2. AGENDA
Access Control Systems
The Balancing Act
Access Control Defined
Key/Credential Management
Control Configuration
Software Features and Capabilities
Controller Hardware
Break
Peripheral Components
Access Controlled Door Hardware Types and Specifications
Trends and Convergence
Resources
3. How to get the most…
HARVARD RESEARCH STUDY
VERBAL COMMUNICATION
Approx 100% was what the speaker wanted to say
Approx 80% was said
Approx 60% was heard
Approx 40% was remembered after 3 hours
Approx 15% was remembered after 3 days
Approx 0-5% was remembered after 3 months
VERBAL + VISUAL COMMUNICATION
Approx 60% was remembered after 3 days
Approx 40-50% was remembered after 3 months
VERBAL + VISUAL + NOTES
Approx 80% was remembered after 3 days
Approx 60-70% was remembered after 3 months
4. How to get the most…
Why are we here?
Gain Knowledge.
Asking Questions.
5. The Balancing Act
• Security
• Balancing Openness and Public Safety
• Applying new technologies and lessons learned
• Improving the physical security of buildings
• Protecting people and assets while maintaining
a pleasant work environment.
• The challenge facing government officials,
realtors and corporate building owners.
6. Security….”The Absolutes”
• Our world is dangerous and will get more dangerous
• We take security for granted till something goes
wrong.
• Security is inconvenient- and expensive
• Paranoid or Prepared? Politics!
• Constant vigilance – Almost overwhelming!
• 100%, guaranteed security ?? No such thing !
• 100% security = 0% accessibility
• 100% security = 0% productivity
7. Architects and Security
• Buildings must be functional,
comfortable, inspirational – SAFE
• You don’t design a building for security.
You secure the design of a building
• Rethinking Security – new meaning to
architects
10. The WHO
• The person, or device, requesting access to an
area, or asset, we want to control.
• Authentication Methods
…something the person / device…
• HAS – Physical
• KNOWS – Knowledge of
• IS / ARE – Biometric
11. The WHERE / WHAT
• The place or process we want to allow authorized
persons to get to.
• Physical and Logical
• Controlled or Restricted area
• As it relates to both manual and electronic
access controls this is critical to our access
management plan
• Vending, gas dispensing, copier machine
usage, time and attendance, meal plans and
more
12. The WHEN
• The time period or interval when access is
granted or denied.
• Can be managed with both on line and off
line systems
• Also used for setting events and logic
statements for:
• Triggers
• Time Zones
• Timing responses to alarms
• Timing for routing of messages to other devices
15. Ultimate Key Management
Unauthorized key duplication remains the most
violated security policy and one of the largest
problem of facility managers
• Knowing exactly who has keys
• Knowing areas of access of each key holder
• Knowing key blanks are not readily available
• Knowing keys cannot be copied without proper
authorization
• Having a policy on lost keys
• When issuing temporary use of keys, keeping record trail
16. Yesterday’s Key Control
Conventional A conventional keyway is one which the
manufacturer will sell to anyone, it may most
Keyways common, or the most used, or the "standard"
or it may be family of keyways
D0 NOT Key # 123
DUPLICATE
PLAIN STAMPED
BOWS BOWS
17. 5 Steps To Key Management
COMPLETE
KEY
CONTROL STRONG CONTROLLED LEGAL AUDIT ENFORCEMENT
UTILITY KEY CONTRACTS CONTROLS
PATENT BLANKS
Not a Not Agreements Know Must Be
Design Available of Where Aware of
Patent to all Control Blanks Unauthorized
Customers Are Copies
18. Today’s Key Management
1. Patented keyways
Blade
Utility patent gives manufacturer exclusive
manufacturing rights
Security
Manufacturer control distribution
Ledge
Security Leg Patent good for 20 years
Millings for Imitation manufacturers cannot duplicate
Keyway Blade Assures protection to facility / owner
19. Today’s Key Management
2A. Manufacturer Controls
Policy
1. Verify all signatures
2. Policy and procedures in place
3.
