Accessibility and ease of circulation are central considerations in the management of any building, but how do we balance the need for efficient and convenient movement with the needs of security?  Making the right choice of access control system and supplier is the key to this question.  Mike Sussman explains.

Modern access control systems offer secure, convenient and versatile options for managing the movement of people, vehicles or assets into, out of and around a building or site.  They allow access only on the basis of prior authority, in the form of a physical ‘key’, code or credential issued to the user.  The devices may stand-alone - controlling entry to a single door, gate, turnstile or barrier - or they can be linked electronically to several entrances, often with a computer interface to enable central programming and to record details of usage.  Such networks are capable of being pre-programmed to allow different levels of access to different people at different times, according to the user’s needs or individual security clearance.  This facility is useful, for example, in setting ‘time windows’ for people like cleaning staff.

The different types of access control system on the market, combined with frequent improvements in technology, can easily be confusing for users.  This article aims to provide an overview of the main options and selection criteria.  

The first and most important issue to address is deciding exactly what you want the system to do and how that requirement may change over time.  The answer to this helps both to determine the type of system required and to ensure its compatibility with any future expansion.

Starting point

Begin by asking yourself five questions.  First, what level of security is needed?  This is important because, as we shall see, some technology types are inherently more secure than others.  Next, consider what volume of use is expected and whether it is likely to increase.  Remember here that some systems have limited scope for expansion.  Third, ask how many entrances need to be controlled and whether the number is likely to change.  This is an essential issue because some types can be integrated into a larger system and others cannot.  Fourth, establish whether there is a requirement for additional features, such as transaction recording.  Transaction recording may be needed, for example, to aid the future investigation of incidents by establishing who went where and when, to determine levels of occupancy in the event of an emergency evacuation, or to implement dual uses such as cashless vending, library services, or time and attendance recording for payroll applications.  Finally, will the system, now or in the future, be required to integrate with other systems, such as intruder, CCTV, or building management to increase security/incident monitoring or improve efficiencies in the business?

Armed with the answers to these questions, a review of the essential types of access control system will give a good indication of the most suitable kind and provide a sound basis for more detailed discussions with the experts.  So let’s consider the possibilities.

Numbers, cards and keys

One of the most common types of unit is the basic keypad system, comprising a user terminal with a series of numbered push-buttons, or a touch-sensitive pad, connected to the lock release mechanism via a control unit inside the entrance.  The control unit is pre-set with a personal identification number (PIN), which allows the door release to operate when the number is keyed into the terminal.  The PIN can usually be changed at any time, either as a routine security measure, or if it is compromised.  Most PINs consist of a four-digit number, giving odds of virtually 10,000 to 1 against an unauthorised person guessing the right code at the first attempt.  Some activate an alarm, or cease to function for a pre-set period, if a series of incorrect codes are entered in a short space of time.  But despite such features, keypad units cannot be regarded as offering the highest security.  They demand that the PIN is kept secret, which can be difficult if large numbers of users are involved, and there is usually no way of knowing if it has been compromised, or by whom.

Card entry units that allow access when a pre-programmed card or token is introduced to the terminal are generally more secure, essentially because they require the physical possession of an appropriate card.  They come in three basic operating types: insertion, swipe readers and proximity devices.  

As the name suggests, insertion readers require the card to be placed into a slot in the terminal, like operating a bank’s cash machine.  The terminal contains a reader similar to the heads in a tape recorder, which reads coded information in a magnetic stripe on the card.  Users should be aware that some of these cards can be duplicated with relatively simple and inexpensive equipment.  As with most security decisions, the issue comes down to a balance between the risk and the cost of protection.  Several manufacturers have addressed the copying problem by augmenting the coded data in the magnetic stripe with a unique pattern implanted in the card itself, which makes unauthorised duplication much more difficult.  

Swipe readers work by 'swiping' a card through an open channel in the terminal, which activates the lock release by generating an electronic pulse in a sensor coil when individually coded wires buried in the card interact with a magnetic field in the terminal.  They are also known as Weigand-effect devices and are considerably more difficult to duplicate than magnetic stripe technology.

The third category of card system often employs coded tokens or fobs of different types, rather than conventional cards.  These are the proximity devices, so called because they unlock the entrance when a token is placed near the terminal.  Circuits buried in the token are swept by an antenna in the terminal.  Some proximity systems have the advantage of allowing hands-free access, enabling users to wear the token like a badge or necklet.  Proximity readers can operate through most non-metallic surfaces, enabling the terminal to be protected from vandalism by sub-surface mounting.  Like Weigand-effect systems, they generally offer high immunity from unauthorised duplication.  Their ease and speed of operation also makes them very suitable for high-volume entrances.  They are often the most convenient option for the special needs of some disabled users, as well as being capable of adaptation for use on vehicles and car park entrances.

Card readers, then, offer convenience, relatively quick operation and potential cost savings, since many systems possess the ability to invalidate lost cards, precluding the need to change locks.  Increased security can be obtained from dual technology products that combine a card reader with a keypad, demanding both physical possession of the card and a knowledge of the PIN.  Such units are not generally suitable for use on high-volume entrances, however, as they tend to be relatively slow in operation. They are valuable for special applications like computer rooms and cashiers offices, where only a small number of people require regular access.

In summary, both card readers and keypad-based units offer advantages of convenience, economy and versatility, compared to standard locks and keys.  They also tend to integrate well with other security measures. Integration introduces opportunities for total security management by linking such facilities as alarm and building management, energy conservation and CCTV to enable visual verification.  Of course, visual verification may be implemented in other ways, such as by the use of combined audio and video entry systems that allow a receptionist or security guard to exercise personal control over access from a secure location.  In such systems, selected entrances are linked to a central control point by a two-way intercom, combining opportunities for verbal communication and visual recognition.  Access is granted by operating an electronic lock release located at the control point, although it should be noted that the practice is unsuitable for high volume use.  

The main security issue arising with most card-based systems is the possibility of misuse of lost, stolen or ‘borrowed’ cards.  Whilst many systems allow lost cards to be cancelled, human error can be a limiting factor here.  The final type of access control system we will discuss removes this risk by allowing entry only if the authorised user’s unique human characteristics are recognised.  This is biometric technology.  

Different types are available, which store the geometric patterns of the user's retina, hand, fingerprint or vein in an electronic memory.  The user inserts a card or PIN, then places their eye, hand or finger on, or in front of, a sensor, which scans the relevant pattern and allows entry only if it is identical to the one stored in the memory.  Voice recognition technology may also be employed to allow entry by matching the acoustic patterns of an individual’s speech.  The relative slowness of operation of some biometric technologies may be unsuitable for high-volume entrances but biometric systems offer very high security in selected locations by demanding the physical presence of the authorised user.

Making the choice

Access control systems therefore cover a wide range of possibilities in terms of security, complexity and cost.  The preceding overview is a good starting point but it is crucial to remember that making the right choice also includes the selection of a supplier.  

The BSIA facilitates well informed choices.  All members of its Access Control Section are required to achieve internationally recognise quality management standards in design and installation.  Consequently, BSIA membership becomes the hallmark of quality and professional security.
For more information on access control, visit www.bsia.co.uk/accesscontrol.

Mike Sussman is Chairman of the British Security Industry Association’s Access Control Section.
www.bsia.co.uk