Access Control System Basics
The simplest access control systems involve one door and simply limit access to those holding the necessary credential - much like a mechanical keyed lock. The difference between these small, self-contained systems and mechanical keyed locks is that each user has a unique credential, so that one individual can be denied access while all others are unaffected.
However, access control systems can enhance security by tracking when credentials are used to enter or exit a space and when; by controlling who can enter (or exit) and when they can do so; and by monitoring the condition of doors and locking hardware.
Here is some access control vocabulary:
- User - someone who uses the access control system to get in and/or out.
- Credential - the identity of the user from the system's point of view. Types of credentials include pin code, mag stripe card, prox cards and prox keys, and a human feature, such as the retina of the eye or fingerprints.
- Pin Code - "PIN" stands for Personal Identification Number - a series of numbers unique to a particular user.
- Mag Stripe Card - (magnetic stripe card) - plastic card with a magnetic strip applied to one side. The magnetic strip contains a code that can be read by a magnetic stripe card reader.
- Prox Card - (proximity card) - plastic card with a transponder chip embedded inside. The transponder communicates with a proximity reader to effect access control. A Prox Key (or Prox Fob) is a plastic object containing a transponder chip that can by attached to the user's key ring.
- Time Zones - (schedules) - function of an access control system that controls when certain users' credentials will be accepted by the system and when they will not.
- Audit Trail - history of events recorded by the system, such as time when a credential is presented, instances of when a door was forced or propped open, or time when a door is opened for egress.
- Front End - system user interface at the door that reads the credential and transmits the information to the access control panel.
- Panel - brains of the access control system - receives the information from the front and and decides, based on its programming, whether to permit access.
How It Works
Full featured access control systems work like this:
The system manager uses access control software installed on their computer to set the parameters of the system, that is, to tell the access control panel what to do and when. Access control software is database software. The records in the database can be users, credentials, doors, and times. Using the software, the manager can grant or deny individuals or groups of users access to specific doors between certain hours and on certain days. The software can usually record which user accesses which door at what time and other events it what they call an audit trail.
- The user presents their credential.
- The reader sends the information to the access control panel.
- The panel compares the information to its programming, "decides" whether to grant or deny the user access, and records the event in memory.
- A low voltage power supply powers the system and electric locking devices.
This system can be made up of components based on the building's electrical system, can be part of the computer network either as devices connected directly to the network or connected wirelessly through an interface, or they can be small, self-contained devices that accomplish access control on one door at a time.
Simple systems that control only a few doors and serve a small numbers of users may offer only the ability to add and delete users. These units have the same kind of "brains" that a more complex system does, but with less capability. These systems are perfect for applications where audit trail and time zones are unnecessary, but the need to be able to deny access to a single user is needed.
- How many users?
How many people will use the system now, and how many may use it in the future? Number of users is the first criteria for choosing an access control system.
- How many doors?
Again, how many doors will have access control now, and how many may have access control in the future?
- Do you want audit trail capability? Do you want time zones?
Audit trail capability allows the administrator to keep track of users as they enter the secured space. The system ‘remembers' when a user presents their credential to the system. We'll discuss credentials shortly. Usually through a computer interface, the administrator can access and/or print out a list of ‘events' including authorized entry, forced entry, and door propped open events.
Time zones are blocks of time assigned to users. If Bob Smith works from 9am to 5pm and you don't want him to come in any other time, time zones allow you to make Bob's credential work only when Bob is authorized to work.
Audit trail and time zone capabilities usually mean that your access control system will interface with a computer using proprietary software supplied by the access control system manufacturer. It is possible to have these features without software, but that usually means that the administrator must punch in commands on a keypad and download audit trail information directly to a printer. A keypad can be a confusing if not frustrating user interface, and the direct print idea is very time consuming, not to mention a waste of paper.
- What kind of credential do you want to use?