4
Signature verification
Controlled access to product areas
Ship key blanks direct to end user
Has return key policy
Provides specially coined blanks
20. Today’s Key Management
Request for New Key 2B. Facility/Owner Controls
DATE: 07-04-05
Policy and procedures in place supported by
TO: Lock shop
upper management
ISSUE TO: Bill Jones
Locksmith administrator on staff
NO. OF KEYS: 1 Locked storage
APPROVED BY: C T Smith Supervisor approval of new keys
Employee signs for key
ISSUE TO : Bill Jones
By Lock Shop Should have penalty attached
KEY NUMBER: 123
All keys numbered and logged into system
KEY SET: AB15
ISSUE DATE: 07-07-05 Procedure for keys to be returned
ISSUED BY: CH
DATE ISSUED: 07-07-05 should have penalty attached
RECEIVED BY: Bill Jones
RETURNED DATE
Additional procedures:
Cleaning crew
Outside contractors
21. Today’s Key Management
3. Contracts and Agreements
Protects facility / owner
We agree Protects distributor
Protects manufacturer
Summarizes responsibilities to all
parties
Provides guide lines
Eliminates misunderstanding
22. Today’s Key Management
4. Audit Controls
Keep records – Use Software
AB15
1215 Use manufacturers original blanks
123 Reduce master keying
Have employees carry more
than one key
Stamp keys with code
Utilize available forms
Use sealed key rings
Use a key cabinet; electronic or manual
25. The Credential
• Most visible component of the system
• Issued to personnel as “electronic keys”
• Several Card Technologies
• Badge Construction
• Degree of Security Required
• Durability
• Reader Environment
• Convenience and Price
• Performance
26. Card / I D Technology Types
• Barium Ferrite
• Bar Codes
• Magnetic Stripe
• Wiegand
• Proximity
• Smart Card
• Hybrid
27. Biometrics – Another Key
• Biometrics and the “Smart Card”
• Iris Scan
• Finger Print
• Facial Recognition
• Retinal Scan
• Voice Recognition
• Hand Geometry
• Others on the horizon
28. Credentials / Smartcards
Access PC Login
Control
Time &
Attendance
Personal Data
Photo Cafeteria
Vending
Free
Free
29. Access Controls more about the “key”
• The “Common Access Card”
• FIPS 201 / HSPD12
• Database sharing trends
• Communications options
• Encryption – DES, AES
• PINs
30. HSPD-12
Homeland Security Presidential Directive/Hspd-12
Subject: Policy for a Common Identification Standard for Federal
Employees and Contractors
(1) Wide variations in the quality and security of forms of
identification used to gain access to secure Federal and other
facilities where there is potential for terrorist attacks need to be
eliminated. Therefore, it is the policy of the United States to enhance
security, increase Government efficiency, reduce identity fraud, and
protect personal privacy by establishing a mandatory, Government-
wide standard for secure and reliable forms of identification issued by
the Federal Government to its employees and contractors (including
contractor employees).
34. Multi-User / Multi-Door Systems
• Instant Multiple Notification Options
• LAN Access
• Discretionary Reporting
• Mandatory Controls
35. Enterprise Systems
ACCESS
CONTROL DIGITAL VIDEO
SURVEILLANCE &
MANAGEMENT
IDENTITY
MANAGEMENT INTEGRATED
ALARM
MANAGEMENT
INFORMATION
SECURITY MULTI-TENANT
PROPERTY
MANAGEMENT
BUILDING
AUTOMATION
VISITOR
MANAGEMENT
ASSET
WIRELESS
MANAGEMENT
ACCESS
INTRUSION
INTERCOM DETECTION
COMMUNICATION FIRE ALARM
SYSTEMS SYSTEMS
36. Enterprise Systems
Human Access
Credential Resources Control Biometric
Management Templates
Medical Visitor
Information Management
Bringing together
ERP disparate databases Social
Security
or information
Time and sources Incident
Attendance Reporting
Criminal
Smart Cards History
Active
Payroll
Directory/LDAP
37. System Architecture
Life Safety
Visitor
Photo Imaging Management Management
POTS
CCTV System RS-232
Access Control
Ethernet Network
Dial-up Modem LAN/WAN
Cellular
Direct Connect
RS-232 or RS-422 RS-422
Field Panel Door Controller Field Panel Field Panel
RS-232
Modem HVAC Field Panel
Field Panel
Readers
38. SOFTWARE
• Integrated solutions sets
• Network ready
• SQL and Oracle
• Linux based embedded solutions
• Partition-able database
• Windows XP, NT, 2000, Vista Compatibility
• Web enabled
• Web Embedded
39. The Application Software
• This is the GUI- It should be intuitive easy to train
operators and managers
• The database manager
• Ability to partition and filter views based on passwords
• Import and export features
• Potential interface to HR database systems
• May be Standalone or
• Part of a network
• Numerous work stations
• Redundant emergency backup
• Full set of utilities for storage and archiving
40. Desired Software Features
• Migration path (scalability)
• Alarm Monitor capacity
• Anti-Pass back
• Event Triggers
• Time zones and Holidays
• Clearance (area) controls
• CCTV Matrix Switching
• Digital Video recorder event linking
41. Desired Software Features
•No limit on system scalability.
