Access Control Systems

Protect Your Facility with Access Control designed and installed into your Complete Security System Solution.

Professional access control technology controls the permitting and restricting access to your building or secured areas within the building. An easy to use, access control systems can be highly sophisticated and integrated into a number of other commercial security solutions, such as CCTV, for maximum protection.

Absolute Protective Systems, Inc. offers the most advanced, access control systems to control access to either one door or hundreds of doors for thousands of access card holders.

To increase the security at your workplace, or update an outdated system, Absolute Protective Systems, Inc. can provide these needs. Our state of the art access control systems can improve the overall protection of your assets, buildings and grounds, and most importantly the safety of employees.

Absolute Protective Systems, Inc. offers a comprehensive line of access control systems for your facility. Access control previously meant the ability to stop someone entering or exiting a building. Now you can prevent unauthorized access to a building, but also:

  • monitor access to different areas,
  • control access for visitors,
  • lock-down in the event of a threat,
  • and review data for an incident or compliance requirement.

Absolute Protective Systems, Inc. can offer a multi-facet system and support for a complete solution!

Access Control Intro

Geographical access control may be enforced by personnel, for example, a guard or ticket checker, with a device such as a turnstile. There may be fences to avoid circumventing this access control. An alternative of access control in the strict sense (physically controlling access itself) is a system of checking authorized presence.

The term access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human, through mechanical means such as locks and keys, or through technological means such as access control systems like the mantrap, a mechanical device for capturing trespassers. Within these environments, physical key management may also be employed as a means of further managing and monitoring access to mechanically keyed areas or access to certain small assets.

Physical Access Control

Physical access control is a matter of who, where, and when. An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to enter or exit. Historically, this was partially accomplished through keys and locks. When a door is locked, only someone with a key can enter through the door, depending on how the lock is configured. Mechanical locks and keys do not allow restriction of the key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used on any specific door, and the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is lost or the key holder is no longer authorized to use the protected area, the locks must be re-keyed.

Electronic Access Control

Electronic access control uses computers to solve the limitations of mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys. The electronic access control system grants access based on the credential presented. When access is granted, the door is unlocked for a predetermined time and the transaction is recorded. When access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and alarm if the door is forced open or held open too long after being unlocked.
Access control system operation

When a credential is presented to a reader, the reader sends the credential’s information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential’s number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked. If there is a match between the credential and the access control list, the control panel operates a relay that in turn unlocks the door. The control panel also ignores a door open signal to prevent an alarm. Often the reader provides feedback, such as a flashing red LED for an access denied and a flashing green LED for an access granted.

The above description illustrates a single factor transaction. Credentials can be passed around, thus subverting the access control list. To prevent this, a two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted; another factor can be a PIN, a second credential, operator intervention, or a biometric input.

There are three types (factors) of authenticating information,
• something the user knows, e.g. a password, pass-phrase or PIN
• something the user has, such as smart card or a key fob
• something the user is, such as fingerprint, verified by biometric measurement
Passwords are a common means of verifying a user’s identity before access is given to information systems. In addition, a fourth factor of authentication is now recognized: someone you know, whereby another person who knows you can provide a human element of authentication in situations where systems have been set up to allow for such scenarios. For example, a user may have their password, but have forgotten their smart card. In such a scenario, if the user is known to designated cohorts, the cohorts may provide their smart card and password, in combination with the extant factor of the user in question, and thus provide two factors for the user with the missing credential, giving three factors overall to allow access.

Credential

A credential is a physical/tangible object, a piece of knowledge, or a facet of a person’s physical being, that enables an individual access to a given physical facility or computer-based information system. Credentials can be something a person knows, something they have, something they are, or some combination of these items. This is known as multi-factor authentication. The typical credential is an access card or key-fob, and newer software can also turn users’ smartphones into access devices.

There are many card technologies including magnetic stripe, bar code, key fobs, Wiegand, 125 kHz proximity, 26-bit card-swipe, contact and contact-less smart cards. Biometric technologies include fingerprint, facial recognition, iris recognition, retinal scan, voice, and hand geometry. The built-in biometric technologies found on newer smartphones can also be used as credentials in conjunction with access software running on mobile device. In addition to older more traditional card access technologies, newer technologies such as NFC (Near field communication) and Bluetooth low energy, also have potential to communicate user credentials to readers for system or building alarms

Access control system components

An access control point, which can be a door, turnstile, parking gate, elevator, or other physical barrier, where granting access can be electronically controlled. Typically, the access point is a door. An electronic access control door can contain several elements. At its most basic, there is a stand-alone electric lock. The lock is unlocked by an operator with a switch. To automate this, operator intervention is replaced by a reader. The reader could be a keypad where a code is entered, it could be a card reader, or it could be a biometric reader. Readers do not usually make an access decision, but send a card number to an access control panel that verifies the number against an access list. To monitor the door position a magnetic door switch can be used. In concept, the door switch is not unlike those on car doors.

