Security Access Control 101 (and some of 102) 888-403-9940 WWW.IDSYSTEMSONLINE.COM
What Is Access Control? Access Control provides an authority the ability to control access to areas and resources in a given physical facility. Today s electronic systems allow the determination of who is allowed to enter/exit and when. Historically, this has been partially accomplished through keys and locks, however this does not allow restriction of a key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used, and keys can easily be copied. When a mechanical key is lost, locks must be re-keyed. Electronic access control solves the limitations of mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys. The electronic access control system grants access based on the credential presented. When access is granted, the door is unlocked for a predetermined time and the transaction is recorded. When access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and alarm if the door is forced open or held open too long after being unlocked.
Access Control Operation Factors Presentation of one credential to a card reader illustrates a single factor transaction. Credentials can be passed around, thus subverting the access control list. For example, Alice has access rights to the server room but Bob does not. Alice either gives Bob her credential or Bob takes it; he now has access to the server room. To prevent this, two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted. The second factor can be a PIN, a second credential, operator intervention, or a biometric input. Often the factors are characterized as: Something you have, such as an access badge Something you know, e.g. a PIN, or password. Something you are, typically a biometric input.
Credentials A credential is a physical/tangible object, a piece of knowledge, or a part of a person's physical being, that enables an individual access. The typical credential is an access card, key fob, or PIN. There are many technologies including magnetic stripe, bar code, Wiegand, 125 khz proximity, 26 bit card-swipe, and contactless smart cards. Typical biometric technologies include fingerprint, facial recognition, iris recognition, retinal scan, voice, and hand geometry. Credentials for an access control system are typically held within a database, which stores access credentials for all staff members of an organization. Assigning access control rights determines who has access to a given area, and when they are allowed.
Access Control System Components Fundamental components include: Electronic Locking Devices (strikes, magnetic locks) Door Position Switches or Latch-bolt Monitors REX (request to exit) Devices to unlock by motion detection or push button from the secure side Credential Readers (card reader, biometric reading device) Control Panels (stores record holder database information) Server Computer (administrates the access control system) Credentials (held by end user) New IP Based systems allow Card Readers to make access decisions based on internal intelligence sent from the Server Computer.
Design Considerations Life Safety Owner s needs for building function Human & Vehicle Traffic Flow Asset Management Access Control System Functionality/Versatility/Expandability Support Organization for Access Control System integrity
Snapshot of Components in Typical Use Access Control System Software ASI 2000 (panel driven, conventional cabling) Focal Point (local reader intelligence, IP-Based) Card Readers and Credentials 125kHz Proximity Technology 13.56mHz Contactless Smart Card (iclass) Technology Multi-Class (combination of both of the above) Electronic Locking Devices Strikes Electrically Retractable Rim Mounted Exit Devices Live Hinges Magnetic Locks
ASI 2000 Access Control Software ASI 2000 is a feature-rich, integrated security management and access control system, using a robust SQL database engine. Advanced features include Event Management, Alarm Monitoring, Email Response and more. ASI supports both the IC-1600 and UP-2000 hardware panels. Exceptional reporting - ASI allows up to 255 zones, with each zone capable of handling up to 255 panels. Unlimited customizable data fields allow you to create exceptional reports and provide a full audit trail of all activity. Frequently used reports can run automatically. Integrated control - Full badge creation capabilities, live photos for every cardholder transaction, alarm monitoring, CCTV and Email response are all included as standard features. Scalable - The client/server application supports over 1,000 card readers of all technologies. Digital video recording - Access control events such as specific access groups and cardholders at sensitive locations can trigger digital video recordings for playback within the Transaction Monitor.
