9.4.19 – LL – ALLAN B COLOMBO
The next generation of credentials includes smart cards, fobs, bracelets, cellphones and wearables
Whether we like it or not, acts of burglary are all too common in residential and commercial settings. An overwhelming majority of break-ins occur by way of the common, ordinary door. Homes are especially susceptible. In fact, 2.5 million burglaries take place in the United States each year and 66 percent of them occur in ordinary homes.
This is why controlling access to man doors of all kinds is paramount to the mission of all locksmiths. This is true whether our focus is on motor vehicles, residential structures, commercial buildings, or institutional halls of learning. Mechanical locks have long been our preferred means of achieving this objective, but now we have EAC (Electronic Access Control) to make the job easier for us and our clients as well as more cost effective.
“For those just starting out with EAC, I suggest you begin with small projects and work your way up to bigger ones. Start off with one- or two-door systems, adding doors as you advance in knowledge and experience,” says Nick Markowitz, owner of Markowitz Electric & Integration of Verona, PA. “And those who already install electronic locks with a keypad, consider offering a model that also sports a card reader, especially when you work in commercial spaces.
A basic access control system is comprised of an electronic reader of some kind, a central computer system–capable of connecting to the Internet, as well as a variety of components capable of connecting and integrating all of these things so they work together. This includes a possible wireless access point, some means of electrically locking the door(s)–such as an electromagnetic lock or door strike, a manual/automatic means of egress, and a relay for connection to a local fire alarm system, if there’s one on the premises.
In this Locksmith Ledger story, we’re going to chat about access control readers, credentials, data storage, and Cloud-based services. We’ll take a look at residential and commercial applications where EAC plays a major part in maintaining security, and we’ll discuss the various kinds of credentials now on the market.
How We Determine Identity
Accurately establishing identity of registered users is the centerpiece of a quality access control system. The objective is to require one of three things, or a combination thereof, before automatically unlocking the door and allowing someone to enter. The use of two access technologies is common where the risk of theft exceeds what we might consider “normal.”
Those three things include:
- Something known
- Something possessed
- Something a person is
Let’s take a closer look at each one: “Something known” pertains to a PIN (Personal Identification Number), which is most often used in conjunction with an electronic keypad. “Something possessed” usually pertains to a card, token, key fob, or some other item that is carried on the person. And the third, “Something the person is,” pertains to a biological trait unique to the user him or herself. Examples include, thumb and finger prints. voice prints, the geometry of the hand, and now certain characteristics of human DNA, to name only a few.
In commercial settings with an aluminum frame glass door, for example, a standalone keypad — mullion or wall-mounted – -is commonplace. An additional reader can be added alongside, above, or below the keypad, but it’s more likely you’ll replace it with one that has the keypad and reader together. There are, of course, other possible secondary combinations, such as the addition of a biological trait.
The addition of a card reader demands the use of a credential of some kind, and there is a wide variety of them to choose from. For those who may not know what a “credential” is, it’s an item the user must present to the reader in order to engage, or access the door. An example of this in a home or small office might be a key or a regular bank card equipped with a magnetic stripe on the back. Or an electronic lock equipped with a keypad and a card reader, as mentioned earlier by Markowitz.
Another option is to utilize data encryption between the door reader and the CPU (Computer Processing Unit), be it on site or at a remote Cloud processing center.
Upgrading and Encrypting Communication
Besides the use of multiple access control technologies, there may be times when it’s necessary to upgrade the method of communication, especially where it comes to using a Cloud-based data processing center. This is especially important because of hackers that prowl the Internet for people and organizations to victimize.
A growing number of access control readers in use today utilize what is known as the ‘Wiegand’ communication protocol. The protocol itself was invented in the 1980’s, which means it’s been in use for quite some time. Anyone who understands the technical details behind it could possibly hack the system to gain illegal entry into a facility.
