Security Access Control 101

(1)

Security

Access Control

101

(and some of 102)

888-403-9940

(2)

What Is Access Control?

• Access Control provides an authority the ability to control access to areas and resources in a given physical facility. Today’s electronic systems allow the determination of who is allowed to enter/exit and when. Historically, this has been partially accomplished through keys and locks, however this does not allow restriction of a key

holder to specific times or dates. Mechanical locks and keys do not provide records of the key used, and keys can easily be copied. When a mechanical key is lost, locks must be re-keyed.

• Electronic access control solves the limitations of mechanical locks and keys. A wide range of credentials can be used to replace

mechanical keys. The electronic access control system grants

access based on the credential presented. When access is granted, the door is unlocked for a predetermined time and the transaction is recorded. When access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and alarm if the door is forced open or held open too long after

(3)

• Presentation of one credential to a card reader illustrates a single factor transaction. Credentials can be passed around, thus

subverting the access control list. For example, Alice has access rights to the server room but Bob does not. Alice either gives Bob her credential or Bob takes it; he now has access to the server room. To prevent this, two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted. The second factor can be a PIN, a second credential, operator intervention, or a biometric input. Often the factors are characterized as:

– Something you have, such as an access badge – Something you know, e.g. a PIN, or password. – Something you are, typically a biometric input.

Access Control Operation Factors

(4)

• A credential is a physical/tangible object, a piece of knowledge, or a part of a person's physical being, that enables an individual access. The typical credential is an access card, key fob, or PIN. There are many technologies including magnetic stripe, bar code, Wiegand, 125 kHz proximity, 26 bit card-swipe, and contactless smart cards. Typical biometric technologies include fingerprint, facial recognition, iris recognition, retinal scan, voice, and hand geometry.

• Credentials for an access control system are typically held within a database, which stores access credentials for all staff members of an organization. Assigning access control rights determines who has access to a given area, and when they are allowed.

Credentials

(5)

• Fundamental components include:

– Electronic Locking Devices (strikes, magnetic locks) – Door Position Switches or Latch-bolt Monitors

– REX (request to exit) Devices to unlock by motion detection or push button from the secure side

– Credential Readers (card reader, biometric reading device) – Control Panels (stores record holder database information) – Server Computer (administrates the access control system) – Credentials (held by end user)

• New IP Based systems allow Card Readers to make access decisions based on internal intelligence sent from the Server Computer.

Access Control System Components

(6)

• Life Safety

• Owner’s needs for building function • Human & Vehicle Traffic Flow

• Asset Management

• Access Control System Functionality/Versatility/Expandability • Support Organization for Access Control System integrity

Design Considerations

(7)

• Access Control System Software

– ASI 2000 (panel driven, conventional cabling) – Focal Point (local reader intelligence, IP-Based)

Snapshot of Components in Typical Use

• Electronic Locking Devices – Strikes

– Electrically Retractable Rim Mounted Exit Devices – “Live” Hinges

– Magnetic Locks

• Card Readers and Credentials – 125kHz Proximity Technology

– 13.56mHz Contactless Smart Card (iClass) Technology – Multi-Class (combination of both of the above)

(8)

ASI 2000 Access Control Software

ASI 2000 is a feature-rich, integrated security management and access control system, using a robust SQL database engine. Advanced

features include Event Management, Alarm Monitoring, Email

Response and more. ASI supports both the IC-1600 and UP-2000 hardware panels.

Exceptional reporting - ASI allows up to 255 zones, with each zone capable of handling up to 255 panels. Unlimited customizable data fields allow you to create exceptional reports and provide a full audit trail of all activity. Frequently used reports can run automatically.

Integrated control - Full badge creation capabilities, live photos for every cardholder transaction, alarm monitoring, CCTV and Email response are all included as standard features.

Scalable - The client/server application supports over 1,000 card readers of all technologies.

Digital video recording - Access control events such as specific access groups and cardholders at sensitive locations can trigger digital video recordings for playback within the Transaction Monitor.

(9)

Focal Point Access Control Software

Focal Point is an innovative IP-Based access control solution that is simple, effective and scalable.

Flexibility - This system supports HID's Edge Product line featuring PoE (Power over Ethernet) with standard CAT-5/6 cabling for low cost installations. It also supports all card technologies.

Scalability – Focal Point is ideal for small to mid-size organizations and can easily expand as an organization grows.

Full-Featured – Offers unlimited partitioning capability along with

distributed intelligence. Software is easy to understand and operate has no per seat license fee. Functions as a powerful access control system with alarm monitoring and building automation control.