• Unlimited Card Readers.
• Unlimited Inputs/Outputs.
• Unlimited Cardholders.
• Unlimited Control Panels.
• Unlimited Holidays.
•Guard Tour application
•Elevator Control
•Full featured Badging
•Real time status monitoring
•Multiple reader technology
support
•Microsoft database
•Report Manager
•Visitor Management
•ODBC and MDAC Compliant
•Potential web access/enabled
50. Integrated Applications
• Photo I D Creation
• Bio-metric enrollment
• Alarm management
• Access Management
• Air Quality monitoring
• Visitor Controls
• Digital Video event linking
• Event and data base linking
• Camera Controls
• Virtual CCTV Matrixes
• CCTV Analytics
• Smartcard Application Support
51. Access Control Panel Operation
• Card is presented data sent to Panel
• Panel compares information
• Grants/Denies access
• Based on Card Status
• Time of Day
• Cardholder’s access privileges
• Other Administrator selected features
52. Access Control Panels
• Contain Microprocessors
• On-board Random Access Memory (RAM)
• Upgradeable Software stored in Erasable Program Read
Only Memory (EPROM)
• System Administrator or authorized web client
enters all information related to system at host
computer or direct to board via web with on
board software in panel
• Information may be downloaded to Access
Control Panel’s RAM
53. Access Control Panels
• Once downloaded/programmed a Panel
can process information locally.
• “Intelligent” panels inform the Host of all
actions taken, including time and date
• Often referred to as “distributed processing”
• Saves Host processing time
54. Access Control Panel Operations
• May be configured many ways
• Can store thousands & some users are requiring
Millions of records!
• Multiple access levels
• Time Zones
• Thousands of historical transactions
• Quantum leaps in storage abound
55. Access Control Panel Operations
• Can support Inputs
• Can detect an input’s change of state, process the
information and report it to the host computer/ or web based
client on alarm
• Typical Inputs include door monitor and request to exit (or
bypass) devices
• Can support Outputs
• Door locking mechanisms
• Sound or broadcast alarm devices
• Lights, sirens, bells, digital dialers, etc.
• Can be programmed so an Input activates or deactivates
outputs automatically
• Example: Glass break sensor (input) might activate a
siren (output)
57. Access Control Panel Wiring
• Three different approaches to cabling of
readers
• Bus Cabling
• Readers can be wired to a common cable that runs back to the
panel
• Saves wiring costs when readers are close to each other
• Star Cabling
• Readers can be wired to the panel individually
• Combination Bus and Star sometimes is best
• Independent IP / Network Drop communications via Network
58. Access Control Panel Trends
• Distributed intelligence
• Embedded software – web enabled data
management
• FIPS- 201 for Federal Employees
• Full feature set resident at the local panel
• POTS pack up / cellular back up
• HiCap memory backup
• On line and off line capacity
• Bio-metric / Smartcard
• Integrated into lock hardware
68. The Basics: Electric Locks
Maglocks
Strikes
Cylindrical
Mortise
Exits
Peripherals
69. ELECTRIFIED HARDWARE
Benefits of Electrified Hardware
Safety Security
Control & Monitoring Remote Locking
Reduces Manpower Convenience
ADA requirements
Performs functions normally executed manually, usually
from remote location or automated.
Must specify a system with all components compatible.
One component will not work without the others.
71. ACCESS CONTROL HARDWARE
Parts of a Regulated
Power Supply
INPUT Reduces Voltage
120VA TRANSFORME
C R
RECTIFIER Converts AC to DC
CAPACITOR Stores needed current
FILTER Eliminates “Noise”
OUTPUT REGULATOR Keeps Output Constant
24VDC
72. ACCESS CONTROL HARDWARE
The power supply must furnish the
SAME voltage as required by the
load.
The current (amps) available from
the power supply must be
EQUAL TO or GREATER THAN that
required by the total load of the
system.
