Security is usually based on the concept of concentric circles. Each circle should provide a roughly consistent barrier and portals provide the way to get through that barrier. There are almost always multiple openings in each concentric circle. When there are multiple doors involved, the whole set of readers and doors or portals form an Access Control System (ACS).
This article does not address wireless, standalone PIN pad, or standalone card reader locks. Access control is multiple things to multiple people.
Electronic Keying: An electronic way to replace keys.
- The advantage of this view is that you don’t need to re-key a site if a card is lost, even one with permission to access every door at the site.
- Access control is a flexible way to provide access permission to any individual at any door without touching any of the door locks.
Monitored Access Control: A system that allows the benefits of the above items, but also provides monitoring of each access portal with an audit trail.
Access control systems are designed to monitor a portal for a forced condition and a held condition, rather than just the state of the portal being open or closed.
With an access credential, a person entering a space can present their credential to a card reader. When the door unlocks and they pull the door open, this particular state is a normal state. There is no alarm even though the door is opened, because it was opened just after a valid card read, during the unlock period.
Similarly, a person exiting the same space can walk out the monitored door and, if there is a Request-to-EXit (REX) device, the fact that the door opened just after there was a valid REX signal is a normal state, not an alarm state.
However, without a valid card read or a valid REX signal, if the door were to open, then the monitoring would indicate a forced open door.
If a door is opened with a valid card read or with a valid REX, but was not closed properly within the defined time period, then that would be considered a door held condition.
Notice that monitoring an ACS door is not really monitoring the actual position of the door. Instead, it is monitoring for a secure state which includes valid traffic into and out of the space.
Question #1 – Is the use of access control simply to take advantage of electronic keys, but not to monitor the openings? (Electronic Keying)
“Yes” implies a simple application containing a control panel, a card reader, and an appropriate electrical door locking device. The control panel could be designed for a single door or several doors. At the time of installation, an unlock time, typically five seconds, will be set in the system. The user’s card, fob, or mobile device will be programmed into the system and doors will be applied to the user or card. Upon a valid card presentation, the door will unlock for five seconds.
“No” implies that this work will entail a monitored access control system. At each door there will be a door monitoring contact, often referred to in the ACS world as a Door Switch Monitor or (DSM). When exiting the space, there will need to be either a second card reader (the outbound reader) or an automated REX device. Either the out reader or the REX will be used to shunt any alarm when a person is exiting. Valid entry or exits through an ACS perimeter should not create any alarms.
Question #2 – How many doors will be required?
Access control products exist that are designed to work for a single door. While multiples of these could be used for a larger site, the end result is likely to be difficult to manage and not cost effective. Typically there will need to be a system that provides a single database of people, credentials, permissions, and portals that would form the access control system.
For each ring of security protection, every opening needs to be addressed. That is not to say that every opening needs to have a card reader. Often, with monitored access control, some doors use card readers and some are alarmed, emergency exit only doors with just a DSM. Other portals may have different form factors such as turnstiles in a lobby. The important point here is that the security ring should be completely monitored and controlled. It would not be good security practice to put access control on one side of a facility and leave the other side open to all.
Access control “controllers” are the point at which the electronic decisions are made to allow access or not. These are typically solid state electronics (no spinning hard drives) running some Operating System (OS), often a form of Linux, that use a 12 VDC battery backed power supply. These controllers may be designed for connection to a single door, or potentially support many doors. While some controllers can process information for up to 64 doors, common practice in the industry is to use a smaller number, like 16 readers. If you have a site with more than 16 readers, you might want to split up the controllers to minimize the wiring between the controllers and the doors.
Question #3 – What are the common types of electrified locks that are used with an ACS?
There are multiple ways to electrically unlock a door. The classic ACS door is Card In/Free Exit (CI/FE). The hardware for a CI/FE door is essentially a Storeroom function lockset or a Night latch function panic bar where the door is locked on the outside and mechanically unlocked on the inside. A lock like this will likely be fully code compliant, irrespective of the electrification. All other electrified door hardware requires cautions. The accompanying table provides the opinions that we at Security By Design, Inc. have on locking hardware types, showing the most common. The evaluations below all depend on the opening components being in good repair.
Question #4 – What should be used to get the REX signal when working with a monitored ACS?
