The Changing Landscape

The Obsolescence of clock and data, and Wiegand

The security landscape is constantly evolving with new products and technologies. With the introduction of these new and improved technologies, it is inevitable that products which have existed within the industry for years may no longer be the go-to choice when it comes to selecting system equipment.

Readers and credentials are a perfect example. Because these pieces serve as a vital component of any access control solution, it is critical they offer the most up-to-date technology to achieve maximum security. The technology behind readers and credentials has changed dramatically over the years, and end users now have multiple options to choose from.

The History of Clock and Data, and Wiegand

In 1969, an engineer with IBM, Forrest Parry, had the idea of attaching a piece of magnetic tape, similar to that used to record data for computers, to a card to be used as an identifier. He became frustrated trying different types of adhesives, all of which deformed the magnetic tape. Venting his frustration to his wife while she was ironing, she suggested that he iron it on. It worked, and the American Banking Association (ABA) format, or Clock and Data, was born.

Next step in the evolution: John R. Wiegand was born in Germany in 1911 and came to the United States in the 1930s. He was interested in audio amplifiers and ventured into the world of engineering, where he eventually discovered and patented the Wiegand effect, a type of magnetic effect in specially designed wire that outputs voltage. It was initially thought that this would have applications in the automotive industry for ignition systems; however, it found its most popular application in the world of security in the early 1980s.

The Wiegand wires embedded inside of a plastic card were infinitely more durable than magnetic strip credentials, and only a limited amount of data needed to be stored, such as a facility code and a number. Thus was born the most common credential in the security industry: the 26-bit Wiegand. It consisted of two parity bits, eight bits of facility code and 16 bits of ID code for a total of 26 bits. Physical limitations on how close the Wiegand wires could be and still function, combined with the CR-80 card size, gave us the maximum amount of data that could reside on the card—37 bits.

Since the electrical standards for the readers was so widely adopted on access control panels, when better technology came along, the electrical aspect of Wiegand was retained. The problem is that both Wiegand and Clock and Data are one-way protocols; data flows out from the card reader, but nothing can be sent back. There is also no way to tell if the reader has been removed unless an auxiliary contact is installed, requiring another input point to be used to provide supervision of the reader. This means an added expense, so unless it has been carefully specified, it rarely happens.

Today, it is very likely that several existing access control readers could be torn off the wall and no one would know it until someone called in and reported the incident.

Alternative Options for Increased Security

In today’s evolving world, RS-485 protocol is almost universally available on all modern card readers and access control panels. This communication protocol is poll and respond, which means the reader doesn’t communicate until it is polled by the host panel, allowing the connected reader to be inherently supervised. If it becomes disconnected, then the system will report that it is “offline.” Virtually all modern ISO 14443A, 14443B or 15693 readers support RS-485. In addition to the fact that the readers are supervised, they are exponentially more secure than even the proximity cards, and in today’s world are no more costly.

Open Supervised Device Protocol (OSDP) is a communication standard recently adopted by the Security Industry Association (SIA) that far surpasses the outdated Wiegand technology and greatly improves interoperability between access control systems and supporting security products.

There are significant advantages of OSDP vs. Wiegand, a few of them being the ability for bi-directional communication between the reader and controller, longer read range and a simpler installation with less wiring involved.

Furthermore, Wiegand systems transfer information unencrypted, increasing the risk for sensitive data to be intercepted. With OSDP, the access control system creates a secure tunnel between itself and the reader to protect the data being transmitted. This technology is supported by manufacturers like Mercury Security and will likely become more and more common in the industry. If you are not currently using this updated technology, you may be needlessly compromising your system’s security. Similarly, if you are a systems sales professional and are not strongly encouraging your customers to implement it, you are doing them a great disservice.

This article originally appeared in the March 2018 issue of Security Today.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.