73. ACCESS CONTROL HARDWARE
Converts electrical energy into another form I.e.,
unlocks a solenoid, retracts a latch bolt, etc
Performs the work required
Electric Lock or Strike
Electric Exit Device
Closer / Holder
Electromagnetic
Holders
74. ACCESS CONTROL HARDWARE
Terminology
FAIL SAFE FAIL SECURE
• Lock or locking device (non-fail safe)
that remains • Lock or locking device
UNLOCKED on loss of that remains LOCKED
power on loss of power
75. ACCESS CONTROL HARDWARE
Need to Know to
Select Power
Supply
Electrical Characteristics of a Load
• Current Draw In Amps
• Voltage Required
• Fail Safe / Fail Secure
76. ACCESS CONTROL HARDWARE
Switches are used to control a locking device
or to signal a monitoring device
Key Pad
Key Switch
Toggle Switch
Push Button
Stand Alone System
Access Control
System
77. ACCESS CONTROL HARDWARE
Switches are used to control a locking device
or to signal a monitoring device
Each switch has one movable contact, the POLE, and one or
more fixed contacts, the THROWS
Normally open
SWITCH SYMBOL
78. ACCESS CONTROL HARDWARE
Switches are used to control a locking device
or to signal a monitoring device
Each switch has one movable contact, the POLE, and one or
more fixed contacts, the THROWS
Normally closed
SWITCH SYMBOL
79. ACCESS CONTROL HARDWARE
Terminology
MAINTAINED MOMENTARY
CONTACT CONTACT
• A switch designed for • A spring loaded switch
applications requiring designed for applications
sustained contact; but with requiring constant contact;
provision for resetting when pressure is removed,
i.e., ordinary light switch reverts back to original
position
i.e., door bell
80. ACCESS CONTROL HARDWARE
Carries current through system
The more distance between the
power source and the load, a
heavier wire gauge is required
# 1 TROUBLESHOOTING PROBLEM
81. ACCESS CONTROL HARDWARE
Need to Know
Size of Conductor (Gauge)
Length of Conductor (Resistance)
The farther the load is from the power supply, the more
resistance is experienced; a heavier gauge wire is required
82. ACCESS CONTROL HARDWARE
MINIMUM WIRE GAUGE FOR 24V DC or AC
Distance in feet from Power Supply to Locking Device
25 50 100 150 200 250 300 400 500
0.25 18 18 18 18 18 18 18 18 16
0.50 18 18 18 18 16 16 16 14 14
0.75 18 18 18 18 16 16 14 14
A
M 1.00 18 18 18 16 16 14 14
P
S
1.50 18 18 18 16 16 14
2.00 18 18 16 16 14
2.50 18 18 16 14
3.00 18 16 14
3.50 18 16 14
83. ACCESS CONTROL HARDWARE
Elements of a System
HARDWARE SYSTEM
ONE LIST THREE WIRING
DIAGRAM
OPERATIONS
NARRATIVE
TWO ELEVATION
DRAWING FOUR
84. ACCESS CONTROL HARDWARE
REQUIREMENTS
1. 2. • Outside Operation
OPERATIONS HARDWARE • At Rest (while locked)
NARRATIVE LIST • Electrically Unlock
• Mechanically Unlock
• Power Failure
• LED’s
3. 4. • Inside Operation
ELEVATION WIRING
DRAWING DIAGRAM
85. ACCESS CONTROL HARDWARE
1. 2. 1. Power Supply
OPERATIONS HARDWARE 2. Key Pad
NARRATIVE LIST 3. Power Transfer
4. Electric Exit Device
3. 4.
ELEVATION WIRING
DRAWING DIAGRAM
86. ACCESS CONTROL HARDWARE
Power 120VAC input
Supply
1. 2.
OPERATIONS HARDWARE
NARRATIVE LIST
3. 4.
ELEVATION WIRING
DRAWING DIAGRAM
87. ACCESS CONTROL HARDWARE
1. 2.
OPERATIONS HARDWARE
NARRATIVE LIST
3. 4.
ELEVATION WIRING
DRAWING DIAGRAM
88. CHOICES
Making Hardware Selections
Based On Owner’s
Instructions
Cashier's Door from Drivers Lounge
Closed and Locked at all Times
Must Be Entered During Day Employees
Secretary To Remotely Unlock Door
Management Always Able To Enter
*
CASHIER DRIVERS
LOUNGE
89. EXAMPLE
1. OPERATIONS 2. HARDWARE
NARRATIVE LIST
Door is normally closed, latched and
secure from the outside. Depressing Load
the push switch will unlock the electric Electric Strike
strike to allow ingress. 712NFS 24VDC
Door will relock as soon as
push button returns to normal position. Switch
Push Button
Loss of power, the door will PB
remain locked. Power Supply
Enter by key at all times.
