Role Playing; Rule Making
“I’ve got about 5 percent of our doors under any type of central control. I’ve also got key management headaches, pressures to get better logging, and more and more questions about security and the remaining 95 percent of our doors.”
And why aren’t more of their doors electronically controlled and managed? “Cost” is the answer in nearly every case.
In fact, until now, the only practical, cost-effective way to control 95 percent of the doors in an enterprise has been with mechanical locks and keys. These have their own key management and lock maintenance issues, and for the vast majority of doors there is no record of when these doors are used and by whom.
Many end users would love to extend control throughout the enterprise by eliminating much of the cost of traditional, centrally managed access control systems. If such an architecture could work – eliminating network cable and connections to the access control panels, and wired or wireless connections to the card readers – it would reduce the per-door cost of access control by between 50 and 75 percent, allowing many more doors to be controlled and managed.
That’s the goal behind the card-connected architecture being implemented by some of the world’s largest reader manufacturers and head end system vendors.
Cost-reducing architectureIn smart card architecture, cards and the people who carry them replace the network. Using the cards to carry messages between readers can eliminate the need for a network connection. But in order for such a system to work, and for the majority of card readers to have no network connection, certain key elements must be addressed:
-Making access control decisions
-Recording access control history
?Updating information on cards
?Revoking access privileges
Making access decisionsOne way to get around readers (or panels) for cardholder lookup and access control is to use a rule-based and role-based scheme for access decisions. Such technology has existed in the IT world for over 10 years. In fact, role-based access control (RBAC) has been so successful in making large-scale IT access control systems manageable, that in 2004 the National Institute of Standards and Testing (NIST) published RBAC as an official standard.
In role-based access control, every cardholder is assigned a role. For example, in a hospital, these roles might include surgeon, ER nurse, pharmacist and maintenance supervisor. Privileges are assigned to the role, rather than to the cardholder directly.
One of the innovations with the card-connected architecture is combining rule-based decisions (where the rules reside in the reader) with role-based access control (where proof of the cardholder’s role resides on the card) so that a match between the cardholder’s role and the card reader rule grants access. Thus there is no need for a database lookup. IT digital signature technology is used to ensure that the information on the cards is not tampered with.
History, card updatesAccess control history (card transactions) along with any system messages (like battery status) are also written to the smart cards by non-networked readers, and carried back to one of the network-connected readers in the system. The network-connected readers send the access control transactions and system messages to the front-end computer, where they are stored in the system’s historical database. The network-connected readers also write updated information to the cards, and can refresh a card each time it is presented.
Strategic placement of the few network-connected readers and the remaining non-networked readers ensures that normal cardholder traffic will carry around the various messages throughout the system. In this way, the cardholders are the network, carrying the system messages back and forth between network-connected readers and non-networked readers.
Revoking access privilegesIf a cardholder doesn’t present his or her card to a networked-connected reader, how can the cardholder’s access privileges be revoked? A list of revoked cards would eventually grow too large for a single smart card’s reader’s capacity, so how is privilege revocation handled? Two simple but clever ideas combine to address this situation:
First, all card privileges expire daily (or at whatever short interval is currently set up in the system). Thus a card that is lost or stolen one day cannot be used the following day or anytime later to gain access.
In order to provide a means to immediately revoke privileges, very small daily revocation lists are used. Because all cards expire each day and must be renewed, the revocation list need only contain a single day’s revocations, if there are any.
Network-connected readers are updated immediately, and these readers write this list to the cards, which carry the list to the card-connected readers.
Securing communicationsSecure communications are accomplished by using information security standards that have been proven in many types of applications in the IT world. These standards are used for all data written to cards, which is why the cards can also be used for more than just physical access control.
As products that take advantage of such technology come to market, security professionals should have cost-affordable ways to extend the benefits of traditional network-connected extended to remote locations – even desks, vehicles and other assets – where previously it was too costly.
Sidebar: Saving Through Twisted CableFiber, cable, unshielded cable, twisted pair – there is a diversity of methods to carry security data. Most of the action involves transceivers, switchers and hubs, for instance. More recently, there has been a spotlight on such newer designs such as bundling access cabling for quicker installation as well as better protection from harsh environments.
One example: Honeywell of Pleasant Prairie, Wisc., has what the firm calls Genesis Series Profusion jacketless access control cable featuring a bundle of four individual shielded cables held together by a tight, continuous twist that can be easily separated for unique data or communications tasks. The design delivers lock power, card reader, door contact and request for exit in a single bundle. Unlike other bundled cables, the new design does not use messy adhesives. Each cable is color-coded and features sequential footage markings. Lighter in weight than traditional cable, it practically eliminates cold weather cracking problems.