Most Important Features Of Access Control
What are the most important features of an access control solution? There are some broad consistencies but taking these into account – the features that matter are those that best support the application you’re seeking to secure.
At all times, the focus needs to remain on a client’s operational requirements – that will include COVID safety options like contact tracing and consideration low touch technologies. But the fundamentals of easy event management, capable reporting, ease of database management, mature CCTV integration remain the same.
There are operational variations but when it comes to access control, the most important feature of any group of equal solutions is a distributed architecture allowing doors to function in the event of network failure. Depending on the nature of the system, this function may be carried to the reader or the local door controller, which will hold an updated database of authorised users, as well as programming parameters for access times.
With modern access control, you want lots of expandability and increasingly, the ability to integrate with CCTV and other sub systems. This applies to small systems as well as enterprise solutions. You also need to consider card security levels, too. These vary considerably and serious users should make 3DES their encryption benchmark – not just from door controller to main controller but from reader to door controller. Encryption should support credentials, as well as securing sensor zone loops in high end applications.
From the point of view of end users, access control systems should be easy to manage. Many systems of the past have been heavy going for users. A simple to manage system is an up-to-date system. Consider topology. For simpler applications a server-based solution may be unnecessary. Consider the nature of the database. Some kinds of database management systems – role-based access control (RBAC) systems spring to mind – can be tough to create and maintain. Whether built top-down or bottom-up, role-based database creation, or migration and re-creation, can prove the most complex and expensive aspect of any major access control application or rebuild.
Unless strictly controlled, role naming can be completely meaningless and the larger your organisation, the sillier things are likely to get. When you consider modern titles in certain companies like ‘mobile sensei’, ‘chief creative, inspiration, and elation officer’, ‘director of fundom’ and ‘social media badass’, you can imagine database engineers tearing their hair out in clumps. There may be hundreds of roles that need to be created and their parameters programmed individually, and in very large organisations there may be thousands of roles. Note well: The more roles, the more complex everything about database management is going to be, now and forever.
Design and Installation Considerations
The first thing an installation team needs to do is get its hands on site drawings and/or building blueprints. You need to know what is where. Things may seem easier on an old site but don’t be fooled. There are going to be bamboo thickets of series drops to wade through and these can be scarier than you think. Typically, with a serial access control LAN, over time a number of series drops supporting multiple doors spring up as technicians tag into the nearest drop. If the site is large and complex enough, this weird organic process will see doors on different sides of walls or doors on different floors being hooked into the same serial drops leading to odd system behaviours. Cutting over systems like this is seriously yikes.
At the heart of many access control system is the door controller, a solid-state board in a dedicated housing that’s located near every entry point in a building to provide control of local doors. As a rule, controllers handle 2 doors per board or a single door with access control in both directions. Expander boards offer exponential growth – you want a system with a design that offers lots of modular growth in every direction.
The door controller will provide power to electric strikes or magnetic locks via high current relays, along with Weigand reader inputs. There will also be inputs allowing door position to be reported in real time and outputs allowing activation of lights, cameras or operation of door strikes from a control room or the secure side of the door. Depending on the nature of the system, multiple 2-door controllers can be installed in parallel, or larger door controllers can handle high-rise applications.
Along with power for door hardware and alarm inputs, a modern 2-door controller will also feature a network input to allow connection to a common data network for monitoring and administration. Once on the network, controllers can be managed locally or remotely, and they’ll appear seamlessly on central management software. Another key element of door controllers is event buffering and a cache that allows distributed intelligence in the event of network failure or overload. There will also be features like anti-passback for those doors with inwards and outwards readers.
It’s important to point out here that not all door controllers are created equal – not so much in terms of quality when considering the most popular products installed in Australia but in terms of designed purpose. Some 2-door controllers are simply 2-door controllers that might store the details of 128 cardholders. Going up a level there are door controllers that will handle 2 doors with a pair of readers (in and out) per door. Or they might handle 4 doors (with expansion to 8) and include 16 alarm zones, multiple areas and support 10,000 users as standard. Then there are solutions that can handle 8 doors, 92,000 cardholders and 16 perimeter controllers.
Complicating the issue are powerful access control and alarm controllers which are capable of supporting small/medium business applications, or multiple business units or offices on a site. Such systems can also be networked to form corporate and enterprise solutions controlled by powerful software. These advanced systems reflect the integral role of door controllers as network-based modules in a modern access control solution.
Downstream of door controllers, things are relatively straightforward, though there’s still plenty to think about. On the comms side, we’re talking RS-485 infrastructure or a subnet, if the system is IP-based. Then there’s door hardware starting out with electric strikes, electric mortise locks and electromagnetic locks.
You need to choose locking devices that offer the correct balance of security, economy, reliability and performance. You also need to be sure your locks offer the sort of alarm reporting capability you need, including door open too long and tamper. Something else to bear in mind is that the some of the latest lock designs incorporate increased attack resistance and alarm capabilities – you need to take these features into account given they’ll option up your system’s security level. You also need to think about door closers when you’re installing locking hardware.