Transformer
Free egress from inside
TP-24-2
at all times.
90. EXAMPLE
Transformer GAGE AND NUMBER
24VAC output OF CONDUCTORS
3. ELEVATION TP-24-2 18 ga
TO 120VAC INPUT
RISER
DIAGRAM 18 ga
Rectifier
712NFS
Electric PB
Strike
91. EXAMPLE
4. WIRING
DIAGRAM
120VAC Pushbutton Locked
Un-
Transformer Locked
Electric Strike
PUSH
TO
EXIT
NC
C
Non-
polarized NO
+ -
Systems Wiring Diagram or
Point to Point Wiring Diagram
92. COMPONENTS & ELEMENTS
4 COMPONENTS
POWER LOAD SWITCH CONDUCTORS
SUPPLY
OPERATIONS HARDWARE ELEVATION WIRING
NARRATIVE LIST DRAWING DIAGRAM
4 ELEMENTS
94. Access Control Trends
Embedded Prox Technology
Monitoring Options
Request To Exit
Door Contact
Keyswitch Monitoring
Other options…
95. Convergence
Analog to IP (Security to IT)
Applications Convergence
Physical and Cyber
“Soon the security industry will move to systems in which there
are no analog or proprietary wired devices at all; where all
devices connect to the Ethernet infrastructure. The knowledge
of how to design efficient network systems and how to secure
those systems is paramount to successful security systems.
This is the future of security technology”
Thomas Norman, Protection Partners International
Integrated Security Systems Design
96. Threats of Converged Enterprise
Targets
Physical
Attack Physical
Security
Facilities People
Cyber Intrusion Identifies
Mode Valued Targets
of
Attack Physical Attacks
Against Cyber Media Computers
Information
Attack Information
Security Information $$$
97. Convergence Migration
Disparate Building Networks Intelligent Converged Environment
IP Communications
Fire Lighting
Physical Elevator
Security
Visitor 24 / 7
Access Monitor
Energy HVAC
WAN
98. Convergence Benefits
Benefits: Lighting
Safety and security
Elevator
Environmental sustainability
Services and Technologies
Occupant comfort 24/7 Monitor
Organizational flexibility
Streamlined operations HVAC
Reduced costs
Fire
Energy savings
Managed services
Video surveillance
Data mining
Process Measurement Access
Energy
100. Resources
Reduce security vulnerabilities in all types of facilities.
The industry's first-ever guide for exterior and interior
security features, NFPA 730: Guide for Premises Security
addresses security in all occupancies from residential
dwellings to large industrial complexes. Uniform guidelines
help you assess vulnerability and design appropriate security
plans.
Provisions describe construction, protection, and occupancy
features and practices intended to reduce security risks to
life and property.
Topics covered include:
General requirements and facility classifications
Security vulnerability assessment
Exterior security devices and systems
Physical security devices
Interior security systems
Security planning
Measures to control security vulnerabilities in educational,
healthcare, and other facilities
The Guide also addresses protocols for special events, and
the responsibilities of security personnel.
(Approx. 88 pp., 2006)
101. Resources
Ensure the quality and reliability of security system
installations
NFPA 731; Installation of Electronic Premises Security
Systems is the first Standard developed primarily to define the
means of signal initiation, transmission, notification, and
annunciation, as well as the levels of performance and the
reliability of electronic security systems.
Requirements cover every step of security equipment
installation, with provisions for the application, location,
performance, testing, and maintenance of physical security
systems and their components.
Detailed chapters are included for:
Intrusion detection systems
Electronic access control systems
Video surveillance systems
Holdup, duress, and ambush systems
Testing and inspection
Rules address the protected premises from the property line to
the interior of the premises. NFPA 731 also references or
incorporates provisions from applicable UL, SIA, and other
standards.
(Approx. 43 pp., 2006)
102. ETHICS IN SECURITY
Physical Security Professionals must
adhere to the Code of Professional
Responsibility, agreeing to:
• Perform professional duties in accordance with the law and
the highest moral principles.
• Observe the precepts of truthfulness, honesty, and
integrity.
• Be faithful, competent, and diligent in discharging their
professional duties.
• Safeguard confidential and privileged information and
exercise due care to prevent its improper disclosure.
• Not maliciously injure the professional reputation or
practice of colleagues, clients, or employees.