Tightening the Campus

Time for action calls for biometrics measures

  • By Caren Bachmann
  • Feb 01, 2011

The IT department at a large, campus-based organization had a minor disruption that could have turned into a major disaster. A new person on the cleaning company’s crew inadvertently spilled a bucket full of water and cleaning fluid in a telco closet that was being used for multiple purposes, and the liquid shorted out a vital piece of equipment. The accident was never reported, and it was only when services were disrupted that the IT department learned there was a problem.

The incident was a wake-up call for the IT department. Its staff realized that, had the spill been larger, it could have taken out systems for the entire building or even the entire campus. Or, even worse, the unsecured rooms could easily be sabotaged and vital data compromised. It was time for action.

The department went on a mission to improve the security of its numerous telecommunications rooms. These facilities housed IP-based networks, voice systems and other equipment needed for campus-wide communications, including some extremely sensitive, mission-critical equipment and research and development labs. The solution had to be flexible enough to cover facilities with a wide range of requirements, from minimal to high security, including video monitoring.

The new security solution had to accomplish two main goals: physical access control and environmental monitoring. After learning about a similar situation at another company, the IT department employed Black Box to provide the security solutions and expertise.

The first goal was to lock down physical access to the telecommunications rooms for traditional security reasons, as well as to protect the network from tampering by unauthorized staff. This included controlling and monitoring who had access to the rooms and restricting the ability of anyone to make unauthorized changes and inadvertently disrupt critical base communications.

The second goal was to have the ability to monitor the environment of the telecommunications rooms. The electronic components in the rooms are very sensitive to power disruption, as well as to excessive heat and humidity. Monitoring would alert staff to conditions that might interrupt communications. Included in the monitoring requirement was video surveillance of particularly sensitive data centers and research and development labs.

The solution for the dual goals of controlling physical access while also monitoring the environment in the rooms was to install an integrated biometric access and remote monitoring solution that included security cameras. The system operated and was managed across the IP network already in place on the campus.

Biometric Access Control
The integrated solution started with a networkable biometric access control system that used fingerprints as an identifier. Unlike a passcode or an RFID card, which may be borrowed, biometric access positively links access to a particular person, meeting the department’s requirements for high security for sensitive installations.

The system enabled legitimate users to gain quick access to secure areas. All they needed to do was to enter their PIN and place their finger on the reader.

Authentication took less than one second. If the fingerprint matched the template perfectly, the system unlocked the door and logged the date and time of entry. The system also could be programmed to allow entry with just a finger scan or just a PIN, enabling different degrees of security for more- or less-secure areas.

The biometric access control system selected consisted of two components: a reader unit and a controller unit. The reader unit was mounted on a wall next to the telecommunications room’s door; the controller unit was installed inside the room. The electronics for opening the secured door were in the controller inside the room, protected from hackers who could cut wires or spoof the signals to open the door. Proprietary encryption protects communications between the reader and the controller, further enhancing security. This two-part architecture was deemed to be more secure than other biometric solutions in which the electronics to open the door were actually mounted next to the door.

The system offered other security features, as well. The duress feature enabled a person forced to enter a room against his/her will to activate a silent alarm. The system also looked for life in the finger and rejected pictures or silicon imprints of a finger. In case of a power failure, battery backup provided up to eight hours of limited use. If the network failed, the system continued to operate normally because network communication was not required for fingerprint verification. The system saved all logging activity and uploaded it to a database once the network connection was restored.

Because of privacy concerns, the IT department required a biometric system that didn’t store actual fingerprints. The system selected operated by creating a multipoint schematic of a user’s biometric fingerprint profile, which it stored as a fingerprint template. Each time that user required access to a secure area, the template was matched to the live fingerprint. The system wasn’t designed to store fingerprint images, and the biometric template couldn’t be used to create an image of the original print.

The biometric access control system was fully manageable from a central location, providing a full audit trail with detailed entry logs to track where and when staff accessed telecommunications rooms. Additionally, a time-banding feature enabled staff to determine when people could be granted access to the rooms. The system also enabled staff and doors to be grouped together for management purposes. For example, members of a department could have access to some doors but not others.

Employees were easily added to the system or deleted in just a few seconds.

Remote Monitoring
The environmental monitoring system selected consisted of hubs installed in the telecommunications rooms. The hubs were linked through the network to a central location for auditing and monitoring purposes and supported a wide range of environmental sensors, dry contacts and even video cameras for surveillance.

Sensors connected to the hubs varied, depending on the requirements at each location. Temperature and humidity sensors ensured that the telecommunications rooms’ environments remained in the optimum range for delicate electronics. Some locations called for additional environmental monitoring and also had sensors for smoke, power disruption, airflow and water leaks. Hubs that supported dry contacts enabled the system to sense when doors to server cabinets had been opened and to report when doors were left open.

For additional security monitoring, the system included hubs that supported IP cameras as well as sensors. This enabled the addition of surveillance cameras, which could be integrated into the same system.

Cameras were placed outside secure rooms to record who approached and who tried to enter. Cameras also were installed inside the doorways of particularly sensitive locations. For versatility in camera installation, the system supported both high-resolution pan/tilt dome cameras and CCD cameras that provided clear, sharp pictures even in low light conditions.

Like the biometric access control system, the environmental monitoring system worked across the network and could be centrally managed. The system collected and graphed data and also could be configured to send alarms if telecommunications room conditions went out of range, endangering mission-critical equipment.

Bringing it All Together
To bring everything together into one cohesive unit, a single software application was used to manage, monitor, record and report data from all aspects of the system, including the biometric remote monitoring system, the environmental monitoring system and the security cameras.

The IT department now has a security system it can centrally control and monitor. Best of all, IT staff have multi-stage security at the telecommunications rooms, they can positively ID who enters, and they can monitor environmental variables such as temperature, humidity, motion, power and airflow.

This article originally appeared in the February 2011 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

Most   Popular

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.