Focal Point Access Control Software Focal Point is an innovative IP-Based access control solution that is simple, effective and scalable. Flexibility - This system supports HID's Edge Product line featuring PoE (Power over Ethernet) with standard CAT-5/6 cabling for low cost installations. It also supports all card technologies. Scalability Focal Point is ideal for small to mid-size organizations and can easily expand as an organization grows. Full-Featured Offers unlimited partitioning capability along with distributed intelligence. Software is easy to understand and operate has no per seat license fee. Functions as a powerful access control system with alarm monitoring and building automation control. Simple IT Integration Readers are designed to simply plug in to a network hub, therefore eliminating the need for a dedicated security closet.
HID Reader Technologies How does this technology function? 125kHz Proximity Technology 13.56mHz Contactless Smart Card (iclass) Technology Edge Technology
HID Reader Technologies The Access Control Controller (Either a Panel or Intelligent Reader) When the controller receives the data from the credential, its decides whether or not to grant access based on several factors. During the evaluation process, non-conformity of credential data results denial of entry and a logged record into the Access Control Software. The Controller evaluates the format of the credential data if this is acceptable it breaks down the binary string of credential data. It evaluates Facility Code, Site Code, Card Number, and whether the credential is valid at the time/date of read.
HID Reader Technologies The Credential Access cards and key fobs carry a set of binary numbers (ones and zeros) that are used to identify the cardholder. The means of encoding data on the card and conveying the data to the reader varies according to the technology involved. In every case, however, the data on the card is a string of binary numbers of some fixed configuration and length.
125kHz Proximity Readers ProxPro with keypad Ideal for medium-range applications Dimensions: 5.0 x 5.0 x 1.0 Read Range: up to 8.0 ProxPro II Optional glass mount kit available for mounting the reader behind glass Read Range: up to 8.0
125kHz Proximity Readers ProxPoint Plus Dimensions: 3.14 x 1.70 x 0.66 Read Range: up to 3.0 MiniProx Mullion Mount Dimensions: 6.0 x 1.7 x 1.0 Read Range: up to 5.5 Thinline II Low Profile Standard U.S. switch plate size Dimensions: 4.7 x 3.0 x 0.68 Read Range: up to 5.5
125kHz Proximity Credentials ProxCard II Thin enough to carry in a wallet ISOProx II Printable in Photo-ID Printer ProxKey II Small enough to fit on a key ring
The iclass Difference iclass Authentication The reader and the card go through a complex mathematic process where they compare security keys carried within both the card and reader. This process is called Mutual Authentication. It ensures that the communication between the card and reader can never be copied and repeated back to the reader. Keys must match before the card gives its binary data to the reader and controller.
So What is iclass? iclass is a Contactless Smart Card When most people hear the term smart card, they think of the little microchip embedded into the surface of the card. While these have their place in the financial market, they are not ideal for outdoor/industrial uses. These cards must be inserted into a reader slot to be used. Furthermore, contact smart card readers are a prime target for vandalism. Made for access control, iclass contactless smart cards use industry standard encryption techniques, making them the perfect solution for secure access control.
13.56 MHz Contactless iclass Readers R15 Reader Mullion Reader Dimensions: 1.9 x 6.0 x 0.9 Read Range: Up to 3.25 R40 Reader (Single Gang Box Size) Dimensions: 3.3 x 4.8 x 1.0 Read Range: Up to 4.75 RK40 KeyPad Reader Dimensions: 3.3 x 4.8 x 1.1 Read Range: Up to 4
13.56 MHz Contactless iclass Readers RKLB57 bioclass Biometric Reader Provides 3 Factor Authentication Live Fingerprint PIN Card/Keyfob presentation Dimensions: 8.43" x 4.17" x 2.28" Read Range: Up to 4 R90 Long Range Reader Dimensions: 12 x 12 Read Range: Up to 18
13.56MHz iclass Credentials iclass Contactless Smart Card Can be printed on in Photo-ID Printers iclass Clamshell Contactless Smart Card ABS shell construction that provides durability in harsh environments iclass Keyfob Contactless SmartKey Molded plastic enclosure provides durability in harsh environments
Step A Little Farther Go to the Edge is the next evolution in access control hardware solutions. A true IP solution that meets the demands of open architecture, IP-centric environments, Edge provides fully distributed intelligence and decision making right to the door, leveraging the IT infrastructure to the maximum extent possible. Paired with Focal Point Access Control Software, Edge Readers add to an IT-friendly, easy to install system.