Simple IT Integration – Readers are designed to simply plug in to a network hub, therefore eliminating the need for a dedicated security closet.

(10)

HID Reader Technologies

How does this

technology function?

125kHz Proximity Technology

13.56mHz Contactless Smart Card (iClass) Technology Edge Technology

(11)

HID Reader Technologies

The Access Control “Controller”

(Either a Panel or Intelligent Reader)

When the controller receives the data from the credential, its decides whether or not to grant access based on several factors. During the evaluation process, non-conformity of credential data results denial of entry and a logged record into the Access Control Software.

The Controller evaluates the format of the credential data – if this is acceptable it breaks down the binary string of credential data. It evaluates Facility Code, Site Code, Card Number, and whether the credential is valid at the time/date of read.

(12)

HID Reader Technologies

The Credential

Access cards and key fobs carry a set of binary numbers (ones and zeros) that are used to identify the cardholder. The means of

encoding data on the card and conveying the data to the reader

varies according to the technology involved. In every case, however, the data on the card is a string of binary numbers of some fixed

(13)

125kHz Proximity Readers

• ProxPro® with keypad

Ideal for medium-range applications Dimensions: 5.0˝ x 5.0˝ x 1.0˝

Read Range: up to 8.0˝

• ProxPro® II

Optional glass mount kit available for mounting the reader behind glass

(14)

125kHz Proximity Readers

• ProxPoint® Plus

Dimensions: 3.14˝ x 1.70˝ x 0.66˝ Read Range: up to 3.0˝

• MiniProx® Mullion Mount

Dimensions: 6.0˝ x 1.7˝ x 1.0˝ Read Range: up to 5.5˝

• Thinline® II Low Profile

Standard U.S. switch plate size Dimensions: 4.7˝ x 3.0˝ x 0.68˝ Read Range: up to 5.5˝

(15)

• ProxCard® II

Thin enough to carry in a wallet

• ISOProx® II

Printable in Photo-ID Printer

• ProxKey® II

Small enough to fit on a key ring

125kHz Proximity Credentials

(16)

The iClass Difference

iCLASS Authentication

• The reader and the card go through a complex mathematic process where they compare security keys carried within

both the card and reader. This process is called Mutual Authentication. It ensures that the communication between the card and reader can never be copied and

repeated back to the reader. Keys must match before the card gives its binary data to the reader and controller.

(17)

So What is iClass?

iCLASS is a “Contactless” Smart Card

• When most people hear the term “smart card,” they think of the little microchip embedded into the surface of the card. While these have their place in the financial market, they are not ideal for outdoor/industrial uses. These cards must be inserted into a reader slot to be used.

Furthermore, contact smart card readers are a prime target for vandalism. Made for access control, iClass “contactless” smart cards use industry standard encryption techniques, making them the perfect solution for secure access control.

(18)

13.56 MHz Contactless iClass Readers

_{13.56 MHz Contactless iClass Readers}

13.56 MHz Contactless iClass Readers

_{13.56 MHz Contactless iClass Readers}

• R15 Reader Mullion Reader

Dimensions: 1.9” x 6.0” x 0.9” Read Range: Up to 3.25”

• R40 Reader (Single Gang Box Size)

Dimensions: 3.3” x 4.8” x 1.0” Read Range: Up to 4.75”

• RK40 KeyPad Reader

Dimensions: 3.3” x 4.8” x 1.1” Read Range: Up to 4”

(19)

13.56 MHz Contactless iClass Readers

_{13.56 MHz Contactless iClass Readers}

13.56 MHz Contactless iClass Readers

_{13.56 MHz Contactless iClass Readers}

• RKLB57 bioClass Biometric Reader

Provides 3 Factor Authentication Live Fingerprint

Card/Keyfob presentation Dimensions: 8.43" x 4.17" x 2.28" Read Range: Up to 4”

• R90 Long Range Reader

Dimensions: 12” x 12” Read Range: Up to 18”

(20)

13.56MHz iClass Credentials

• iCLASS® Contactless Smart Card

Can be printed on in Photo-ID Printers

• iCLASS® Clamshell Contactless Smart Card

ABS shell construction that provides durability in harsh environments

• iCLASS® Keyfob Contactless SmartKey

Molded plastic enclosure provides durability in harsh environments

(21)

Step A Little Farther… Go to the

Edge is the next evolution in access control hardware solutions. A true IP solution that meets the

demands of open architecture, IP-centric

environments, Edge provides fully distributed

intelligence and decision making right to the door, leveraging the IT infrastructure to the maximum extent possible.

(22)

How does the work?

_{How does the work?}

How does the work?

