IP based Physical Access Control

Five reasons to adopt this technology now

  • By Dan O’Malley
  • Oct 01, 2011

Organizations of all sizes are migrating from analog to IP-based physical access control solutions, drawn by increased security, increased operational efficiency and better availability. The shift to IP reflects what’s already happened in voice communications and, more recently, in video surveillance.

Shifting physical access control from analog proprietary serial communications to IP provides five main benefits:

  • Protecting access control data;
  • Accelerating response to alarms;
  • Helping to ensure business continuance;
  • Streamlining operations; and
  • Lowering door cable costs.

Protecting access control data. Analog physical access control systems make it relatively easy for someone with a little knowledge and widely available tools to create a working card to impersonate an employee. Most card data is not encrypted, neither over the air nor from the reader to door-control panels. Someone who taps the link can read badge data.

A related issue is that most analog door controllers use the Wiegand protocol, which is one-way only from reader to door-control panel. That means the card reader can’t tell whether it’s connecting to a legitimate door-control panel or a snooping device.

IP physical access control systems use digital encryption technologies to help protect identity information, making physical access control systems less vulnerable to attacks.

For example, new IP-based controllers support a challenge-response function, a secure way to protect card data sent over the link. When you present your card for access, the card does not immediately turn over its data. Instead, it first authenticates to the system by sending a public key and listening for a signed response from the system. The system signs the credential and sends it back to the card. Only after receiving verification that the system at the other end of the connection is legitimate, not an imposter, does the card transmit its encrypted data to the reader.

New standards in access control interoperability will increase security and interoperability while driving down system costs. One is the Federal Information Processing Standards (FIPS) 201 for personal identity verification (PIV). FIPS 201 defines a back-end public key infrastructure (PKI) system to manage public keys and user identities through a certificate authority. Other standards include Physical Security Interoperability Alliance (PSIA) and the Open Network Video Interface Forum (ONVIF). Card-reader vendors, in turn, are moving toward adopting an encryption standard to protect data traveling over the wireless and wired interface.

Accelerating response to alarms by integrating with video surveillance and incident response systems. Traditionally, a security officer who received a forced-door alarm on door 47 would have had to turn to another console to view video feed, look up which camera monitored that door, and then spend valuable time finding the relevant alarm video. Meanwhile, an intruder could cause harm or flee the property.

The process is more efficient when the physical access control and video surveillance systems are tied together. Integrating physical security systems with IP video is far simpler than it is with analog systems because all servers and endpoints connect to the same network.

For example, suppose someone kicks in an exterior door. An IPbased access control system can transmit the forced-door alarm to the IP-based incident response system. Receipt of the alarm invokes predefined policies, such as sending an alert to a security officer’s preferred device—say, an iPhone—along with real-time video or video associated with the alarm. This saves valuable minutes compared with the old situation, where the guard had to weed through alarm screens and search for the right video cameras. In addition, instead of being tethered to the desk, security officers can receive alerts on mobile devices while patrolling the property, helping prevent crime or fear of crime.

The benefits multiply if you add an IP dispatch system. Multiple agencies or teams—physical safety, local police, human resources and others—can join a virtual talk group on any device, including desk phone, mobile phone or any type of radio.

Helping business keep going if the network goes down. If physical access control is essential to business continuity, the traditional physical access control system might be the weak link: If the proprietary network goes down, so does the ability to let authorized people in and keep others out. Business continuity is especially urgent for governments and critical infrastructure organizations such as energy plants.

IP physical access controls give you options to increase availability. For example, instead of placing the intelligence in a central server that connects to all of your doors over the WAN, you can place intelligence at the network edge. This helps the business keep going even if the WAN goes down because of hurricane, tsunami, power outage or another disaster.