Generally only entry is controlled, and exit is uncontrolled. In cases where exit is also controlled, a second reader is used on the opposite side of the door. In cases where exit is not controlled, free exit, a device called a request-to-exit (REX) is used. Request-to-exit devices can be a push-button or a motion detector. When the button is pushed, or the motion detector detects motion at the door, the door alarm is temporarily ignored while the door is opened. Exiting a door without having to electrically unlock the door is called mechanical free egress. This is an important safety feature. In cases where the lock must be electrically unlocked on exit, the request-to-exit device also unlocks the door.

Types of Readers

Access control readers may be classified by the functions they are able to perform:

  • Basic (non-intelligent) readers: simply read card number or PIN, and forward it to a control panel. In case of biometric identification, such readers output the ID number of a user. Typically, Wiegand protocol is used for transmitting data to the control panel, but other options such as RS-232, RS-485 and Clock/Data are not uncommon. This is the most popular type of access control readers.
  • Semi-intelligent readers: have all inputs and outputs necessary to control door hardware (lock, door contact, exit button), but do not make any access decisions. When a user presents a card or enters a PIN, the reader sends information to the main controller, and waits for its response. If the connection to the main controller is interrupted, such readers stop working, or function in a degraded mode. Usually semi-intelligent readers are connected to a control panel via an RS-485 bus.
  • Intelligent readers: have all inputs and outputs necessary to control door hardware; they also have memory and processing power necessary to make access decisions independently. Like semi-intelligent readers, they are connected to a control panel via an RS-485 bus. The control panel sends configuration updates, and retrieves events from the readers. Systems with IP readers usually do not have traditional control panels, and readers communicate directly to a PC that acts as a host.

Some readers may have additional features such as an LCD and function buttons for data collection purposes, camera/speaker/microphone for intercom, and smart card read/write support. Access control readers may also be classified by their type of identification technology.

Access Control Security Risks

The most common security risk of intrusion through an access control system is by simply following a legitimate user through a door. Often the legitimate user will hold the door for the intruder. This risk can be minimized through security awareness training of the user population, or more active means such as turnstiles. In very high security applications this risk is minimized by using a sally port, sometimes called a security vestibule or mantrap, where operator intervention is required presumably to assure valid identification.

The second most common risk is from levering a door open. This is relatively difficult on properly secured doors with strikes or high holding force magnetic locks. Fully implemented access control systems include forced door monitoring alarms. These vary in effectiveness, usually failing from high false positive alarms, poor database configuration, or lack of active intrusion monitoring. Most new access control systems incorporate some type of door prop alarm to inform system administrators of a door left open longer than a specified length of time.

The third most common security risk is natural disasters. Highlights of any incident plan determined by the National Incident Management System must include pre-incident planning, during incident actions, disaster recovery, and after action review.

Similar to levering is crashing through cheap partition walls. In shared tenant spaces the divisional wall is vulnerable. Vulnerability along the same lines is the breaking of sidelights.

Spoofing locking hardware is fairly simple and more elegant than levering. A strong magnet can operate the solenoid controlling bolts in electric locking hardware. It is also possible to manipulate the power to the lock either by removing or adding current, although most Access Control systems incorporate battery back-up systems and the locks are almost always located on the secure side of the door.

Access cards themselves have proven vulnerable to sophisticated attacks. Enterprising hackers have built portable readers that capture the card number from a user’s proximity card. The hacker simply walks by the user, reads the card, and then presents the number to a reader securing the door. This is possible because card numbers are sent in the clear, no encryption being used. To counter this, dual and multiple authentication methods should be used.

Many access control credentials unique serial numbers are programmed in sequential order during manufacturing. In a sequential attack, if an intruder has a credential once used in the system they can simply increment or decrement the serial number until they find a credential that is currently authorized in the system. Ordering credentials with random unique serial numbers is recommended to counter this threat.