
party products such as a dedicated payroll system for accounting purposes.

CMTI - Study Materials www.cmti.co.in

12
Key Features

• User friendly interface

• Easy to use wizard provides a step-by-step setup guide
• Option to use default settings or customise reports
• User definable date/time, zones, and personnel fields to: - Specify a start
and end date/ time for a report - Create any number of zones to monitor
attendance - Track by individual company or particular members of staff.
• Selection of problem areas to flag up e.g. late starters, invalid swipe outs,
etc. Data can be exported to CSV file for integration with payroll etc.
• Option to save report settings for frequent use • Interfaces with Windows®
scheduler to automatically re-run reports

Define Working Days

The application allows the user to specify start/end times for a working day, the
start day for a working week (important when calculating weekly hours worked),
plus any other time considerations such as lunch/dinner periods and swipe
exceptions for example grace time. For an office manager, this means employee
timekeeping can be easily monitored.

Preview Detailed Reports

The report displays data on IN swipe, OUT swipe, hours worked, daily hours
worked, weekly hours worked and areas of concern. When a report is previewed on
screen, the user has the option to print or save data to a CSV file for importing into
standard spreadsheet programs such as Microsoft® Excel for data manipulation e.g.
for dedicated payroll systems.

CMTI - Study Materials www.cmti.co.in

13
Highlight Timekeeping Concerns
The user can choose to flag certain irregularities that may occur in normal
operation:

Invalid In swipe - if a person has swiped out but not swiped in

Late start - if a person swipes in later than the specified daily start time Invalid out
swipe - if a person has swiped in but has not swiped out Early finish - if a person
swipes out prior to the specified daily end time
Total daily hours worked - highlights if a person hasn’t worked the total hours for
that day

If an employee has activated any of these problem settings, the report highlights
these in red next to the corresponding employee profile

Automate the Report process

Saved reports can be re-run as often as required without having to re-specify the
settings each time. The user can build up a collection of frequently required
reports. Windows® Scheduled Tasks will generate up to 20 saved reports
automatically without any user interaction.

One Shot & Broadcast zones

One shot is used to send a signal to a single CEM Reader to Unlock or lock a door.
The One shot application supports a History Report; details include operator, time
and reason for the One shot command.

Configure Broadcast Zones to send a signal to one or more outputs located on any
online CEM card reader or input/output controller. Broadcasts are typically sent to
lock outputs or sounders, to activate or de-activate the connected device.

Keypad Commands
Selected Card holders using a four digit PIN can activate/deactivate a Broadcast on
the SOFTWARE system; a Broadcast shall trigger outputs on SOFTWARE field
devices. Also Selected Card holders using a four digit PIN can activate/deactivate
alarm filters; alarm filters shall halt alarm conditions from display on one or more
Alarm Monitoring workstations.

CMTI - Study Materials www.cmti.co.in

14
Occupancy zones
SOFTWARE Occupancy Zones is designed to count and limit access to pre-defined
zones within an area. A maximum number of card transactions for each zone can
be set. One or more IN and OUT card readers are used to count the number of
current transactions. Outputs can then be triggered when totals reach
zero or the maximum set number is reached.

SOFTWARE Occupancy Zones automatically prevents people from entering a zone

once the maximum occupancy level has been reached. This can be used for
operational purposes or to assist with health & safety procedures. SOFTWARE
Occupancy Zones is ideal for car park applications. When a maximum number of
cars is reached in the car park, SOFTWARE can trigger a car park barrier (Broadcast
Zone) to close when the car park becomes full. The application can also control
the lighting in a zone by automatically turning the lights on when the zone is
occupied and turning them off when the zone is unoccupied. (e.g. ‘Open when
zone is occupied’ will Open the broadcast zone when the occupancy count goes
from 0 to 1 and this can be used to turn on the lights when the first person enters a
zone).

Multiple Card Reading Support

The Reader can be ordered in a variety of different models, each providing
different card reading technology, for example HID iClass, 13.56MHz MiFare (also
supports Desire CSN 32Bit) and High Security Pico Pass (Sector Ready).

CMTI - Study Materials www.cmti.co.in

15