This approach is used today by a gasoline distribution company in the Midwest. Truckers present their Transportation Worker Identification Credential (TWIC) to the badge reader, which sends a message to a local system that Chris Johnson is at Gate 2, for example. Then the local gateway sends a URL action to the local system, which sends a work order to the card reader display, such as “Chris Johnson—Fill up on Pump 47.” The benefit to the company is faster truck dispatching, plus increased worker productivity because workers don’t need to wait around for orders.

In general, URL actions are a simple, effective way to integrate disparate systems because they do not require complex programming.

For even higher availability, implement redundant physical access control management servers, either one of which can take over if the other fails. The servers share a common IP address and are continuously synchronized. This practice is much cleaner than implementing tiered databases—for example, at the local, regional and national levels.

Streamlining operations by integrating with the IT or HR database. Many organizations separately maintain databases for network access, HR records and physical access control. The drawbacks are data duplication and redundant processes. Separately maintaining the database used for employee access control also can create an unsafe situation if terminated employees or vendors with limited-time access are not promptly removed from the system.

With an IP-based physical access control system, changes made to your central Microsoft Active Directory or SQL databases can be automatically propagated to the access control system.

Here, too, IP gives you choices. One option is to implement oneway communication between the central database and door gateways. The other is using a Web Services API. A public university in the South uses a Web Services API to allow building administrators to set their own lock schedules on a webpage. The API also is useful for organizations that give out large numbers of one-day visitor badges.

Lowering door costs. Traditional physical access control systems require bringing power to each door reader and lock. Some IP gateway readers, door locks and readers can receive PoE from network switches over standard Cat-5 or Cat-6 cabling. This can reduce installation costs by up to several hundred dollars per door.

A single unified physical infrastructure and managed cabling system can also increase availability, because you can use commercially available uninterruptible power supplies for backup power. The central UPS eliminates the need to install batteries by each door.

The right IP-based physical access control system can reduce risk and help the business continue to operate in the event of a disaster. Look for a solution that:

  • Encrypts credentials and identity in the server, over the air and over the wire;
  • Unifies your security system with IP video surveillance and IP incident response systems;
  • Provides high availability, both at the edge and on the network;
  • Integrates the network edge with local systems, using URL actions;
  • Takes advantage of your existing IP network with networked controllers and a common database;
  • Reduces door cabling costs by connecting to Cat-5/Cat-6 cabling; and
  • Supports network power such as PoE.

This article originally appeared in the October 2011 issue of Security Today.

Featured

  • Gun Violence Report Finds Retail Spaces, K-12 Schools Most Targeted

    ZeroEyes, the creators of the only AI-based gun detection video analytics platform that holds the U.S. Department of Homeland Security SAFETY Act Designation, today announced the release of its annual Gun Violence Report, offering a deep dive into the landscape of gun-related incidents across the United States. This analysis extends beyond mass fatality events, providing a more nuanced understanding of when, where, and why shootings occur. Read Now

  • Agentic AI Will Revolutionize Cybercrime in 2025 According to New Report

    Malwarebytes, a provider in real-time cyber protection, recently released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year’s most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them. Read Now

  • ESX 2025 Announces Expanded Schedule of Events

    ESX has announced its dynamic 2025 schedule, set to provide an unparalleled experience for professionals in the electronic security and life safety industry. Taking place June 16-19 at the Cobb Galleria Centre, this year’s event features an expanded lineup of educational sessions, hands-on workshops, inspiring main stage speakers, networking opportunities, and an engaging expo floor showcasing the latest technology. Read Now

  • City of New Orleans Launches NOLA Ready Public Safety App Before Super Bowl

    The City of New Orleans Office of Homeland Security and Emergency Preparedness (NOHSEP) is pleased to announce the official launch of the NOLA Ready Public Safety App, powered by Motorola Solutions. This new mobile application is designed to enhance public safety and emergency preparedness for both residents and visitors. All individuals planning to attend major events in New Orleans, including the Super Bowl, Mardi Gras, and other large gatherings, are encouraged to download the app. Read Now

Most   Popular

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.