Slow-to-evolve access control systems are finally becoming network devices with protocols, smarts, and standards.
by Betsy Ziobron
For several years, the security and information-technology (IT) industries have been pushing toward each other as a result of Internet Protocol (IP) convergence, made especially evident by the advent and up- take of IP video surveillance solutions. On the other hand, access control systems have been much slower to evolve. But this past year has brought many industry and technological changes that are finally putting access control on the IT map.
Finally coming together
“The purchase of IT solutions has typically been related to some revenue-generating activity while security has mainly been a pure expense,” says John Moss, chief executive officer of S2 Security Corp. (www.s2sys.com). “Another issue preventing technology adoption was that the gold standard in the access control world was always the lock, and a lock has a 25-year life,” notes Moss. “Now, with IP convergence and IP video taking off, other systems are feeding off of that trend. I’m impressed with the speed with which an otherwise slow industry has reacted, and I’m pleased to say that access control is finally coming of age.”
Access control systems are evolving due to convergence of security systems with the data communications infrastructure, as well as through the convergence of physical and logical security.
“The security devices are becoming network appliances with all the connections and protocols that IT professionals look for when deploying a device on the network,” says Mark Peterson, director of iTechnology Design Resource for HID Global (www.hidcorp.com). “That convergence is also bringing together physical and logical security. One example might be that an employee cannot log onto the network if they never used their card to first come through the front door.”
According to Peterson, the recent evolution of access control is a result of a concept that has been around for years but only recently became a reality: “The industry can talk about the concept of complete network-based access control, and people will buy into it; however, we had to have reliable products from sources customers trust, and at the right price. That’s what is finally happening today.”
Peterson adds, “Unless you’re a casino or retail establishment, it wasn’t always apparent that physical security was contributing to bottom-line profitability, and it was difficult to justify the expense. With network-based access control, users can do a lot more things that they couldn’t do before.”
For example, Peterson says, access control transaction data can be shared with other non-security processes, such as time and attendance, or production control. “Creating benefits and improving efficiencies outside of security increases the value of security expenditures, enabling it to shift from being an insurance policy to actually having ROI [return on investment],” he explains.
In the past, the different knowledge sets and cultures that existed between IT and security groups, combined with the fear that one group may suffer a loss of control, worked to resist convergence. Those adverse dynamics also appear to be evolving.
“Over the past 12 to 18 months, the attitude has turned 180 degrees, and we’re starting to see almost every security vendor embrace IP technology,” says John Smith, marketing manager for Honeywell (www.honeywellaccess.com). “There is a learning curve associated with that, and the typical security installer is learning IP-based technology.”
On the flipside, Peterson says he sees both groups requiring an increased knowledge base, and IT professionals also stepping up to learn: “IT professionals know how to move data from point A to B, but when it comes to security, they may not know how that information is going to be used by the security professional, how to make an access controlled door work properly, or how alarms, or other security-related transactions are monitored, stored, or responded to. Those are the details IT professionals are trying to learn, and when we speak at BICSI events, we almost always have a full house.”
Peterson continues, “I believe it’s moving in both directions, and one group is no more in the driver’s seat than the other. I’ve seen the RCDD designation popping up as a requirement on security projects, and at the same time, many traditional datacom installers are hiring security professionals to supplement their offerings.”
While IP convergence is definitively the biggest trend in access control, others include the increased use of 13.56-MHz contactless smart cards that contain an embedded microprocessor to store and process information, and can be read with radio-frequency identification (RFID) by holding the card in front of a low-powered laser. Smart card technology goes hand-in-hand with IP convergence; as more applications are converged over the network, a smart card can be used for all of them.
“The card that got you in the door can be used for several other security and non-security applications, which adds value to the card,” says Peterson. “You can use it to log onto your PC, buy your lunch, go the gym, or even to ensure that you have the right safety credentials that allow you to access a piece of machinery on the factory floor.”
Adds Smith of Honeywell, “The government’s HSPD-12 [Homeland Security Presidential Directive-12] that requires smart cards for all government employees and vendors will really cause smart cards to take off over the next few years. We’ll see vendors, including ourselves, standardizing on that format for both the government and private sectors to embrace.”
While higher-memory smart cards come with a higher price tag, the cost difference between smart card and traditional proximity-based technology is negligible.
“Other than to support legacy systems, there’s no reason to not go with smart card technology today,” says HID’s Peterson. “When it’s a single application, there is no price difference between a smart card and a non-smart card. Anyone with a budget to put in a standard proximity-based system can afford a smart card system instead.”
Standards playing their part
Access control systems have been mainly proprietary closed systems, but IP convergence, new vendors entering the marketplace, and user demand are pushing for open systems and interoperability. Data communications infrastructures and IT systems are almost entirely based on standards, and many believe that access control simply cannot continue to enter that realm without them. As a result, standards activity in the security industry is taking off.
In late August, the SIA (Security Industry Association; www.siaonline.org) sent its Open Systems Integration and Performance Standard (OSIPS) out for formal ANSI Public Review. The OSIPS framework defines how security components may interoperate and communicate with other security components over any transport mechanism. In addition, SIA’s Access Point Controller Subcommittee is in the process of developing open standards that will define a data model for access point controllers, facilitating the integration of functions between access control readers and other related system components.
Government regulations are also working to push for open security standards. For example, purchasing regulations within the government call for standards-based products wherever they exist.
“The security industry has been exempt from government purchasing requirements, but as open standards develop, the government will demand it, and more manufacturers will move away from proprietary systems,” says HID’s Peterson. “There are some vendors that still like capturing business through a proprietary strategy, but we think that is short-sighted. Interoperability and open standards will create the demand for more-innovative solutions and a higher degree of reliability-all of those aspects that IT vendors have been promoting for years.”
