This month’s column provides a change from the usual approach. Instead of asking a question of readers, I’m answering a question that has been asked of me by dozens of readers.
Strong IT security technology lets smart cards securely carry messages back and forth between a few hard-wired readers (for example, at building perimeter doors and high-security doors) and readers that have no wired or wireless connection. The security privileges of the cardholder (digitally signed by the access control system server) are written to the cards and securely carried to the non-networked readers, eliminating the need for the readers to store a database. The privilege records expire daily (or at whatever interval you set), so there is no need for a long list of revoked cards at the reader either. A small “hot list” of the current day’s revocations is written to cards and carried to the readers by the cardholder access activity. The “access denied” and “access granted” messages are written to multiple cards, to ensure they get carried back to a hard-wired reader by normal cardholder activity.
The technology was introduced at ISC West in the new E-Plex® 5900 Card-Connected Electronic Lock from Kaba Access Control. Unlike other standalone door locks, the architecture of the Card-Connected technology enables central management of the non-networked readers, for example, through the Lenel OnGuard system.
There is no change to the management of the cardholder database, which means no walking around with a PDA to update reader data. This drastically reduces the Total Cost of Ownership for a Card-Connected reader compared to a typical reader that requires wiring through a network to an access control panel. Installation can be accomplished in about 1/3 of the time required for a standard reader. Thus the per-door cost of security is significantly lowered. This allows access control to be affordably extended to many more locations (especially remote locations with no network connectivity) and many new types of assets (such as supply and tool bins, and mobile assets). Fingerprint biometric access is fully supported by the technology.
A breakthrough aspect of the technology—and one that requires a stretch in thinking—is that it fully supports many complex access control situations that traditional readers can’t support. For example, a reader can be registered to work with more than one access control system. What use is that? Consider an airport security example.
When an airplane lands in Chicago, its readers can now operate as part of the access control systems of the Chicago airport and the airline, as well as the food supply company. Each organization determines which of its employees can access the plane and its food storage, just as is done now. Only with Card-Connected access control, each organization can have a complete record of who accessed the plane and its internal access points. When the plane lands at the next airport, the reader becomes a part of that airport’s access control systems. The access decisions (independently made by each organization) can remain the same, with the added security of having technology securely control and report the access. This can all be accomplished by traditional access control systems that are enabled for Card-Connected technology.
The same scenario can be applied to mobile vehicles that operate on air fields or oil fields — anywhere that multiple companies operate and security is a concern.
The convergence aspect is that information technology is making the Card-Connected operation possible. Ironically, opposite to most security industry convergence initiatives, it is eliminating the need for IP connectivity for most Card-Connected readers