Take an Insider's Tour of Access Control: What's Hot, What's Not

It’s not your father’s electronic access control system anymore. Today’s systems are software-driven and most often based on industry-accepted computer and communications standards and protocols. At the enterprise level, the key word is networking, with the most radical an ASP through the Internet.

At the point of the door, standalones are more intelligent, less expensive and easier to program and audit. In some cases, keys—at times combined with keypads—are making a high security comeback.

With technological advances and price decreases in biometrics and smart cards, these devices are integrating more often into access control systems. And unique niche products, such as systems that use a person’s driver’s license, are playing a growingly important access control role.

In an all-encompassing way, some system manufacturers and integrators are looking at stepping beyond the reader-controller model to create client/server systems more like multimedia information networks that handle voice, video and data. See the sidebar on Viscount Technologies.

Whatever the product or advance, however, there are some basics when purchasing an electronic access control system or upgrading one.

Here are some tips from Andy Lowen, director of systems marketing for Lexington, Mass-based Software House, a unit of Tyco International’s Fire and Security Services group.

Lowen contends that last September’s terrorist attacks on the United States have led organizations—both public and private—to closely reexamine their security preparations.

SECURITY Magazine research proves Lowen’s belief. Just weeks ago, for example, SECURITY surveyed buyers on the more effective security products in light of the impact of September 11th. The top product: card/ID access control systems. In that and earlier SECURITY surveys, buyers consistently report they have and continue to re-evaluate and review their security programs.

Adds Lowen, these reviews include not only basic security plans, but also the electronic equipment used to protect lives and property. But before making any major purchasing decisions, those charged with security might want to ask what basic requirements should that equipment provide.

A first question to ask, according to Lowen, centers on scalability.

Quite simply, an access control system must be able to accommodate the growth of the organization it is protecting. The scalability of the system is measured not only by the number of doors or cardholders it can support, but by the number of transactions the system can consistently sustain without any loss of performance. In other words, the same system should perform equally well whether it is supporting two doors or several thousand doors. Systems with a scalable architecture will perform the same way without any modification to the application code.

A second question empha- sizes redundancy.

An effective access control system is only as good as its backup. The risk of losing potentially thousands of personnel records and transactions stored in the system presents a critical need for a redundant server to continuously maintain data.

Security is greatly improved by implementing a fault-tolerant server and backup database. If the main server fails, its backup automatically switches into operation. And with the possibility of terrorist attack, fire or natural disaster, it is best to locate the redundant server away from the main host and link the two via a wide

area network (WAN). This ensures that, not only is security never compromised, but also that the data is accurate at all times.

Along these lines, it is important to include a muster station or stations linked to both the host and redundant server. In case of a disaster, employees can swipe their cards at outside readers. Authorities can then retrieve an accurate count of people remotely from the system, which assures them that employees have escaped the affected facility.

A third important element is the network readiness of the system.

For a security system to be seamlessly integrated within a corporate infrastructure, it must comply with corporate networking standards. In most environments, support for the TCP/IP is sufficient enough to allow integration with Windows 2000, NT and Unix networks.

When integrating a security system into the corporate infrastructure, the security and IT personnel must choose between a security system that stands alone with its own dedicated network and one that is integrated into the existing corporate network. The system that can most easily fit into the existing infrastructure, without affecting the bandwidth, is most likely the system that will be chosen.

A fourth point, made by the Software House executive, centers on systems integration and open architecture.

For comprehensive operation and convenience, a security system should have a single, unified database, a single graphical user interface (GUI) and a single body of application code. A good example would be when a dealer installs CCTV, fire, burglary and access control systems in an end user’s facility. Each subsystem must be integrated, typically through bi-directional software interfaces, to work seamlessly together as one complete system.

The security management system that can accommodate this type of integration allows the security manager to monitor all systems from one convenient location.

Integration as defined above cannot exist unless the systems involved are “open.” Therefore, open architecture is one of the most important criteria for selecting the right security management system. An “open system” implies that every major component of the system, every communication protocol and every interface is designed according to industry standards that allow for easy integration with other systems and components.

A fifth buyer essential spotlights the advantages of the use of the latest technology and industry standards.

Contends Lowen, TCP/IP is the networking standard in use today. However, an open security application must be able to support a mixed environment including other networking standards such as NetBios, IPX and HTTP. Every server, workstation, system device and field hardware component used by the system must be TCP/IP compliant.

An open system must also include a clearly recognized user interface. Windows is the standard, so any application must support that operating system. It also needs to support standard Internet browser interfaces including Internet Explorer and Netscape Navigator.

A sixth element is field hardware, which must also support the modern architecture and be designed to be powerful, flexible and easily upgradeable.