“Wiegand is commonly used as a universal communication language of sorts. Although Weigand readers that take Wiegand cards are available, other types of readers that operate using different card or token technologies also use it to send data back to an access controller,” says Markowitz. “But there’s an encrypted data communications standard, created by SIA, designed to make it next to impossible to hack the system.”
It’s called Open Supervised Device Protocol (OSDP).
According to WaveLynx Technologies Corp. of Broomfield, CO, SIA’s OSDP V2.1.7 is more secure than the most common access control protocols, thus improving interoperability among access control and security products. “OSDP Secure Channel also supports high-end AES-128 encryption, which is required in most government applications. WaveLynx takes a consultative approach when designing transition plans and solutions that seek to future-proof end-user security infrastructures for the next 15 years,” says Laurie Aaron, executive vice president with WaveLynx.
“SIA OSDP has long been a security-minded solution, and now WaveLynx’s pioneering new product unlocks the potential of OSDP 2.1.7 with features designed for ease of management. We are excited to continue working with SIA members like WaveLynx in the SIA OSDP Working Group to deliver added value to the security industry,” says Joe Gittens, Director, SIA Standards.
Credentials and Readers
Probably the most popular access point among access control stakeholders is that of the proximity (prox) reader. They are referred to as prox readers because a credential only needs to be within a given distance from the reader. Under this heading is an assortment of reader and credential technologies to choose from.
Before proceeding with prox, let’s talk about older, traditional contact-type magnetic-stripe cards and readers. This combination was once the predominant method of user authentication in use at the door. This means of establishing user identification has since fallen out of favor with both banking and physical security professionals. This is primarily because the magnetic stripe, which is where a card’s identification data is placed, can easily be read and duplicated by the bad guys.
One of the more popular credentials in use with the prox access reader is that or 125 kHz cards and keyfobs. These are passive devices–in that they do not have a power source of their own. Instead, they are essentially powered by a 125 kHz static field emitted by the reader. The more powerful the electric field, the greater the allowable distance between a reader and a card or keyfob.
“We exclusively use 13.56 MHz credentials with our solutions as they leverage ‘data-on-card’ to facilitate our Salto Virtual Network (SVN),” says Bill Wood, President – North America with SALTO Systems “We recommend MIFARE® (DESFire EV2, Plus, Ultralight C, Classic – ISO/IEC 14443), HID iCLASS® and SEOS® along with Bluetooth SMART (BLE), and NFC for the highest level of available security.”
According to HID, “…iCLASS® 13.56 MHz read/write contactless smart card technology can be used for diverse applications such as access control, biometrics, cashless vending, public transportation, airline ticketing and customer loyalty programs. Multiple, securely separated files enable numerous applications and support future growth.”
Regarding keyfobs, they come in a variety of sizes and shapes. One type commonly takes the form of a small button that can be attached to a key ring or they are worn around the neck. Some manufacturers also make a small prox sticker that can be placed on the back of an ID badge. Like the button, or keyfob, it is activated by an electric field that surrounds the reader, which in turn prompts it to transmit a unique ID code. Proximity credentials also are made using the Wiegand data protocol.
Some access control manufacturers also make active credentials that can be semi-permanently placed inside a motor vehicle. This is ideal for parking lot and parkaid applications where there’s a motorized- or hydraulically-operated gate. Handheld models also are available that has a button for the user to press.
Last but not least, the common, ordinary cell phone can be used with a special App that integrates with the access control system in a building. According to Mike Sherman, managing partner with Connected Technologies LLC of Monument, CO, “A ScanPass Mobile Credential uses a barcode sticker affixed at the entrance location, to identify the door to be opened, so users with a smartphone, tablet, iPad or any device with a camera or WiFi or cellular connectivity can gain entry. Not only does it represent additional recurring monthly revenue for the dealer, but it provides installation and maintenance efficiencies, as it requires no software to install or maintain while eliminating access control cards/fobs and the installation of readers and door controllers.”
It’s important that we, as security professionals, move ahead with the most advanced tools of the trade because if we fail to do so, we’ll be left behind as our competition takes full advantage of the high-tech security tools that are out there.