_{How does the work?}

Edge Power Comes Through A Single CAT-5 run to the door -- Edge IP Access Solutions run everything at the door. From reader to strike, status to REX. And since each Edge IP

Access Solution can utilize PoE (Power over Ethernet) driven right through the CAT-5, separate power supplies and multi-door controllers are no longer required.

Edge Readers use iClass Technology – so the same Credentials are used too.

(23)

Options

_Options

Options

_Options

• The HID EdgeReader ER40

is a unique iCLASS® reader with an IP-enabled intelligent access control processor and host interface solution in a single unit. With the same footprint as a traditional reader, the EdgeReader ER40 provides a complete and full-featured

access control hardware/software infrastructure and contactless smart card capability at “the edge” of the network

(24)

Options

_Options

Options

_Options

• The HID EdgePlus E400

is a separate Controller that manages up to 44,000 cardholders or credentials in complete and full-featured host systems. And an

EdgePlus can be placed anywhere at the door to address all security requirements. A fully

integrated processor right at the door that’s an ideal solution for retrofits or new installations, EdgePlus requires less wiring and uses

standard CAT-5 or 6 cabling for both data and power.

• With a separately connected reader, EdgePlus is a perfect solution for migrating existing reader installations to the “edge” of the network. This type of installation is recommended for exterior

(25)

Door Hardware

_{Door Hardware}

Door Hardware

_{Door Hardware}

• Electronic Locking Devices

– Strikes

– Electrically Retractable Rim Mounted Exit Devices – “Live” Hinges

(26)

Clarify Hardware Terminology

_{Clarify Hardware Terminology}

Clarify Hardware Terminology

_{Clarify Hardware Terminology}

What do “Fail Safe” and “Fail Secure” mean?

• _{Fail Safe}

- Lock or locking device that remains unlocked on loss of power.

• Fail Secure

- Lock or locking device that remains locked on loss of power. This can also known as Non-Fail Safe (NFS).

(27)

HES 9000 Genesis Series

_{HES 9000 Genesis Series}

HES 9000 Genesis Series

_{HES 9000 Genesis Series}

• HES 9600 Completely surface mounted, the 9600 accommodates rim exit devices in metal or wood jambs. Field selectable fail safe/fail secure.

Optional Features

LBM - Latchbolt monitor

LBSM - Latchbolt strike monitor

• HES 9500 Same as the 9600 but Fire Rated (UL 10C fire-rated, 1-1/2 hour in fail secure state only)

(28)

HES 5000 Series

_{HES 5000 Series}

HES 5000 Series

_{HES 5000 Series}

• HES 5000 series is a grade 1, compact, high performance electric strike

designed for low profile steel, aluminum, and wood openings where there is

limited space behind the jamb. This field selectable fail secure/fail safe unit

accommodates 5/8" latchbolts.

(29)

HES 5900 Series

_{HES 5900 Series}

HES 5900 Series

_{HES 5900 Series}

• HES 5900 series strikes are feature a unique concealed design for increased security in steel, aluminum, and wood frames with a ½”-5/8” latchbolt. Field selectable fail safe/fail secure, the 5900 also minimizes frame modification.

(30)

HES 8300 Series

_{HES 8300 Series}

HES 8300 Series

_{HES 8300 Series}

• HES 8300 is a new 3 hour fire-rated (in fail secure condition), concealed,

compact, high-performance electric

strike designed for steel, aluminum, and wood frames. It fits into a standard 1" ANSI/BHMA A156.115 dustbox, with little or no modification to the frame. Accommodates 1/2"-5/8" latchbolt (5/8" with 1/8" door gap).

(31)

Folger Adam 310-4-1

_{Folger Adam 310-4-1}

Folger Adam 310-4-1

_{Folger Adam 310-4-1}

• Optional Features

Fail Safe

LCBMA - Latchbolt & Locking Cam Monitor with Auxiliary Switch

• Note: The bottom rod of the exit device be removed or made • Folger Adam 310-4-1 is a

Fail Secure (standard) strike for double doors (without mullion) which are equipped with surface vertical-rod exit devices having a swinging, pullman style latchbolt.

(32)

Folger Adam 310-6-1

_{Folger Adam 310-6-1}

Folger Adam 310-6-1

_{Folger Adam 310-6-1}

Fail Safe

• Note: The bottom rod of the exit device be removed or made inoperative

• Folger Adam 310-6-1 is a Fail Secure (standard) strike for double doors (without mullion) which are equipped with concealed vertical-rod exit devices.