The credential is the thing that the user presents to the access control system. The access control system permits or denies entry to the credential when presented. These are the most common types of credentials that are used today:
- Pin code - a series of numbers. The user sequentially presses numbered keys on a keypad. Advantage: numbers are free. Disadvantage: numbers can be shared over the telephone.
If the object is to simply do away with the need to have a key, then a keypad is ideal. All the users can use the same number. Just remember to change the code a few times a year so that the numbers don't get worn off.
- Mag stripe card - like an ATM or credit card, a plastic card with a black magnetic strip across the back. Advantage: common and widely used as well as inexpensive. Disadvantage: they wear out.
- Prox card - proximity card, a PVC card with a computer chip embedded inside. Currently this is the most popular kind of credential. Advantages: it is possible to get a proximity reader that will read the card through the users pants and wallet or inside a handbag. Also since prox cards do not actually need to touch the reader in most cases, they last a very long time. Disadvantage: more expensive than pin codes or mag stripe cards. A slightly more expensive alternative to the prox card is the prox tag or prox key. The prox key is a small, teardrop-shaped credential that can be put on the user's key ring.
- Biometrics - actual body parts. Biometric readers use a live fingerprint, handprint, or the retina of the eye as the credential. Advantages: extremely secure and no credentials to buy. Disadvantage: today in July, 2008, this is still relatively new technology to the field of commercial access control, so the number of choices is fairly small and price tags can be sometimes fairly hefty.
5. Do you want emergency lock-down capability?
Emergency lock-down capability is becoming more in demand. Under emergency conditions, such as an armed intruder, it can be an urgently needed function.
Hardwired, PoE, or Wireless?
Hardwired Access Control
This is the model shown in the illustration above. A low voltage power supply is wired to the panel and the panel is wired to the readers. Sometimes a separate power supply may be required for certain kinds of locking locking devices, but the panel will in all cases be wired into the electric locking system. The computer is connected to the access control panel via a cable.
Hardwired systems are the tried-and-true traditional way of achieving access control. Ideally they are installed during construction so that their wiring can be done at the same time as all the other wiring. Adding hardwired access control after the fact can be difficult, particularly, for example, if the space has marble walls and floors and no drop ceiling.
Power Over Ethernet systems are gaining popularity. These presuppose that there is (or will be) a computer network in place, and require the participation of the system administrator. These systems often use server-based software, so can be controlled from any PC on the network. This is a convenience, but also poses extra security risks. Since the system uses the same kind of cable as the computer network, the same people who run the network cable will run it to the doors to effect access control.
As these kinds of systems have taken hold, electric locking devices that run on PoE have appeared. PoE systems offer a plug-and-play functionality that many find attractive.
Wireless access control systems can go where hardwired systems fear to tread. Marble walls, concrete floors, concrete-filled door frames and textured plaster ceilings are suddenly no problem. These systems are made up of battery-operated locks and exit device trims with onboard electronics and transponders. The locks communicate wirelessly over wi-fi through the facility’s computer network with server-based access control software, or through direct RF connection with an interface panel which in turn communicates with the access control panel.
Wireless components can be integrated into existing or new hardwired systems, but licensing fees and special interface panels may be required. Check with your professional security integrator or access control system dealer for more information.
Wireless systems tend not to have the instant lockdown capabilities of hardwired systems. If that feature is important to your application, be sure to question your access control dealer or manufacturer’s representative for more information.
Standalone Access Control
The term “standalone” refers to an access control device that is self-contained instead of connected to a larger system. Such devices can offer advanced features such as time zones, audit trail and programming via personal computer, or they can be simple systems that only allow adding and deleting users. Standalone access control devices can be battery operated or hardwired.
When a standalone access control system is programmed via computer, the computer may need to be brought to the door to do the programming, though some manufacturers offer a hand-held programmer to handle communication between the computer and the device.
Standalone systems that serve a small number of users where no advanced features are required can often be programmed by entering codes on a keypad. For a system with less than 50 users and one or two doors this is a fine choice. The system manager will need to keep track of the users on paper.