The proliferation of electronic access control systems is threatening to render lock-and-key systems obsolete

Although keys are still the primary security control mechanism used around the world, the comparative ease of use and low cost of electronic access control systems are beginning to expose the weaknesses of key-based systems.

With key cards that can be put in or taken out of service with just a little programming, electronic access control shows the most promise in the security industry. Such systems can regulate the flow of people in and out of secured areas, maintain consistent supervision, and detect, deter, and respond to unauthorized entry to these areas. Add to that the potential to one day implement biometric technologies that drastically increase the accuracy of access control, and electronic systems now represent the best way of achieving consistent, managed control.

The trend away from key-based systems is so strong, in fact, that many security system installers that once offered only locksmith services are transitioning the bulk of their business to electronic alarm and access control.

Two reasons for the popularity of card access systems are their ability to easily void and validate individual cards and generate an audit trail printout of all cards granted access. Some security professionals estimate that 50% of the security benefit afforded by an access control system lies in the deterrent value of its audit trail.

When project specifications are prepared, it's common practice to include the card access requirements with electrical requirements. Accordingly, electrical contractors should be able to interpret card access specifications so that they can source the most cost-effective system.

Card system details

An electronic card access control system is typically made up of a central computer that usually holds the database of cardholders, “smart” remote boxes (SRBs) that receive and process information from card readers that capture and send the card signals to the SRB, and the individual ID/access cards.

The central, or host, computer can range from an inexpensive PC to a large NT server or a Unix-based RISC unit. Although the application codes, or software, for card systems are generally similar in nature, a variety of database software is available.

The card readers, electrified lock sets, door monitoring points, and other wired inputs and outputs of the system connect to a local SRB. When a reader captures the information on an access card, the SRB makes access decisions and sends out control signals to one or more actuating devices, such as an electrified lockset that grants entry.

Access cards with magnetic strips that are passed or swiped across a magnetic reader unit have lost popularity because the magnetic coating on the card wears out with repeated use. The trend is moving toward proximity cards, which last longer because physical contact with the reader isn't necessary.

Early proximity cards were tuned coil/capacitor sets that responded to various frequencies. Today, passive and active electronic proximity cards are the most widely used. A passive proximity card contains a coil that absorbs the energy from the reader to charge a chip. The chip, in turn, transmits a code number that is the card number. Batteries aren't used in this type of card, hence the passive designation.

An active proximity card contains a battery, which lasts about six years, to provide power to the integrated circuit. With the battery, the card's range of operation, or sensitivity, can be increased. The enhanced sensitivity also allows the active card reader to be installed behind the drywall or the thin stonework in a building, thus hiding the system components completely from view.

Another type of access card stores the database — also called the template — of the person using the card directly into the memory portion of the integrated circuit in the card itself. Storing the template on these so-called “smart” cards simplifies startup of the security system and enables the support of an unlimited number of users.

Integrating digital video recording with security systems

At many access control system sites, when a secure door is opened, a closed-circuit television camera (CCTV) records the activity. Such a CCTV system is particularly useful in creating a forensic record of “piggybacking,” when one user allows another to enter, and “tailgating,” when an unauthorized user slips in as another user enters.

Surveillance cameras that store video images on VCRs are quickly being replaced by digital video recording (DVR) systems that convert the analog signal from the camera to a digital format for easier storage. Weeks of video data can be archived onto the DVR storage medium, which is basically a high-capacity hard drive similar to what's found in a PC. Surveillance systems that use digital technology far exceed the capabilities of analog switchers, multiplexers, and time lapse VCRs.

Even with the versatile hardware and software controlling file size, frames per second, and other factors, some of the largest DVR hard drives can fill up quickly, but storage capacity continues to grow. In fact, 200Gb is becoming common. Currently, the best price/value ratio is in the 80Gb to 120Gb capacity range.

A new generation of digital video cameras, called network cameras, expands the benefits of digital video technology even further. A network camera is essentially a camera and a computer combined, since the video signal output is digital and the camera can have its own Internet Protocol (IP) address. Thus, unlike an analog camera, a network camera can be connected to a building's LAN through an Ethernet port, eliminating the need to install coaxial cable from the camera back to the central monitoring station. When the camera is wired into the network, its IP address makes it possible to access it through an Internet browser or through any PC on the network.

The ability to carry the digital video signals over a building's local area network reinforces the continued emphasis on integrating control and communications systems that include security, information and asset management, building automation, and supervisory control. As an aid toward reaching that goal, several communications protocols, such as Ethernet, Java, .NET, XML, and the Internet, are undergoing standardization.

Include biometrics with access control

Many facilities are also beginning to use a second method of confirming the identity of the person passing through an access point connected to a card access system. This second method, called authentication, involves the application of biometric technologies, which are becoming more popular and affordable for integration into access control solutions.

Biometric technologies use an automated method of recognizing a person based on a physiological or behavioral characteristic. Among the features that can be measured are face, fingerprints, hand geometry, handwriting, iris, retinal, vein pattern, and voice.

Facial recognition is one of the newer biometric techniques used for access control; such systems have only recently demonstrated the accuracy needed for commercial applications. Two-dimensional facial recognition suffers from problems where non-frontal images are often misidentified or not identified at all by the software. Newer three-dimensional facial recognition is showing significant improvement over its predecessor, and products should be available within a year.

Since the purpose of a biometric system is to achieve positive identification of personnel, some organizations, such as government agencies, will usually specify systems based only on unique physical characteristics for which there are no duplicates. Only three physical characteristics or human organs used for biometric identification are unique: the fingerprint, the retina of the eye, which has a distinct blood vessel pattern, and the iris, which also exhibits a random pattern of features.

Today's biometric-based access control devices have overcome many deficiencies of the past, such as slow recognition speeds, false rejects, and related problems. Generally, the newer systems allow quick and easy enrollment; the accepted standard for enrollment time is 2 min per person.

These advances, along with decreasing prices, have increased sales. Additionally, the Health Insurance Portability Accountability Act, issued by the U.S. Department of Health & Human Services, defines privacy standards for “protected health information” that require strict security measures to prevent unauthorized people from seeing records. Thus, biometric confirmation allows places like hospitals, clinics, and nursing homes to comply with these regulations.

It was only a few years ago that the high-tech capabilities of advanced electronic access control and biometrics seemed like something reserved for top secret military installations and spy movies. But in just the last year the technology has even made its way into college dorms and apartment buildings, proving that the world of thumbprint recognition and keyless doors may not be that far away.