Moving intelligence to the door through IP-based access control reduces system failure points and streamlines system monitoring and management, writes Ranjit Nambiar
There are a number of important access control developments to watch. These include the latest Internet Protocol (IP)-based solutions, which are bringing intelligence to the door and even further to Near Field Communications (NFC)-enabled smartphones that, in the future, will also enable users to employ gestures as another factor of authentication.
IP-based solutions simplify operation, expansion and customization while enabling the physical access control system (PACS) to share the same network with other solutions and applications. Moving intelligence to the door through IP-based access control also reduces system failure points and streamlines system monitoring and management. Also, the open architecture of IP-based intelligent controllers makes it easier for users to enhance and modify the infrastructure when needed, since they are no longer tied to proprietary software.
As IP-based access control solutions grow in popularity, they will also be deployed using wireless locksets and NFC-enabled handsets. In the first deployment phase, NFC-enabled handsets will emulate traditional cards. Future solutions will leverage the phone’s own network connection and the cloud to move access control intelligence and decision-making right into the palm of one’s hand. Additionally, we will see new authentication factors that go beyond something the cardholder “has” (the card) to include a gesture-based version of something the cardholder “knows.” The latter factor has typically been a password or personal identification number, but tomorrow this could be a user-defined series of hand motions.
Moving to IP-based solutions
Most organizations today have installed security, access control, video surveillance incident response, perimeter detection and alarm monitoring systems. Despite their synergies, these are generally disparate and isolated systems that cannot easily share information, if at all. With IP-based solutions, there is the opportunity to create a single, integrated system that enables users reap more from their investments, while also realizing the benefits of one system with a single interface to multiple applications. Organizations can invest in a single, unified IP network, and logically control multiple technologies that previously co-existed only on a physical level.
The ability to combine physical and logical access control on the same credential improves user convenience and security while reducing deployment and operational costs. Plus, organizations can leverage their existing credential investment to seamlessly add logical access control for network log-on. The result is a fully interoperable, multi-layered security solution across company networks, systems and facilities. In this environment, organizations can enforce more consistent policies, while facilitating the use of consolidated audit logs throughout the enterprise.
While there had previously been concerns about the security of IP-based access control, the industry now realizes that IP-based access control actually improves security in many valuable ways. Organizations gain a more comprehensive view when video surveillance is integrated with access control. The ability to manage video management and analytics subsystems, intrusion devices and associated IP-based edge devices through a single user interface enables organizations to immediately combine and correlate all information, significantly enhancing situational awareness.
Building the right foundation
In order to seamlessly exchange information between previously disparate systems, organizations must build their IP-based access control solution on an open and scalable platform. Systems based on an open architecture also simplify expansion, customization and integration, since new technologies can be incorporated into existing architectures without requiring a software overhaul. The use of standards-based solutions also delivers the necessary flexibility to work with a variety of products and suppliers, and to customize solutions for specific needs.
The next requirement is modularity, which enables organizations to start with a lower-cost system that delivers entry-level benefits of networked security intelligence, and then add features as they need them. Earlier proprietary systems lock organizations into one system size and performance level. Much more effective is to use today’s advanced controllers, thin-client software, and IP connectivity to build a migration path with numerous affordable investment stepping stones, from traditional mechanical locks with no intelligence, to door solutions with full, IP-networked intelligence and functionality. As facilities expand or the organization encounters new demands, it should be possible to easily adapt solutions to support virtually any card/reader configuration that might be required – from controlling two or three doors with a few dozen card holders, to managing hundreds of doors across many different facilities with 100,000 card holders, or more.
To ensure the highest possible security, it is necessary to use a controller platform with fully trusted connections from host to controller to reader to credential. All reader/controllers and IO modules should also feature security capabilities such as an on-board encrypted Hi-O communication bus, as well as elements including 12/24VDC lock support, mounting options, and plug-and-play IO modules that extend IO at and behind the door.
Mobile solutions and gesture-based passwords
Wireless intelligent locksets and readers are already seeing growing adoption with the availability of new lower-cost, more energy-efficient products. We also are seeing the advent of mobile access control with NFC-enabled handsets that will enable users to carry credentials on phones, and these, too, will be used within the network environment. At first, these phones will simply behave like smart cards. Identity information will be communicated from the phone to a reader, and on to an existing access control system that makes the decision whether or not to unlock the door based on a pre-defined set of access rights. This model will provide a very safe and convenient way to provision, monitor and modify credential security parameters, issue temporary credentials and cancel lost or stolen credentials.
The next phase of mobile access control deployment, the smartphone will use its on-board intelligence and wireless connection to complete most of the tasks now performed by the access control system. With this model, mobile devices (rather than an access control system) become the access decision-makers, and doors (rather than cards) become the ID badges. This paradigm reversal, sometimes called duality, will change how the industry offers access control solutions. Organizations will no longer need intelligent readers connected to back-end servers through physical cabling – just stand-alone electronic locks that can recognize a mobile device’s encrypted “open” command and operate under a set of access rules. This will dramatically reduce access control deployment costs, and the industry will begin securing interior doors, filing cabinets, storage units and other areas where it has been prohibitively expensive to install a traditional wired infrastructure.
Gesture-based access control technology will make this access control environment even more convenient. With a simple user-defined gesture, individuals will be able to control a variety of RFID devices. By leveraging the phone’s built-in accelerometer feature, it will be possible to use both two- and three-dimensional gestures. Because the phone’s accelerometer senses movement and gravity, it can tell which way the screen is being held. This allows for a novel way of adding another authentication factor to the existing authentication scheme. For instance, a user could present the phone to a reader, rotate it 90 degrees to the right, and then return it to the original position in order for the credential inside the phone to be read, and for access to be granted.
Using a gesture as an authentication factor will increase speed, security and privacy, and make it much harder for a rogue device to surreptitiously steal the user’s credential in a “bump and clone” attack. Gestures will generally provide an additive capability for ID verification. They could be used to unlock apps, to lock and unlock doors as an alternative to mechanical keys. They also could be used by a person to secretly signal the system and security personnel when he or she is being forced to enter under duress. It will also be possible, and perhaps even desirable, to make gesture the only (single) authentication factor, although this likely would only be for access to areas within a building that have lower security requirements.
Access control continues to advance in security and convenience with developments including IP-based solutions, the ability to carry credentials on NFC-enabled smartphones, and the advent of convenient authentication factors including gesture-based “passwords.” IP-based access control simplifies system operation, expansion and customization, and enables the PACS to be integrated with many other solutions on the same network. As access control intelligence moves to the door, this also streamlines system monitoring, management and reporting, and as it moves to NFC-enabled smartphones, we will be able to secure far more doors electronically than was ever before possible, while taking advantage of convenience features including gesture-based control.
Ranjit Nambiar is Director, IAM, South Asia, HID Global.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]