There are also wireless solutions like SALTO that have a whole different operational MO. These use wireless technology, battery powered locks and data aggregation points using carried tags as a means of communication. Systems like this stand alone, or they can be integrated with wired access control solutions.
Selecting Reader Technologies
The other important element at the door is the reader and with readers you’ve got a number of considerations relating to security levels, initial costs and lifetime cost of credential technology. This latter applies most directly to card-based solutions and relates to the cost of administering and replacing physical cards – usually proximity or smart prox. Card solutions include the ubiquitous 125Hz readers, 13.56MHz contactless smart card technologies and MIFARE and DESFire cards.
Depending on the readers chosen, you may have a combination of keypad, mag stripe, keypad and proximity, proximity-only, or smartprox. Smartcards offer higher security levels, integration with payment systems and support for biometric credentials but at a higher card cost.
Then there are straight biometric readers which remain outside the mainstream in Australia. This is odd considering the huge falls in cost we’ve seen over the past ten years. Biometric solutions kiss goodbye the ongoing cost of maintaining card libraries, which can be considerable over the life of a system. That’s appealing from an end user perspective. It’s true that COVID-19 has made touch access more delicate but in SMEs with hand and reader hygiene procedures in place that’s less of an issue, and there are no touch options.
When you think readers, you’ll also need to think about long range readers for vehicles and the power and number of these will depend on what sort of business you are protecting. With cars and vans, standard prox card readers may be enough but if there are heavy vehicles and your site includes boom gates, sliding gates and gatehouses, things go to another level altogether.
A thoughtful installation plan will also consider use of mobile devices as a credential. This is now mature technology which takes advantage of the biometrics integrated into cardholder’s smart devices to offer very high levels of security without the need to wrestle with privacy issues inhouse. It’s worth considering that the current pushback against biometrics in the U.S. seems to have forgotten carried personal biometrics exist, which is beneficial, considering the value of the technology.
In a comprehensive access control solution, additional downstream devices are going to come into play, and these will include alarm inputs (security, safety and fire protection), CCTV cameras, thermal cameras, perimeter detection devices and more. All these devices will increase the resolution – the sensitivity – of an electronic security system. Some of these sensors are going to need to be encrypted in certain applications.
Upstream of the door controllers you’ll find network devices, network infrastructure, servers, workstations and attendant management software. The ability to port to networks may be an integral part of door controllers but there may be expanders required. Think about network encryption here – 128-bit 3DES is preferable.
Network components are most likely to be those that make up your site’s data network. Access control and alarm signals are so small they take up no bandwidth on a modern network. Integrated video surveillance is in another dimension altogether but for the purposes of this discussion we’ll assume video runs on a subnet and is to be driven through integrated management software at a workstation or dedicated server level.
The nature of the network will dictate system monitoring. Enterprise-wide used to be a solution that only applied to the big boys – the biggest end users and expensive enterprise-focused access control solutions. That’s changing fast now, with easy connection of door controllers on a handful of sites together with video integration allowing management fingertip sensitivity.
End User Features
What should end users think about when it comes to access control? You want anti-passback, a feature that protects against more than one person using the same card. It defines each system card reader and card ID number as In, Out, or Other. Once a card is granted access to an In reader, it must be presented to an Out reader before another In reader access is granted. Cards will continue to have access to all authorized other readers.
Audit trails are a listing created which may be created in real time and used to monitor the progress of a person through protected areas. You want a comprehensive audit trail. Executive privilege is an option which allows a cardholder unlimited access to all operational access points – it’s a useful function programmed in when user access rights are being applied.
Users want their system to have credential codes that are as far as possible, unique to each cardholder. In the past, cards may have been unique to a cardholder on a site, but the codes would be duplicated at other sites, leading to security vulnerabilities.
A log of system activity that can be recalled by utilizing the reporting functions is vital, too. Highly evolved systems have comprehensive reporting functions, some of which may be automated, while others are generated on demand.
Time and attendance is another good capability – the ability to utilize the time in and time out information per user, for the purpose of keeping track of employee’s hours at a facility. Many time and attendance packages work as stand-alone systems, and interface with most payroll software.
Inherent ability to integrate is important – it will allow support for automation, remote management of functions, integration of video surveillance and process control and more.
Contact tracing is a key element of the modern access control system – you’d be looking to ensure you chosen system was all over this capability. How this is managed will be up to you. Systems like Nirovision are supported by face recognition using CCTV cameras, and are integrated into the access control system – we think Inner Range and ICT are compatible – offer iron clad contact points, making the work of contact tracers much easier.
We’d argue no-touch exit buttons are worthwhile in new applications, but you need to bear in mind that if users have just shared a dozen door handles and lift buttons, hanging your COVID safety hat on no-touch wave to exit offers a false sense of health safety. Super charging hand hygiene in public areas might be a better option. Using copper-based door handles that destroy viruses is something else to consider in greenfield installations. It’s not going to be the access control installers decision but it’s something to mention during the design phase – contact with copper kills viruses but not quickly enough to justify switching out. Again, hand and hardware hygiene is the key.