Field Guide to Access Control: Ask the Expert
September 1, 2006
Special Risks: Fire-Rated DoorsHow can door hardware, door position switches, and other access control apparatus be installed onto fire-rated doors?
The answer is very carefully. Doors that are fire rated are designed and built to provide a barrier against the spread of a fire from one room/area to the next. Any modification to a fire-rated door, such as drilling, channeling, or installing a magnet for a door position switch, will likely violate that doorâ€™s fire rating in the eyes of the AHJ.
Specialized hardware, such as door hinges with built-in position switches, can be used successfully on fire-rated doors. The key is to know what doors are fire rated in a particular installation, and to approach the application of access devices for those doors so that the door remains intact and is not modified in any way.
How to Efficiently Handle Legacy Access Control SystemsHow can legacy access control systems be updated or expanded?
Many clients already have existing access systems that for various reasons (lack of features, obsolescence) need to be updated. The complete change out of a functional access control system should be considered carefully, as the cost of new devices, new cards, and the problems of issuing new credentials to perhaps hundreds of users are daunting tasks.
The first consideration is why the system needs upgrading. If the system needs additional controlled doors added, and if the products installed are from a major manufacturer, itâ€™s likely that additional readers and controller panels still may be available. In some cases updated hosting software can be installed to provide the desired additional features or capacities without the wholesale replacement of devices.
If changing out devices is needed, the best approach for the security integrator is to divide the existing system into its components, and carefully survey their functionality and potential for future use.
Door releases, such as strikes and magnetic locks, generally can be reused providing theyâ€™re functional. The same goes for existing door position indicators and request to exit (REX) devices.
Card readers and other credential input equipment, such as keypads, may or may not be reusable. Some devices are no longer manufactured, and such devices may not communicate with the de facto Wiegand format.
If replacing the readers is your plan, then the existing cabling from the readers to the access controller panels must be checked for compatibility with the new reader technology. If the cabling doesnâ€™t meet the new readersâ€™ specifications, then it must be replaced. Unless the technologies are matched, replacement of the readers will entail replacement of the cards/credentials.
Installation of new access controller panels may require rewiring door electronics and hardware, based on whether existing cabling is functional and any added capabilities, such as replacing request to exit pushbuttons with electronic REXs, is planned.
When considering revamping an existing access control system it would be wise to revisit the local AHJâ€™s requirements regarding egress from exit doors, fail safe or fail secure door releases on power failure, and interconnection of door releases with the fire alarm system.
Why Separate Power for Strikes & Mag Locks?Why do door release devices such as strikes and magnetic locks require their own power supplies?
Although the amount of current drawn by a strike (typically 150 mA @ 24 VDC) or magnetic lock (125 - 350 mA @ 24 VDC) is not excessive, electrical spikes and surges occur when the device is energized and de-energized. These issues can create interference, which can hamper the performance of other electronic devices connected to the same power supply.
Therefore, it is a sound policy that door releases be powered separately from other electronics in the system.
What Is Anti-passback?What is anti-passback, and how is it applied to an access control system?
The basic idea of anti-passback is to prevent an authorized user from presenting a credential card to access an area, and then he or she â€œpasses backâ€ that card, say through a window or another door, to an unauthorized user, who then uses the same card to access the building.
Anti-passback is accomplished by the installation of two credential readers, one on entry and one on egress, at particular doors. Users must present their card to enter, and also to exit the door. The access control system will register when someone has entered, and when he or she has left. If someone enters and passes back his or her credential to another person, the unauthorized user will not gain entry, because the system will know that the proper userâ€™s credential already has been used to enter the building and that he or she hasnâ€™t yet egressed. Therefore, the use of the credential by the second user is invalid.
Anti-passback violations can create local or remote alarm conditions, as well as be logged in the access control event data recording.
Applications of anti-passback must be carefully planned, and the traffic patterns of a clientâ€™s users must be taken into account. Problems will occur if the system design is faulty. For example, in a system that uses anti-passback, a user could present his card at a reader to enter the building, but exit through a REX-enabled door, not having his card read upon egress. The next time the user presents his card on the outside of the building, the anti-passback logic will deny his entry, because his previous exit wasnâ€™t registered in the system.
Events such as a fire drill may also create havoc for users of an anti-passback system. If large numbers of people quickly exit during a real emergency or planned drill, many users wonâ€™t take the time to have their credentials read upon exit. To handle this issue, some access control systems provide an anti-passback reset or forgiveness function that can be activated by the system operator to allow all valid user credentials to be employed to access the building from the outside after such events.
If planning to use anti-passback, system integrators should make provisions for adequate battery backed up power for all aspects of the access control system, including the door release mechanisms, credential readers, and access controller panels. If any aspect of the electronics fails during a power outage, similar issues can occur.
