Introduction to Electronic Access Control
In its simplest form, an EAC system consists of an electronic door lock, a reader (such as a card reader), and some form of electronic controller. Almost everyone has had the experience of being "buzzed in" to a controlled area. The process goes something like this: After recognizing your face, a receptionist presses a button and you hear a buzzing sound telling you that door is now open. The "buzzing" sound you hear is the result of the alternating current from the power source making the lock vibrate.
This experience can help you get a mental picture of the inner workings of an EAC system. A basic EAC system consists of a reader, a controller, and an electric lock. In our example, the receptionist's eyes are the reader that allows her to recognize you. Her brain is the controller. If her brain is convinced that you belong inside, it will send a signal to her finger, ordering it to press a button and release the lock.
More About Readers
Readers are mounted on the outside of doors and are the only part of the EAC system most people see. In a modern EAC system, the readers are designed to recognize codes (something you know), credentials (something you have), or biometrics (something you are). If the system uses a code reader, you enter a personal identification number (PIN) into a keypad to identify yourself to the system. With a credential reader, you would present a card or key fob. A biometric reader must read a part of you.
Popular biometrics include fingerprints and hand geometry. Finger vein patterns are also becoming a popular form of biometric. Retinal scans have been used for some time. They are not very popular in business environments and are usually reserved for high-end systems. Finally, facial recognition is a developing technology. While this technology is useful for investigations, it has not yet gained wide acceptance as a method for access control.
Keypads are the simplest and least expensive form of access control readers. Keypads, such as those produced by IEI, provide a simple method of entering your code.
However, keypads have two drawbacks: codes can be easily shared and easily stolen. Because of these two drawbacks, keypads should not be used in a high-security application unless they are combined with a credential or biometric. This "two-factor authentication" is a very secure approach to access control.
Hirschtm Electronics produces a more sophisticated keypad, known as a ScramblePad which greatly reduces the threat of stolen codes. The ScramblePad arranges the numbers on the Keypad in a random pattern each time it is used. This makes it impossible for someone to learn your code by watching the action of your hand since you will use a different physical motion each time you enter a code. Because the numbers do not stay in a fixed location, an intruder cannot guess your code by looking at the pattern of wear on the keys.
The ScramblePad is also designed in such a way that it cannot be read from an angle. Someone looking over your shoulder cannot steal your code because the numbers on the keypad are invisible to them.
Access control credentials usually come in the form of cards or fobs that can hang on your keychain. The most common credentials are Radio Frequency Identification (RFID) cards. RFID cards can be read from a distance. In some cases, they do not have to be removed from your pocket in order to be used. The most common RFID cards use a format developed by HID Corporation and are incorporated into products from a variety of manufacturers.
All biometric readers are designed to scan a unique part of your body and create a digital template. The template is created when you "enroll" in the access control system. When you come to a door and request admission, the EAC system scans your fingerprint, etc. and compares the new scan to the stored template. If the two match, you're in.
Fingerprint readers are now standard equipment on many laptop computers. For access control purposes, Bioscrypt produces excellent, widely used fingerprint readers.
Hand geometry readers create a template from the size and shape of your hand. The Recognition Systems readers are widely used in banking and other industries.
Finger vein readers are similar to fingerprint readers, except that they look below the surface of your finger to scan your vein pattern.
You can evaluate your need for EAC by asking these three questions:
- Do I need an audit trail, i.e. time and date stamped record of every opening or attempted opening of a door?
- Should different employees have different access privileges based on time and day?
- Does a lost or stolen key represent an immediate security threat to my facility?
Answering yes to any of those questions can justify the investment in an EAC system.
An audit trail is a time and date stamped record of every opening, or attempted opening, of a lock. Audit trails are particularly useful for server rooms. Depending on your industry, a record of access to the server room may be mandatory. Supply closets are another area where audit trails are helpful. If supplies go missing, you know who was in the closet and when—information that may lead you directly to the culprit. An audit trail can also be used as a back-up to your time and attendance system.
I was involved in one case where an employee was routinely having a co-worker clock in for him hours before he arrived on site. The deception came to light when the EAC system recorded him entering the side door long after he had supposedly started his shift.
In some cases, you may want to restrict access to your premises based on time and day. Cleaning crews are an obvious example. If they are scheduled to service your office on Tuesday and Thursday nights, then there is no reason to distribute a key that will work at any other time. An EAC system allows you to create custom "keys" that will only operate on specific dates and times.
Lost or Stolen Keys
A lost or stolen key almost always creates a serious breach of your physical security. Re-keying your mechanical locks can be very expensive and inconvenient—especially if you need to call in your locksmith on short notice. Businesses will sometimes live with the risk of a lost key rather than spend the money to have their facilities re-keyed. By contrast, an EAC credential can often be deleted or deactivated in a matter of minutes at little or no cost. Even if a re-key is still justified, blocking the lost EAC credential from sensitive areas may buy you time to either find the credential or deal with the re-key in a more deliberate manner.
And if the credential is still floating around, you'll soon know. The EAC system will tell you when and where someone attempted to unlock a door with the deactivated credential.
Networked and Standalone Systems
There are two basic kinds of EAC system: Networked, and standalone. With a networked system, all of your doors communicate with a central computer. This means that you can control every door from a single location. You can quickly lock down all doors in an emergency, or add and remove credentials. Networked systems can even control remote locations, so you can add a new employee to your New York system from your office in Chicago.
Keyscan's System VII is one example of an easy to use a networked system. Web-based systems such as Bright Blue are becoming more popular since they can be operated from any computer with web access.
Standalone systems, by contrast, have little or no ability to communicate, so they must be programmed at the door they control. The main advantage of standalone systems is cost. While a full-blown networked system can cost upwards of $3,000 per door, a standalone can often be installed for under $1,000. Standalone systems become difficult to manage when you have more than a few doors—especially if they are far apart.
The Trilogy Lockset is a popular standalone device. Medeco's Logic product takes an interesting approach to standalone access control. Using this system, electronic cylinders fit into your doorknobs and locksets, converting your existing hardware into an electronic system.
You should consider electronic access control if:
- You need an audit trial
- You need to control access to doors based on date and time
- You need to quickly add and remove keys from your system
With a facility of three or more doors, a networked EAC system is usually your most efficient choice, while access to one or two doors can be easily controlled with a standalone system.