IP Access on the Way

Using IP networks for access control is just around the corner as new generation products and technology becomes available

You can expect access control systems to follow the same path as video. There are dramatic cost reductions available where network connections can replace conventional wiring. The vision looks a lot like today's IT systems. Today we have a network that connects to devices like printers, workstations, wireless communication points and even telephones, all of which just plug in. Picture an access system where the readers and door hardware plug into the network in the same fashion, and you can start to see the future.

Beyond just cost savings, the flexibility of the system is dramatically improved. No longer are you limited in terms of the technology that is out at the door. For example, imagine being able to take an existing door installation with an IP-based reader and add a biometric device to that door with no rewiring. "You could have a new reader that has a little micro camera on top with enough intelligence so that when you present your card, it looks at you, grabs the clearest, best image, and forwards that on with the access transaction. All that sort of stuff and more can happen, and the wiring never changes," said Chandler.

One new technology that promises to dramatically simplify installation and improve reliability is power over Ethernet technology, or POET. This new standard from the IT world allows you to send power to operate the door electronics down the same wire as the Ethernet signal, and it is already being used to power IP video cameras. Access control, however, is trickier, since the amount of power available with this technology is limited. Powering door electronics should not be an issue, but today's door locking hardware is too power-hungry to use POET alone.

The IT world brings us a number of other technologies that will make our systems simpler or safer. For example, dynamic IP addressing makes adding devices into the system a simple plug-and-play operation with none of the hassles or errors caused by having to set dipswitch settings. Simple network management protocol (SNMP) allows each device on the network to be monitored for standard maintenance and performance issues by software that IP already owns.

The result is that the security hardware becomes just one more network device being monitored by IT, which can look for such things as status, throughput, database information, memory use and up-time, and alarm if any of those parameters is outside of normal limits. Standard network encryption technologies such as AES and 3DES are widely available and proven. Encrypting the system from the card through the network to the database will produce a far more secure system than the industry has had in the past.

All these technologies have been standardized. This will be a major shift for the security industry, since it appears that devices will be relatively interchangeable. While the software will need to have drivers to accommodate all of these devices, gone will be the days when your investment in field hardware and field wiring precluded your ability to upgrade your system economically.

How Close Are We?
While everyone agrees we are on the road to a fully IP-based access system, the major manufacturers have yet to release first-generation product, although the buzz would have some announcements coming soon. Some of the newer players, such as Colorado-based ISONAS, have brought IP-based readers to market. "Our key premise is to eliminate the panel with a reader that is a network device. Wiegand is old technology," said Kenneth Butte, president of ISONAS. "Essentially, the cost per door of our system is, in many cases, a third of (the cost of) competing systems."

While widespread deployment may still be in the future, early adopters could be installing a fully IP-based system next year. "We are going to see this; it is going to happen," said Chandler. With the possible exception of low-powered door hardware, the technology required to build these products is available today in the IT world. The major manufacturers, however, will be required to leave their comfort zone of proprietary systems. By all accounts, that is what we are about to see.

And the Downside?
Here is where it really gets interesting. On the technical side, some would argue that there are risks in using a shared resource such as the corporate network for a mission-critical application such as physical security. "There are two camps of security directors; one that knows security systems run better and more effectively over the WAN, and then there is the camp that wants to control their own destiny," said Bill Jacobs, corporate senior manager for Security Technology and Systems, Cisco Systems.