IP based Physical Access Control

Five reasons to adopt this technology now

  • By Dan O’Malley
  • Oct 01, 2011

Organizations of all sizes are migrating from analog to IP-based physical access control solutions, drawn by increased security, increased operational efficiency and better availability. The shift to IP reflects what’s already happened in voice communications and, more recently, in video surveillance.

Shifting physical access control from analog proprietary serial communications to IP provides five main benefits:

  • Protecting access control data;
  • Accelerating response to alarms;
  • Helping to ensure business continuance;
  • Streamlining operations; and
  • Lowering door cable costs.

Protecting access control data. Analog physical access control systems make it relatively easy for someone with a little knowledge and widely available tools to create a working card to impersonate an employee. Most card data is not encrypted, neither over the air nor from the reader to door-control panels. Someone who taps the link can read badge data.

A related issue is that most analog door controllers use the Wiegand protocol, which is one-way only from reader to door-control panel. That means the card reader can’t tell whether it’s connecting to a legitimate door-control panel or a snooping device.

IP physical access control systems use digital encryption technologies to help protect identity information, making physical access control systems less vulnerable to attacks.

For example, new IP-based controllers support a challenge-response function, a secure way to protect card data sent over the link. When you present your card for access, the card does not immediately turn over its data. Instead, it first authenticates to the system by sending a public key and listening for a signed response from the system. The system signs the credential and sends it back to the card. Only after receiving verification that the system at the other end of the connection is legitimate, not an imposter, does the card transmit its encrypted data to the reader.

New standards in access control interoperability will increase security and interoperability while driving down system costs. One is the Federal Information Processing Standards (FIPS) 201 for personal identity verification (PIV). FIPS 201 defines a back-end public key infrastructure (PKI) system to manage public keys and user identities through a certificate authority. Other standards include Physical Security Interoperability Alliance (PSIA) and the Open Network Video Interface Forum (ONVIF). Card-reader vendors, in turn, are moving toward adopting an encryption standard to protect data traveling over the wireless and wired interface.

Accelerating response to alarms by integrating with video surveillance and incident response systems. Traditionally, a security officer who received a forced-door alarm on door 47 would have had to turn to another console to view video feed, look up which camera monitored that door, and then spend valuable time finding the relevant alarm video. Meanwhile, an intruder could cause harm or flee the property.

The process is more efficient when the physical access control and video surveillance systems are tied together. Integrating physical security systems with IP video is far simpler than it is with analog systems because all servers and endpoints connect to the same network.

For example, suppose someone kicks in an exterior door. An IPbased access control system can transmit the forced-door alarm to the IP-based incident response system. Receipt of the alarm invokes predefined policies, such as sending an alert to a security officer’s preferred device—say, an iPhone—along with real-time video or video associated with the alarm. This saves valuable minutes compared with the old situation, where the guard had to weed through alarm screens and search for the right video cameras. In addition, instead of being tethered to the desk, security officers can receive alerts on mobile devices while patrolling the property, helping prevent crime or fear of crime.

The benefits multiply if you add an IP dispatch system. Multiple agencies or teams—physical safety, local police, human resources and others—can join a virtual talk group on any device, including desk phone, mobile phone or any type of radio.

Helping business keep going if the network goes down. If physical access control is essential to business continuity, the traditional physical access control system might be the weak link: If the proprietary network goes down, so does the ability to let authorized people in and keep others out. Business continuity is especially urgent for governments and critical infrastructure organizations such as energy plants.

IP physical access controls give you options to increase availability. For example, instead of placing the intelligence in a central server that connects to all of your doors over the WAN, you can place intelligence at the network edge. This helps the business keep going even if the WAN goes down because of hurricane, tsunami, power outage or another disaster.

This approach is used today by a gasoline distribution company in the Midwest. Truckers present their Transportation Worker Identification Credential (TWIC) to the badge reader, which sends a message to a local system that Chris Johnson is at Gate 2, for example. Then the local gateway sends a URL action to the local system, which sends a work order to the card reader display, such as “Chris Johnson—Fill up on Pump 47.” The benefit to the company is faster truck dispatching, plus increased worker productivity because workers don’t need to wait around for orders.

In general, URL actions are a simple, effective way to integrate disparate systems because they do not require complex programming.

For even higher availability, implement redundant physical access control management servers, either one of which can take over if the other fails. The servers share a common IP address and are continuously synchronized. This practice is much cleaner than implementing tiered databases—for example, at the local, regional and national levels.

Streamlining operations by integrating with the IT or HR database. Many organizations separately maintain databases for network access, HR records and physical access control. The drawbacks are data duplication and redundant processes. Separately maintaining the database used for employee access control also can create an unsafe situation if terminated employees or vendors with limited-time access are not promptly removed from the system.

With an IP-based physical access control system, changes made to your central Microsoft Active Directory or SQL databases can be automatically propagated to the access control system.

Here, too, IP gives you choices. One option is to implement oneway communication between the central database and door gateways. The other is using a Web Services API. A public university in the South uses a Web Services API to allow building administrators to set their own lock schedules on a webpage. The API also is useful for organizations that give out large numbers of one-day visitor badges.

Lowering door costs. Traditional physical access control systems require bringing power to each door reader and lock. Some IP gateway readers, door locks and readers can receive PoE from network switches over standard Cat-5 or Cat-6 cabling. This can reduce installation costs by up to several hundred dollars per door.

A single unified physical infrastructure and managed cabling system can also increase availability, because you can use commercially available uninterruptible power supplies for backup power. The central UPS eliminates the need to install batteries by each door.

The right IP-based physical access control system can reduce risk and help the business continue to operate in the event of a disaster. Look for a solution that:

  • Encrypts credentials and identity in the server, over the air and over the wire;
  • Unifies your security system with IP video surveillance and IP incident response systems;
  • Provides high availability, both at the edge and on the network;
  • Integrates the network edge with local systems, using URL actions;
  • Takes advantage of your existing IP network with networked controllers and a common database;
  • Reduces door cabling costs by connecting to Cat-5/Cat-6 cabling; and
  • Supports network power such as PoE.

This article originally appeared in the October 2011 issue of Security Today.

Featured

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

Most   Popular

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.