One of the most important components of field hardware is the controller, where the local access decisions are made. For IT managers to accept these devices on a corporate network, they must meet the following minimum requirements: 32-bit bus and CPU architecture, TCP/IP protocol support, flash memory for firmware, support for a very large (minimum 250,000) local cardholder database and support for a large number of readers (up to 64) and I/O alarm panels. A 32-bit microprocessor, data and address bus are mandatory for a system to support the most demanding network applications (with a large number of transactions) to avoid reduced performance. Seamless support for TCP protocol and IP addressing is essential for these controllers to be part of the corporate local area network (LAN) or WAN infrastructure. Systems that lack these network capabilities will not be seriously considered for integration by IT groups.

One of the most critical features of modern security systems is the use of flash memory in the controllers to store firmware. As the application software rapidly changes with the technology, so must the capabilities and features of the firmware. Flash memory allows the new versions of firmware to be downloaded from the server or PC workstations to every controller in the system within minutes. Without these capabilities, the controllers would quickly become obsolete.

Finally, buyers must consider support and service.

Says Lowen, although not physically part of the access control system, the support and service that accompanies a purchased system is a crucial element. First, there should be a warranty to account for any damage out of the box. Next, an agreement should provide support coverage so that any technical emergencies do not result in security breaches.

A software support agreement should also include software enhancement updates, which include new features and enhancements found in software version updates, as well as software maintenance and firmware updates.

In addition to technical support, it is important to make sure that the vendor provides comprehensive training on every product associated with the security management system. These training courses should incorporate product and industry trends.

Systems meeting these various requirements are likely to provide the highest level of security to help protect lives and valuable assets, concludes Lowen. By demanding these basic levels of operation, an organization is much more likely to wind up with a security management system that will meet its needs for years to come.

The HID iCLASS family of readers and cards brings smart card functionality to physical access control.

Products Up Close

Beyond concerning key elements in an electronic access control purchase, there are myriad products. Here’s a quick tour of products and systems picked by SECURITY Magazine editors.

Door prop and exit alarms—for enhancing a current system, Designed Security, Inc., has the ES4200 door management Alarm that provides door prop/door held and intrusion/door force detection in conjunction with any major access control system. For example, the door prop function uses two monitoring periods—the silent time and the alarm delay time.

More innovative features—Software House has released C·CURE 800 v7.1. This latest version of C·CURE 800 provides innovative features that will allow you to increase the flexibility of integrated applications and improve overall security. This latest version of C·CURE 800 is designed to: increase security by providing the option that outside visitors be escorted by an authorized employee; provide users of C·CURE NetVue for Intellex the ability to perform camera controls (PTZ) via AD switcher.; and enhance communication between C·CURE 800 and third party devices.

An integrated approach—the UniNet 2000 from NOTIFIER is UL listed for fire, security and access control with integrated networking with a comprehensive interface for diverse systems. UniNet 2000 enables operators to integrate diverse fire and security building systems into a customized, graphics-oriented platform.

Use of existing ID cards—the Solitaire 950 system from Kaba Ilco Inc. converts doors into controlled access points. Each door is equipped with a battery-operated lock. With a swipe of an existing access card, access is granted and the lock provides feedback with both audible and visible indicators.

LCD display for easier programming—Eclipse RX2 and RP-SE controllers and readers from PCSC boasts an integrated 32-character liquid crystal display and keypad to provide simple menu commands. An egress function allows the door to be opened from a remote secured location using any request-to-exit device. The Eclipse comes in stand-alone and networked models.

Proximity or smart cards?—Johnson Controls has both. There are two basic types of smart cards and readers: surface mount—IC and proximity. Surface mount is machined into the smart card’s surface for hybrid applications with other pre-existing technologies. Proximity smart cards share the same basic technology but have anominal read range between two inches

and ten feet.

Access control without cards—it’s the ScramblePad from Hirsch Electronics. It eliminates the cost and maintenance of cards but provides a local means to control a wide variety of functions in a facility. With MATCH functionality, the ScramblePad can interface with conventional readers to upgrade those readers to dual technology.

Sharing programming among different types of access controls—the same LockLink and LockLink Express access control management software used to program Schlage CM locks, Von Duprin CM993 exit trim and Locknetics universal controllers now programs HandKey CM hand geometry readers from Recognition Systems. The bottom-line: easy retrofit of biometrics into a typical access system.

Contactless smart cards for door access —HID calls it the iCLASS contactless smart card technology. It’s optimized for physical access control with higher security thanks to encryption and mutual authentication. HID offers iCLASS credentials with either 2K bits or 16K bits of memory with each application area having its own read and write key.

Vehicle detection—there’s an unauthorized vehicle presence module that is part of the the MAXxess access control system. It is an intelligent processor and camera system that can detect vehicles in all outdoor lighting and weather conditions. There are 24 detector zones per camera.