How does the work? Edge Power Comes Through A Single CAT-5 run to the door -- Edge IP Access Solutions run everything at the door. From reader to strike, status to REX. And since each Edge IP Access Solution can utilize PoE (Power over Ethernet) driven right through the CAT-5, separate power supplies and multi-door controllers are no longer required. Edge Readers use iclass Technology so the same Credentials are used too.
Options The HID EdgeReader ER40 is a unique iclass reader with an IP-enabled intelligent access control processor and host interface solution in a single unit. With the same footprint as a traditional reader, the EdgeReader ER40 provides a complete and full-featured access control hardware/software infrastructure and contactless smart card capability at the edge of the network
Options The HID EdgePlus E400 is a separate Controller that manages up to 44,000 cardholders or credentials in complete and full-featured host systems. And an EdgePlus can be placed anywhere at the door to address all security requirements. A fully integrated processor right at the door that s an ideal solution for retrofits or new installations, EdgePlus requires less wiring and uses standard CAT-5 or 6 cabling for both data and power. With a separately connected reader, EdgePlus is a perfect solution for migrating existing reader installations to the edge of the network. This type of installation is recommended for exterior applications.
Door Hardware Electronic Locking Devices Strikes Electrically Retractable Rim Mounted Exit Devices Live Hinges But first.
Clarify Hardware Terminology What do Fail Safe and Fail Secure mean? Fail Safe - Lock or locking device that remains unlocked on loss of power. Fail Secure - Lock or locking device that remains locked on loss of power. This can also known as Non-Fail Safe (NFS). Now we can move on to review a few common hardware types
HES 9000 Genesis Series HES 9600 Completely surface mounted, the 9600 accommodates rim exit devices in metal or wood jambs. Field selectable fail safe/fail secure. Optional Features LBM - Latchbolt monitor LBSM - Latchbolt strike monitor HES 9500 Same as the 9600 but Fire Rated (UL 10C fire-rated, 1-1/2 hour in fail secure state only)
HES 5000 Series HES 5000 series is a grade 1, compact, high performance electric strike designed for low profile steel, aluminum, and wood openings where there is limited space behind the jamb. This field selectable fail secure/fail safe unit accommodates 5/8" latchbolts. Optional Features LBM - Latchbolt monitor
HES 5900 Series HES 5900 series strikes are feature a unique concealed design for increased security in steel, aluminum, and wood frames with a ½ -5/8 latchbolt. Field selectable fail safe/fail secure, the 5900 also minimizes frame modification. Optional Features LBM - Latchbolt monitor
HES 8300 Series HES 8300 is a new 3 hour fire-rated (in fail secure condition), concealed, compact, high-performance electric strike designed for steel, aluminum, and wood frames. It fits into a standard 1" ANSI/BHMA A156.115 dustbox, with little or no modification to the frame. Accommodates 1/2"-5/8" latchbolt (5/8" with 1/8" door gap). Optional Features LBM - Latchbolt monitor
Folger Adam 310-4-1 Optional Features Fail Safe Folger Adam 310-4-1 is a Fail Secure (standard) strike for double doors (without mullion) which are equipped with surface vertical-rod exit devices having a swinging, pullman style latchbolt. LCBMA - Latchbolt & Locking Cam Monitor with Auxiliary Switch Note: The bottom rod of the exit device be removed or made inoperative
Folger Adam 310-6-1 Folger Adam 310-6-1 is a Fail Secure (standard) strike for double doors (without mullion) which are equipped with concealed vertical-rod exit devices. Optional Features Fail Safe LCBMA - Latchbolt & Locking Cam Monitor with Auxiliary Switch Note: The bottom rod of the exit device be removed or made inoperative
Folger Adam 310-6-8 Optional Features Fail Safe Folger Adam 310-6-8 is a Fail Secure (standard) strike for the active leaf of a pair of double doors (without mullion) which are equipped with concealed vertical-rod exit devices having a ½ to 5/8 throw latchbolt. LCBMA - Latchbolt & Locking Cam Monitor with Auxiliary Switch Note: The bottom rod of the exit device be removed or made inoperative
Von Duprin 98/98 Series Exit Devices Take this standard device and add Optional Features to make it work for an Access Control system..