(33)

Folger Adam 310-6-8

_{Folger Adam 310-6-8}

Folger Adam 310-6-8

_{Folger Adam 310-6-8}

Fail Safe

• Note: The bottom rod of the exit device be removed or made • Folger Adam 310-6-8 is a

Fail Secure (standard) strike for the active leaf of a pair of double doors (without mullion) which are equipped with

concealed vertical-rod exit devices having a ½” to 5/8” throw latchbolt.

(34)

Von Duprin 98/98 Series Exit Devices

_{Von Duprin 98/98 Series Exit Devices}

Von Duprin 98/98 Series Exit Devices

_{Von Duprin 98/98 Series Exit Devices}

Take this standard device and add

Optional Features to make it work for an

Access Control system…..

(35)

Von Duprin 98/98 Series Options

_{Von Duprin 98/98 Series Options}

Von Duprin 98/98 Series Options

_{Von Duprin 98/98 Series Options}

• Signal Switch

The SS (Signal Switch) feature signals unauthorized use of an opening. One internal switch monitors the touchbar and the latch bolt for positive security. A second internal switch is controlled by the key cylinder for alarm reset. The SS device is designed to work with additional alarm components.

• Electric Latch Retraction

The EL (Electric Latch Retraction) devices provide remote locking control, useful where free-swinging doors are normally utilized. May be applied to fire devices when under the control of an

automatic fire alarm system. A powerful, continuous duty solenoid retracts the latch bolt, either for momentary unlatching, or for

extended periods of time. Serves as an alternative to manual dogging. Requires dedicated 24VDC, 16 Amp Power Supply.

(36)

Von Duprin 98/98 Series Options

_{Von Duprin 98/98 Series Options}

Von Duprin 98/98 Series Options

_{Von Duprin 98/98 Series Options}

• Request To Exit

The RX (Request to Exit) option is used to signal egress of an opening. These devices are equipped with one internal SPDT switch, which monitors the touchbar.

• Latchbolt Monitor

The LX (Latchbolt Monitor Switch) option is used to signal both

egress and access of an opening. These devices are equipped with one internal SPDT switch, which monitors the latch bolt.

• Electric Mortise Lock

The E7500 (Electric Mortise Lock) option provides for remote

locking or unlocking of the outside trim without retracting the latch bolt. Particularly useful as a fail-safe component of an automatic fire alarm system.

(37)

Electric “Live” Hinges

_{Electric “Live” Hinges}

Electric “Live” Hinges

_{Electric “Live” Hinges}

• Multi-Conductor concealed wires conduct current regardless of door position

• No electrical parts are exposed when hinge is installed

• To conduct power to electric locks,

panic bolts, or hold-open devices. Also to transmit signals from code readers on doors to remote computers for access control.

• Usually available in steel, brass, bronze, and stainless steel standard weight

sizes

• Electric Hinges should be installed in the center hinge location

(38)

Coordination & Communication

_{Coordination & Communication}

Coordination & Communication

_{Coordination & Communication}

Double Doors requiring Access Control require good communication and coordination between the Access Control Vendor and Door Hardware Vendor and Sub-Contractor.

With ever-changing technologies in the Access Control field, Door Sub-Contractors often don’t know what to do with this “box of stuff” full of wires attached to the items they are used to working with. “Live” Hinges and Electrically Retracting Rim Mounted Exit Devices often leave these guys scratching their heads. And if they install the components incorrectly, the electric components may not function.

So when Double Doors require Access Control, it is advantageous for the Access Control Vendor to be involved from start to finish (from door design to installation) to make sure the door will

(39)

So….

_So….

Why an Access Control Vendor?

So….

_So….

Why an Access Control Vendor?

• Access Control enables an Owner the ability protect resources and assets using technology. There are many companies “out there” just to make a buck. Licensure helps to some degree, but choosing a Vendor with experience and integrity ultimately protects the interests of an Owner.

• Experience provides depth, ensuring product quality and

performance by an Organization that knows the industry today, and which direction it will go tomorrow.

• Integrity offers a long-term relationship – LONG after the dust has settled and the novelty of a new facility wears off. Such a Vendor will be there years after a project is complete, offering customer support to back up the high-quality products installed in the beginning. This entails seeing beyond just making a buck. A Vendor with integrity looks for the interests of an Owner every step of the way.

(40)

888-403-9940

(41)

G

_G

iving Credit Where It Is Due….

_{iving Credit Where It Is Due….}

Access Specialties Products under their registered TradeMarks.

HID Products under registered TradeMarks of ASSA ABLOY.

HES Products under registered TradeMarks of ASSA ABLOY.

Folger Adam Products under registered TradeMarks of ASSA ABLOY

Von Duprin Products under their registered TradeMarks

Access Control system definitions courtesy of Wikipedia