IP based Physical Access Control -- Security Today

IP based Physical Access Control

Five reasons to adopt this technology now

By Dan O’Malley
Oct 01, 2011

Organizations of all sizes are migrating from analog to IP-based physical access control solutions, drawn by increased security, increased operational efficiency and better availability. The shift to IP reflects what’s already happened in voice communications and, more recently, in video surveillance.

Shifting physical access control from analog proprietary serial communications to IP provides five main benefits:

Protecting access control data;
Accelerating response to alarms;
Helping to ensure business continuance;
Streamlining operations; and
Lowering door cable costs.

Protecting access control data. Analog physical access control systems make it relatively easy for someone with a little knowledge and widely available tools to create a working card to impersonate an employee. Most card data is not encrypted, neither over the air nor from the reader to door-control panels. Someone who taps the link can read badge data.

A related issue is that most analog door controllers use the Wiegand protocol, which is one-way only from reader to door-control panel. That means the card reader can’t tell whether it’s connecting to a legitimate door-control panel or a snooping device.

IP physical access control systems use digital encryption technologies to help protect identity information, making physical access control systems less vulnerable to attacks.

For example, new IP-based controllers support a challenge-response function, a secure way to protect card data sent over the link. When you present your card for access, the card does not immediately turn over its data. Instead, it first authenticates to the system by sending a public key and listening for a signed response from the system. The system signs the credential and sends it back to the card. Only after receiving verification that the system at the other end of the connection is legitimate, not an imposter, does the card transmit its encrypted data to the reader.

New standards in access control interoperability will increase security and interoperability while driving down system costs. One is the Federal Information Processing Standards (FIPS) 201 for personal identity verification (PIV). FIPS 201 defines a back-end public key infrastructure (PKI) system to manage public keys and user identities through a certificate authority. Other standards include Physical Security Interoperability Alliance (PSIA) and the Open Network Video Interface Forum (ONVIF). Card-reader vendors, in turn, are moving toward adopting an encryption standard to protect data traveling over the wireless and wired interface.

Accelerating response to alarms by integrating with video surveillance and incident response systems. Traditionally, a security officer who received a forced-door alarm on door 47 would have had to turn to another console to view video feed, look up which camera monitored that door, and then spend valuable time finding the relevant alarm video. Meanwhile, an intruder could cause harm or flee the property.

The process is more efficient when the physical access control and video surveillance systems are tied together. Integrating physical security systems with IP video is far simpler than it is with analog systems because all servers and endpoints connect to the same network.

For example, suppose someone kicks in an exterior door. An IPbased access control system can transmit the forced-door alarm to the IP-based incident response system. Receipt of the alarm invokes predefined policies, such as sending an alert to a security officer’s preferred device—say, an iPhone—along with real-time video or video associated with the alarm. This saves valuable minutes compared with the old situation, where the guard had to weed through alarm screens and search for the right video cameras. In addition, instead of being tethered to the desk, security officers can receive alerts on mobile devices while patrolling the property, helping prevent crime or fear of crime.

The benefits multiply if you add an IP dispatch system. Multiple agencies or teams—physical safety, local police, human resources and others—can join a virtual talk group on any device, including desk phone, mobile phone or any type of radio.

Helping business keep going if the network goes down. If physical access control is essential to business continuity, the traditional physical access control system might be the weak link: If the proprietary network goes down, so does the ability to let authorized people in and keep others out. Business continuity is especially urgent for governments and critical infrastructure organizations such as energy plants.

IP physical access controls give you options to increase availability. For example, instead of placing the intelligence in a central server that connects to all of your doors over the WAN, you can place intelligence at the network edge. This helps the business keep going even if the WAN goes down because of hurricane, tsunami, power outage or another disaster.

This approach is used today by a gasoline distribution company in the Midwest. Truckers present their Transportation Worker Identification Credential (TWIC) to the badge reader, which sends a message to a local system that Chris Johnson is at Gate 2, for example. Then the local gateway sends a URL action to the local system, which sends a work order to the card reader display, such as “Chris Johnson—Fill up on Pump 47.” The benefit to the company is faster truck dispatching, plus increased worker productivity because workers don’t need to wait around for orders.

In general, URL actions are a simple, effective way to integrate disparate systems because they do not require complex programming.

For even higher availability, implement redundant physical access control management servers, either one of which can take over if the other fails. The servers share a common IP address and are continuously synchronized. This practice is much cleaner than implementing tiered databases—for example, at the local, regional and national levels.

Streamlining operations by integrating with the IT or HR database. Many organizations separately maintain databases for network access, HR records and physical access control. The drawbacks are data duplication and redundant processes. Separately maintaining the database used for employee access control also can create an unsafe situation if terminated employees or vendors with limited-time access are not promptly removed from the system.

With an IP-based physical access control system, changes made to your central Microsoft Active Directory or SQL databases can be automatically propagated to the access control system.

Here, too, IP gives you choices. One option is to implement oneway communication between the central database and door gateways. The other is using a Web Services API. A public university in the South uses a Web Services API to allow building administrators to set their own lock schedules on a webpage. The API also is useful for organizations that give out large numbers of one-day visitor badges.

Lowering door costs. Traditional physical access control systems require bringing power to each door reader and lock. Some IP gateway readers, door locks and readers can receive PoE from network switches over standard Cat-5 or Cat-6 cabling. This can reduce installation costs by up to several hundred dollars per door.

A single unified physical infrastructure and managed cabling system can also increase availability, because you can use commercially available uninterruptible power supplies for backup power. The central UPS eliminates the need to install batteries by each door.

The right IP-based physical access control system can reduce risk and help the business continue to operate in the event of a disaster. Look for a solution that:

Encrypts credentials and identity in the server, over the air and over the wire;
Unifies your security system with IP video surveillance and IP incident response systems;
Provides high availability, both at the edge and on the network;
Integrates the network edge with local systems, using URL actions;
Takes advantage of your existing IP network with networked controllers and a common database;
Reduces door cabling costs by connecting to Cat-5/Cat-6 cabling; and
Supports network power such as PoE.

This article originally appeared in the October 2011 issue of Security Today.

HID Signs Agreement to Acquire Calmell Group
07/10/2025
HID and ASSA ABLOY Recognized with Renowned Red Dot Award for Innovative Biometric eGate Design
07/09/2025
Security Industry Association Announces Program for 2025 AcceleRISE Conference
07/07/2025
SIA Opens Applications for 2025 Denis R. Hébert Identity Management Scholarship
07/07/2025
Honeywell Makes Strategic Tuck-in Acquisition of Li-ion Tamer
07/01/2025
Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025

Featured

Industry Embraces Mobile Access, Biometrics and AI

A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now
- Access Control
Sustainable Video Solution Delivered for Landmark City of London Office Development

An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now
- Facility Security
DHS to End ‘Shoes-Off’ Travel Policy

Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now
- Airport Security
AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now
- Government
Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now
- Video Surveillance

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.