In the early days of electronic access control, all the REX signals were generated by Passive Infrared (PIR) devices. These are still common today and several brands are easily available. They look like a rounded box about 8” long, and 2” high and wide. These should be centered over the door or door pair, be at or no more than about 1’ above the door frame, and be aimed to capture any person that is on the inside of the space walking toward the doors with the intent to exit the space through the ACS door. There is usually a time setting on the REX to define how it reacts to the activity that it sees. Set these REXs to trigger often and set the shortest possible relay held time. This will cause the REX to retrigger the REX input of the ACS often and will thereby limit cases of forced doors where the REX did not quite pick up the activity of the exit appropriately. There is no way to guarantee that the PIR works 100 percent of the time because there are too many physical conditions and/or timing scenarios that could be a problem, Every once and a while, a false forced door alarm will be generated. REX signals should be set to shunt the alarm but not unlock the door unless the lock is magnetic.
To alleviate false door forced conditions, where at all possible, physical switches in the locking hardware are used to sense a person leaving the space. REX switches can be added to panic bars or to the inside levers for both mortise and cylindrical locksets. REXs cannot be added to electric strikes so PIR REXs should be used.
Question #5 – What does fail-safe and fail-secure mean?
Most electrified locks used in ACSs are fail-secure. The inside handle is always mechanically egressible (unlocked). It is the outside handle that is electrically controlled. When there is no power to this lock, the exterior handle is locked. You must apply power to allow the outside handle to work the lock.
A fail-safe version of the mortise lockset above would be unlocked when there was no power. To keep this lock secure, power must be applied. If there was a long power outage, and the power supply is not on a generator, then once the local batteries at the access control panel are exhausted, the lockset will become unlocked.
Question #6 – What type of electrified locks work best on fire rated doors?
Electrified mortise locksets or rim panic bar with electrified trim work the best. These maintain the latching under all conditions, which is critical to maintaining the fire rating.
Question #7 – If your client wants an audit trail of egress as well as access, what configuration should you use?
The use of an access card to exit will provide this audit trail. However, since life safety always overrides security, what are the options? If the door requires panic hardware, then you can’t lock the path out, just due to the nature of panic hardware. But if the door can use a mortise lockset, then you do have the option to use a fail-safe asylum function lockset and apply all 6 of the criteria defined in the IBC 1008.1.9.8 Access-controlled egress doors. Because this door must be tied to the building fire alarm and sprinkler system for the whole building, a person could deliberately set off the building fire alarm and then just walk in to the protected space. This is a common subject of discussion for network and server rooms.
A different option is to use a mortise lockset with a fail-secure mortise lockset with an unlocked internal handle. Yes, you will get some inadvertent false alarms when people forget to card-out, but at least the door will be secure from the outside when there is a fire alarm. And, on a door like this, applying a local sounder to the door as a “training aid” will get better compliance on the egress transactions.
One manufacturer has a recent entry into the market where there is a fail-secure exterior handle and a fail-safe interior handle. This would allow the exterior handle to be secure in a fire alarm and the interior handle to be fail-safe and meet all the criteria of the IBC.
Question #8 – What is the typical power used with an access controlled door and panel?
Historically, ACS panels run on 12VDC. A power supply with gel-cell batteries would be used to power the panel. In the U.S., most electrified locks are 24VDC, but it is possible to also purchase locksets that are 12VDC. Therefore, a typical panel location would have both a 12VDC power supply and a 24VDC power supply. In Europe, it is much more common to see 12VDC locks.
The National Electrical Code has a section on Class 2 power. The concept of Class 2 power is that it cannot start a fire and it is not going to hurt a person that touches the plus and the minus wires at the same time. Class 2 power can be run without conduit.
A Class 2 power supply either does not exceed 100 volt-amps and can use fuses, or is larger and utilizes PTCs (a type of automatically resettable circuit breaker) instead of fuses to distribute the power out of the box. If you order a security ACS power supply, make sure that you order one that meets Class 2 or all of your wiring will need to be in conduit. There are a few cities that require conduit for even Class 2 wiring, but in general, you can run wires in walls and ceilings, using plenum rated wire, without the use of conduit.
Many new products for ACS are utilizing Power over Ethernet (PoE) to power small controllers and the locks at the door. This type of application would utilize a CAT6 cable from a PoE network switch to a module at the door where the local wires would be run to the card reader, the door contact, the REX, and the lock. PoE (802.3af) has a maximum of 14 watts usable power. PoE+ (802.3at) has up to 30 watts of power. You can now utilize a high quality brand-name lockset that utilizes a small motor instead of a solenoid. The motor is easily powered by a normal 14 watt PoE circuit. Ethernet cable runs are limited to 100 meters (327 total feet) by IEEE.