Anti-passback provides an important employee management feature, as the access system can provide information regarding how many people are within a building or access controlled area at a specific time, as well as their identities.
While anti-passback can be employed on a system-wide basis, it often is used within an overall access control system for specific computer rooms, data storage vaults, and other high-security areas. Biometric readers inherently eliminate the possibility of the unauthorized use of an access card, because there are no cards to pass around.
Maximizing Distances of Prox ReadersIâ€™ve installed a proximity credential reader, and it doesnâ€™t provide the specified reading distance. How can this be fixed?
Proximity credential readers operate using radio frequency, and as such are subject to attenuation and potential interference from other RF devices. Metal in the area of a prox reader will deflect or block the output frequency, which can result in substandard performance. In some cases, installing non-metallic standoffs or a plastic plate under a reader will provide adequate reading range.
Keep Count with MusteringWhat is â€˜musteringâ€™?
Used for specific access situations, mustering is a concept where a specific reader or readers are used to verify that individuals are in a particular place. For example, a reader might be installed outside of a chemical plant or oil refinery which employees are directed to come to in the event of an emergency and have their credential read by the system. This allows a system user to quickly generate a list of all employees who have physically reached the mustering reader, while also generating an exception report of those who havenâ€™t checked in.
Mustering requires access control software that provides this feature, as the system must distinguish between employees who have not checked into the mustering point from those who are on vacation or not in the building for other reasons at that particular time.
Evaluating Remote Management for Your ClientCan I run my clientâ€™s access control system from my office or central station?
Technologically it is very feasible to control one or multiple separate access control systems from one remote location, be it an integratorâ€™s office, alarm company central station, or the clientâ€™s headquarters. Ethernet and Internet communications can provide secure and reliable connections to remote access controller panels, allowing their remote programming and control.
The primary issues for integrators to review are liability and support logistics. Security installation companies may find themselves in legal trouble if the incorrect operation of a clientâ€™s access system results in a loss of property or injury. Using a properly drawn contract between the parties involved can mitigate this issue. Support logistics considerations should include whether properly trained personnel will be available to make remote programming changes to clientsâ€™ systems upon request.
One primary drawback is the detail of issuing new access cards to authorized users, particularly if those cards are to include a photo identification badge. Access control credentials may need to be mailed or shipped to new users, with ensuing security issues and shipping time delays.
An Improvement to Biometric Reader SpeedBiometric readers provide slow read times. How can valid accesses be sped up?
One method to increase the speed of biometric-based access control requests, other than the use of smart cards, is to include a keypad with the biometric reader. When an authorized user presses her code into the keypad and presents her biometric input, the access system then simply compares the userâ€™s specific stored biometric data to what has been presented, rather than searching the entire biometric database for a match to the biometric data presented by the user. This will speed up access request times.
Future Focus on Biometrics, Ethernet, Web Hosted TechnologiesWhat future developments are expected in access control technology?
Biometrics will become more commonly used, as its reliability is increasing while the cost of readers is dropping. Once the cost of biometric devices reaches a critical point, itâ€™s likely that most all-new systems will use this technology, as the cost of access cards or credentials is eliminated and security is heightened.
Deployment of biometric readers will fuel the growth of smart card usage. For example, a user presents her smart card credential along with her fingerprint at an entry door. The userâ€™s credential contains her fingerprint profile, which is read by a smart card proximity device. The access system verifies that the fingerprint presented matches the information in the smart card. This method eliminates two problems with biometrics, the first being that biometric data files can be quite large, which increases the necessary storage space for the data. The second issue is that the time required for the access controller panel to compare the biometric data (fingerprint) presented at a reader with its database can slow verification time, causing delays in the person being allowed entry. If the fingerprint data is simultaneously presented by being encrypted into a smart card read, then times are much faster. This formula also eliminates the storage of potentially sensitive personnel information within the access control system.
As Ethernet usage grows in the electronic security industry, itâ€™s likely that the communications between all access control electronics such as credential readers, REXs and access controller panels will migrate to Ethernet. Door release devices, because of their on and off nature, will continue to be powered traditionally.
Communications between access controller panels and host computers and software will be carried via Ethernet or other standardized computer networking protocols. Already there are vendors who are supplying access controller panels with Wi-Fi communications options, so that there need not be any hardwired connection to the network for those panels.
Web-server configured access control will grow dramatically, as the elimination of access dealers having to provide, update, and manage standalone access host PCs will be a great cost and labor savings. These systems also provide the maximum in user convenience, as systems can be securely manipulated from anywhere in the world, provided that the target system controllers have been properly connected to the Internet.