RFID technology—a new line of access control readers —Performa proximity readers and Proximity Plus cards— from Checkpoint Systems use advanced 13.56 MHz RFID to integrated access control and asset tracking. The reader can mount directly on any type of wall or door mullion, including metal.

Wiegand 26-bit output keypads—the 8160 Wiegand output keypads from Dortronics Systems directly interfaces with access control systems that accept the 36-bit output requiring users with access control cards or proximity devices to enter a PIN code into the keypad to gain access.

Commercial platform—from ADEMCO Group, the Vista-250BP platform seamlessly integrates with CCTV, access control and ADEMCO’s range of fire and commercial burglary components. UL-listed, up to eight panels may be linked together, providing up to 2,000 points/zones of detection. They can handle 250 user codes with seven authority levels with a log of up to 1,024 events.

Proximity card reader locks—OMNILOCK OP2000 series of proximity card reader locks combine OSI Security Devices’ durable stand-alone access control systems with HID Corporation’s proximity technology. OMNILOCK 2000 Series locks allow up to 2000 users per lock and feature 80,000 cycles on four AA batteries.

Standalone—From IDenticard, the Centurion Version 2.0 is a two-reader access control panel, Centurion is designed for use in small applications. The expanded capabilities of Version 2.0 make this system even more appealing as an economically priced alternative for businesses that simply need access control at one or two doors. Modem capabilities: This feature enables you to talk to the panel via dial-up modem. Previously, the user could only connect through a serial cable via a laptop. Transaction line printer: The printer port on the Centurion panel is now enabled.

Web site information—InfoGraphic Systems has a new web site, www.topazaccess.com dedicated to its TOPAZ access control system. InfoGraphics’ TOPAZ system provides a fully integrated solution for access control, security, alarm monitoring and photo ID badging applications. TOPAZ is packaged with everything required to get a system up and running quickly.

Three tier distributed intelligence—the Frontier from Matrix Systems provides three layers of database redundancy stored at the Frontier Server, MX building controller and reader control module. Servers can be configured with RAID arrays for continuous operation in case of hard drive failure.

High and low end systems—From American Auto-Matrix, the KeyMaster access control system includes Microsoft Windows based software packages along with appropriate controllers and readers. They target both high and low end access control applications. KeyMaster includes door controllers, card readers, clocking stations, proximity cards and tags and accessories.

Key control—KeyTrak AM from KeyTrak offers users unique software and patented features for key control and asset management. There is computerized locking steel drawers to store keys or other assets. There are triple levels of access control including fingerprint and password.

Scalable architecture—the DSX 1048 intelligent controller from DSX Access Systems boasts TCP/IP communications and 512K RAM as well as 512K Flash ROM. There is realtime processing and communications with 150+ card and keypad formats. The controller is compatible with all existing DSX controllers.

Sidebar 1: Tailgate Detection

Take the security challenges at U.S. airports, for example. Here tailgating, a problem shared by many more typical businesses, has a renewed, anti-terrorist twist. And ADT Security Services has a new tailgating detection system that uses state-of-art optical tracking technology to better detect when unauthorized personnel enter a restricted area. The new system, called Tailgate Detection Alarm and Recording System or T-DAR is the result of a joint effort between ADT’s Federal Systems Division and Newton Security, Inc. The system uses unique stereo optical tracking with machine vision technology, developed by Newton, to provide real-time video that is tied into an airport’s existing access control system. This combined system better determines if someone is illegally entering a secure area or passing through a doorway.

Sidebar 2: Those Darn Keys

Mechanical locks and keys are still a pervasive method of access control. Beyond the traditional, however, are products that protect and manage these keys. The Knox Box from Knox places a key inside the box, which most often is affixed to a building’s outside wall. Police and fire personnel can get into the box—but unauthorized individuals cannot. A step that combines keys and electronic access control comes from Videx. With the ability to authorize keys on an as-needed basis, Remote Validator consists of two parts: the KeyPort and Hub. The KeyPort is typically installed at the outside entrance of a facility. The KeyPort has a display, a keypad and a connection for the key.

Sidebar 3: Disappearing Panels?

At the 2001 ASIS conference, Viscount Technologies was giving sneak previews of a new-age electronic access control system that brings cutting-edge multimedia technologies to the computer, telephony and building automation and control system market. MESH [Multi-Media Embedded Security Hub] —where everything, data (card access), video (CCTV), intrusion and audio (intercom) is operated and managed simultaneously, on a single computer platform. The MESH Server is an industrial grade computer that eliminates the need for numerous control boxes (hosts). MESH allows for local, clustered, LAN, WAN redundancies. MESH field stations are all Ethernet connected and allow for remote units to produce full color, touch screen interaction for access points, system administration, guard station, campus emergency and surveillance applications.