Question #9 – How and why should I key the electrified lock?
Anything that man makes can break. It is always wise to have one mechanical way into every access controlled space. If there is one door into a room with access control, it would be good to have a key cylinder that can allow access into the room.
On a monitored ACS, opening the door with a key would cause a forced door alarm. But, if the system is broken and the card reader does not work, then having a keyed way into the room is extremely useful.
Since the goal of a monitored ACS is to manage the security of each of the spaces, people should not be using keys on access controlled doors. A common recommendation is to Key Alike (KA) all the access controlled doors to a change key that is off master from the Grand Master (GM) standpoint, but within the structure of the Great Grand Master (GGM). Put the GGM in the Knox box or similar approach for the fire department. Then, even a person who carries a GM will not be able to cause a forced alarm at access control doors while the fire department has access to every cylinder. Make the change key for the ACS and lock it away in an accessible location to be utilized only in the case where the ACS is not making the lock operate. For areas with multiple doors, only provide the key override on one of the doors.
Question #10 – If the client wants to create an access door that does not meet the criteria of the International Building Code, what should happen?
Your responsibility to perform code compliant work does not change just because the door has an electrified lock. Every time a contractor touches a door, that contractor is responsible for the life safety at that door and has the liability for any problem outcome that might take place.
The Future of Credentials
In 2017, a Wisconsin-based company made the news by announcing it was offering to implant its own employees with RFID chips. A microchip the size of a grain of rice inserted under the skin would allow employees to make purchases at their on-site micro market, open doors, login to computers, and access other IT infrastructure.
The sentiment itself is excellent: provide individuals with a convenient, unique and secure credential that is uniquely specific to them. But given how quickly technology changes, it’s a stretch to begin implanting individuals with a technology that may not have a long-term shelf life.
The question the company raised by offering the implant is also excellent: what does the future of access control look like? The latest and greatest technologies, such as mobile access solutions and intelligent keys, are being integrated in facilities today. But are they truly the future?
In a world where social security numbers and passwords are made available online, how do we really prove identity? Consider a hybrid solution that combines three different components:
Credential – The credential is still a critical component of verifying access control. It might not identify the individual per se, but with advancements in technology it does allow administrators to manage, provide and revoke access to individual accounts. The reality of today’s tech-savvy society is that nearly every individual now carries with them a cellular phone or connected wearable device. Using these devices – which tend to be very personal – the security market can now more closely tie a credential to an individual.
Biometric – Adding a biometric component to the solution helps further confirm identity when it comes to access on doors, computers, or even for payment. Traditional biometrics have relied on hand geometry readers and iris scanners at physical checkpoints. Those will still exist at sensitive locations such as data centers or critical facilities. However, for day-to-day use, the simplicity of having phones and wearables with fingerprint readers and facial recognition will be key to implementing an additional check in the system. By adding this layer of security to a phone, credentials can be authorized and activated – be it for door control or credit card payment – only if the correct user is physically in control of the device.
Inherent information – This is where things get a bit more unique. The credential of the future will likely add a component of inherent information or knowledge that is kept only by the person with access. This is information that doesn’t live with the bank nor with credit reports. There isn’t a database that keeps this information aside from the access control system. This could look something like a passphrase – think of a unique sentence that you wouldn’t forget. It could be something else we have yet to implement before.
By outlining an aggregate approach such as this, we start to see how we can make it much more difficult for malicious individuals to breach a future credential. The next steps for us are to find a way to get there. If we agree that the desire is to move to a consolidated identity of this type, and that identity is comprised of a number of different aspects, then as an industry we need to focus on two things:
First, we need to be the very best at what it is that we create. Be it smart cards, mobile devices, biometrics, anomaly detection, or access control readers, we need to guarantee that we are providing not only the best physical product but also a digitally secure product.
Second, we need to ensure that we coexist peacefully with technologies that aren’t necessarily in our standard lane of expertise. Working together to blend technologies makes for a better security solution for the integrator and the end user.
The goal for all of us should be to provide users with simplicity while using the most advanced credential in the most secure and interoperable environment. We'll get there by planning ahead and working together.
-- Peter Boriskin, VP of Commercial Product Management, ASSA ABLOY Americas.