15 September, 2008
Previously offline access systems move closer to online via virtual networks and WiFi
By Chris Corum, Executive Editor
Controlling access to buildings and dorms is an essential component of campus safety, but administrators face a constant struggle to balance security and cost. Standalone electric door locks offer a compromise that can deliver solid security at an affordable cost. In recent years, advances in these un-wired solutions have improved the functionality moving them closer to their wired counterparts.
For more than a decade, campuses have deployed ‘hotel-style,’ card reading locks on interior dorm, lab and office doors. Electronic key codes encoded in the ID card’s magnetic stripe controlled access to an approved door or grouping of doors.
In early implementations, most were standalone systems that required keyholder data to be loaded manually into a dedicated database. Over the years, providers worked to integrate the offline lock program into the broader campus security, housing and card systems.
Still, however, the un-wired attribute that made them desirable also left them vulnerable. The ability to change keys, cancel lost and stolen cards, or lock out an existing cardholder was cumbersome and often required personnel to physically visit each lock.
But all this is changing. Two different approaches are changing the way these standalone lock systems are deployed, and each is advancing the power of the product.
The first approach relies on the intelligence and storage capabilities of a contact or contactless smart card to create a virtual network among the offline readers. The second approach puts these standalone locks online via wireless networking.
The card as the network
In the case of the card-enabled or card-connected networks, the ID credential itself serves as a virtual network updating the standalone locks with important information, such as individual usage history, newly cancelled card lists, and more.
Corestreet offers a card-connected solution that relies on contact or contactless smart cards and cryptographic keys to create a highly secure virtual network within an installation of standalone locks (see Card-connected access control, Re:ID Magazine, Summer 2008).
Other companies also rely on the card to transfer and spread key transaction and system data.
Chuck Hummitsch, regional business manager for Salto Systems, a Spanish company with U.S. headquarters in Atlanta, calls his company’s locking solution a “hybrid product that gives you ease of installation but the flexibility of a hard wired system.”
“Our locks are networked, stand-alone locks in which the main component of the network is the credential you’re carrying,” Hummitsch says. In Salto’s case, the credential is a standard contactless card, keyfob, sticker, wristband, cell phone or any other object into which a chip can be embedded. When you go to the lock, it actually talks back to the contactless card, and the card records information about the transaction, making the credential a two-way data transporter, he adds.
Instead of each door being wired to the network, so-called “hot-spots” are used to refresh the card information. Hot-spots look different. They’re basically wall readers situated in main access areas since they also work as time and attendance devices. “We recommend installing the hot-spots in high traffic areas such as parking entrances, main entrances and elevators,” says Hummitsch.
When you enter your parking lot, the hot-spot reader may be at the parking gate or the main entrance. When you present your card, your access privileges are updated and all your previous access history is also updated and transferred back to a main computer that generates up-to-date audit-trails,” says Hummitsch.
Not every door is a hot spot. Your office door may not be. But if you somehow bypassed the hot spot door on your way in, you may be unable to gain access to your office because the system won’t recognize that you’re there legitimately.
“It’s up to the end user as to how many hotspots are installed,” says Hummitsch. “A university will put them in places where there is consistent traffic flow.”
In cases of lost or stolen cards, once reported, that person’s card is locked out and immediately the hot-spots begin spreading the “cancel card message” to each and every one of the other users’ cards that are presented when accessing the premises. This is how the message is spread and that is why all main entrances and detrimental access areas require hot-spots.
The University of Hawaii, Hilo, which recently installed Salto’s offline door locks at its new recreation center, has 10 online hotspots. “The rest of the interior doors, probably 30 to 50 locks, are offline,” says Hummitsch. “We’re getting ready to do its pharmacy building which is going with another 10 hotspots and 80 interior door locks.”
One of the added benefits to the Salto system is that distance does not matter. “Let’s say you have a remote building, such as the University of Hawaii’s astronomy building which is on top of a mountain, put a standalone lock on the door and it can still be read,” says Hummitsch.
But these card-connected systems are not without drawbacks. Most of the current offerings rely on a contact or contactless smart card to power the virtual network. If the card is not already deployed on the campus, the added cost could negate the savings of the un-wired access control system.
“You are getting the ability to carry the authorization and maybe bring back some audit trail, but you lack the ability to get an alarm back from the door,” explains Bret Tobey, Intelligent Openings Business Development and Product Manager, Assa Abloy.
“Add a few hundred dollars and you can get the alarm back,” he adds, referring to the addition of wireless communication to the standalone lock.
WiFi replaces wires for standalone locks
The second new approach relies on the proliferation of wireless networks on campus to enable management of standalone locks in near real-time.
“One of the key advancements involves taking lock systems online via wireless,” says Dan Gretz, senior director of marketing at Blackboard. “Our clients appreciate the ability to deploy wireless locks much faster and maintain connectivity and control remotely.”
“This is a big trend and focus with our campuses,” says Taran Lent of campus card provider Cardsmith. “Schools want the best security solutions available and are not as concerned with saving money in this area. Schools want proven security solutions that are also leveraging new technology.”
Cardsmith has partnered with Ingersoll Rand to provide locking systems to the universities serviced by the campus card provider.
“Many of our clients were choosing Ingersoll based on their own research. Ingersoll has innovated and holds patents on wireless door locks,” says Cardsmith’s Lent. “IR uses online locks where it makes sense, offline where it makes sense.”
With main exterior doors it will be a wired or wireless lock but online and actively communicating with the system. Individual doors like dorm rooms would be offline, says Lent.
Blackboard’s Gretz reports, “Blackboard’s offering features Blackboard Wireless Door Access by Ingersoll Rand, and we also offer integration support for Persona, Best and Onity.”
Like the card-enabled locks described previously, wireless locks have some shortcomings as well. Wireless communication, and thus system operation, can be disrupted by normal or malicious causes. Power consumption for wireless operation is larger than for other standalone locks, so battery life is limited.
A comprehensive approach to security planning
“Because we have so many types of companies, we try to look at it as a mix and match to pick the best products and communication modes for the specific installation,” says Assa Abloy’s Tobey. The company owns numerous lock and security manufacturers including household names like Sargent and Yale.
“Customers don’t pick online or offline,” he states. “They mix the two and they look at how much they want to spend per opening … weighing that against what they need to get done.”
“I would never use a (wireless) radio on an exterior door,” he explains stressing that these locations should be hard wired to the security system. “In the lab or lounge inside, you may want a (wireless) radio lock, then at the residence hall doors you may want to go standalone without a radio. It depends on the unique needs of the campus and even the building.”
Campuses need to ask the questions:
- Do we need to get an alarm back from the door?
- Do we want to use our existing card?
- Do we need frequent communications or can we get by without it?
- Can we put up with proprietary infrastructure?
In the end it is usually a mix of products and communications that create the best solution.
“We often see systems from 5, 6, or 7 companies on a single campus,” says Tobey. “I don’t see this going away.”