Von Duprin 98/98 Series Options Signal Switch The SS (Signal Switch) feature signals unauthorized use of an opening. One internal switch monitors the touchbar and the latch bolt for positive security. A second internal switch is controlled by the key cylinder for alarm reset. The SS device is designed to work with additional alarm components. Electric Latch Retraction The EL (Electric Latch Retraction) devices provide remote locking control, useful where free-swinging doors are normally utilized. May be applied to fire devices when under the control of an automatic fire alarm system. A powerful, continuous duty solenoid retracts the latch bolt, either for momentary unlatching, or for extended periods of time. Serves as an alternative to manual dogging. Requires dedicated 24VDC, 16 Amp Power Supply.
Von Duprin 98/98 Series Options Request To Exit The RX (Request to Exit) option is used to signal egress of an opening. These devices are equipped with one internal SPDT switch, which monitors the touchbar. Latchbolt Monitor The LX (Latchbolt Monitor Switch) option is used to signal both egress and access of an opening. These devices are equipped with one internal SPDT switch, which monitors the latch bolt. Electric Mortise Lock The E7500 (Electric Mortise Lock) option provides for remote locking or unlocking of the outside trim without retracting the latch bolt. Particularly useful as a fail-safe component of an automatic fire alarm system.
Electric Live Hinges Multi-Conductor concealed wires conduct current regardless of door position No electrical parts are exposed when hinge is installed To conduct power to electric locks, panic bolts, or hold-open devices. Also to transmit signals from code readers on doors to remote computers for access control. Usually available in steel, brass, bronze, and stainless steel standard weight sizes Electric Hinges should be installed in the center hinge location
Coordination & Communication Double Doors requiring Access Control require good communication and coordination between the Access Control Vendor and Door Hardware Vendor and Sub-Contractor. With ever-changing technologies in the Access Control field, Door Sub-Contractors often don t know what to do with this box of stuff full of wires attached to the items they are used to working with. Live Hinges and Electrically Retracting Rim Mounted Exit Devices often leave these guys scratching their heads. And if they install the components incorrectly, the electric components may not function. So when Double Doors require Access Control, it is advantageous for the Access Control Vendor to be involved from start to finish (from door design to installation) to make sure the door will function the way an Owner to want it to.
So.Why an Access Control Vendor? Access Control enables an Owner the ability protect resources and assets using technology. There are many companies out there just to make a buck. Licensure helps to some degree, but choosing a Vendor with experience and integrity ultimately protects the interests of an Owner. Experience provides depth, ensuring product quality and performance by an Organization that knows the industry today, and which direction it will go tomorrow. Integrity offers a long-term relationship LONG after the dust has settled and the novelty of a new facility wears off. Such a Vendor will be there years after a project is complete, offering customer support to back up the high-quality products installed in the beginning. This entails seeing beyond just making a buck. A Vendor with integrity looks for the interests of an Owner every step of the way.
888-403-9940 WWW.IDSYSTEMSONLINE.COM
Giving Credit Where It Is Due. Access Specialties Products under their registered TradeMarks. HID Products under registered TradeMarks of ASSA ABLOY. HES Products under registered TradeMarks of ASSA ABLOY. Folger Adam Products under registered TradeMarks of ASSA ABLOY Von Duprin Products under their registered TradeMarks Access Control system definitions courtesy of Wikipedia