The recent evolution of access control systems is evident by the many new devices entering the marketplace that take advantage of IP and Power over Ethernet (PoE).
One of the first IP-based access control devices to hit the market was Integral Technologies’ Intelli-M Ethernet-Enabled Integrated Door Controller (eIDC) that uses a Category 5e or 6 cable to connect directly to a network switch and receive PoE to provide 750 mA of continuous power at the door.
“Systems used to require separate wires for the lock, request to exit, door status monitoring, and another 5 to 10 wires for the reader, all of which went back to wherever the access control panel was located,” says John DiNapoli, product manager with Integral Technologies (www.integraltech.com). “Now, we bring just one network cable to our intelligent controller located at the door, and run short wires from the controller to the various door functions.” The eIDC talks to any third-party door reader using the Wiegand standard communications format, and includes an embedded web server that can be accessed by any web browser for entering cards, configuring settings, and running reports.
In September, S2 Security Corp. launched its S2 NetDoor MicroNode that is supplied in a 7 x 7-inch locking enclosure with tamper detection. The MicroNode is also located at the door, connects to the network via one Category 5e/6 cable, and can derive power from PoE to power locks, readers, and associated door devices. One unique aspect of the MicroNode is its ability to use PoE to power up to two electric door strikes or one magnetic lock, something that used to require a separate power source.
“PoE does have some limitations for access control locks, and we had to build a little cleverness into the circuitry to make it happen,” explains Moss. “The amount of power required to make an electric strike unlock is higher than the amount required to keep it unlocked. The lock requires no power when locked.”
Moss explains, “We essentially use PoE to charge a capacitor that holds enough power to trigger the lock. Then we use regular PoE to keep it open.” According to Moss, the cycle time for the capacitor to build up enough power is only 300 milliseconds, which happens so quickly that a person can’t go through the door in that amount of time.
HID’s EDGE solution includes EdgePlus, used for renovations where readers are already in place, and EdgeReader, a single-door controller with integrated HID iCLASS reader in a single-piece design. EDGE also connects to the network and receives PoE via a single Category 5e/6 cable, and the access-control-specific wiring is done at the door where the runs are short, predictable, and manageable.
“With EdgeReader, we’ve essentially combined the operating characteristics of the card reader and controller into one small device that hangs on the network via an RJ-45 Ethernet port,” explains Peterson. “Now, the control panel and proprietary wiring goes away, and the average cost of a traditional system that was about $3,000 per door is cut in half.”
While EDGE controllers can be easily managed as standalone devices via web browsers, Peterson admits that it would be cumbersome to manage many doors separately, which is why HID embraces an open API (application programming interface) strategy.
“In the case of several doors, our devices are compatible with over 50 access control software packages that aggregate the information from several readers,” he says.
Bridging the gap
Despite the several new IP- and PoE-based solutions hitting the market, the fact remains that many traditional access control systems are still in place and work just fine. As a result, many vendors also offer solutions that bridge the gap.
“Not every application lends itself to a Cat 5 or 6 drop to the door,” Peterson says. “There are existing infrastructures and systems working and operating that were put in over 20 years ago, and tearing those out can cost millions of dollars. Much of our effort is based on providing products that allow customers to migrate from traditional to newer technologies.
For example, Peterson adds, “we have products that combine both proximity and smart card technology so that customers can keep traditional readers, add new contactless readers as needed, and use a card that works in both.”
Growth issues
Honeywell’s Smith observes, “Those that don’t have legacy systems out there to deal with can come to market relatively quicker because they don’t need to worry about migrating existing customers. Those vendors, however, could also be limiting themselves. Because we have many legacy customers, our goal was to develop a hybrid product that could serve these customers and still offer the latest capabilities.”
Honeywell’s NetAXS hybrid access control panel features an embedded web server and 10/100 Ethernet port for connecting to the network infrastructure while also offering the ability to connect to traditional PC-based systems using RS-232 or RS-485 serial communication.
“Our NetAXS panel is backward-compatible and ideal for situations where an existing facility has a traditional PC-based system but they need to deploy access control in new areas or remote locations, or slowly migrate to the newer technology,” says Smith.
From reduced installation and maintenance costs to the ability to leverage the corporate network, the benefits of the recent access control evolution are significant. “What IP and PoE mean to the customer is tremendous savings on wiring and management costs,” says S2 Security’s Moss. “Customers can use the same low-voltage technicians that install their networks to install access control. Now that these systems fit in with the IT infrastructure, they can also take advantage of everything that goes along with that-backup power, environmentally controlled space, and backup of data on a daily basis.”
Most believe that as access control continues to leverage the IP infrastructure and PoE, we’ll see even more technological advancements.
“With the push toward IP, wireless is making its way into the access control space,” observes HID’s Peterson. “Sometimes, getting the Cat 5/6 wire to a certain location can be difficult and costly, like at a gate out in a parking lot that could require trenching. The signal can easily be sent back via wireless, and while that may eliminate PoE at the reader, there’s already power out in the parking lot for lights, guard shacks, and other applications.”
Adds John DiNapoli of Integral Technologies, “The next generation of PoE will bring even more power out to the door to handle larger, more-powerful locks, further reducing costs. Ultimately, I envision Cat 5/6 cables coming right through the hinge to the lock. If readers become wireless, the costs will drop even more, and we’ll see a demand for more doors to be secured.”
Walking to the beat of convergence
With IP convergence and open standards will come a more crowded playing field. “More vendors will be jumping on the bandwagon, and the amount of available products will increase,” says Peterson. “We’re no longer just talking the talk; we’re walking the walk.”
Betsy Ziobron is a freelance writer and regular contributor to Cabling Installation & Maintenance. She can be reached at: [email protected]