Professional Documents
Culture Documents
Access Control System (AACS)
Access Control System (AACS)
Access Control System (AACS)
Electronics
Security System
CHAPTER 3: Access Control System
By Alexander L/mariam
alexander.Leakemariam@ftveti.edu.et
phone:-+251-910-68-55-68
Access Control Systems
38
Why Access Control?
39
Statistics
• Internal theft.
– Employee pilferage is $5-10
billion/year.
– An estimated 40% of business theft
involves employees.
– White collar crime is estimated at $44
billion/year.
• Workplace violence.
– 2 million employees victimized by
workplace violence each year.
Employee Theft
• How employees look at themselves:
– 21% - will never steal.
– 13% - will undoubtedly attempt theft.
– 66% - will steal if others are successful.
43
Access Control:
Passwords
Biometrics
Token devices
Memory cards
Smart cards
Cryptographic keys
Types of Common Physical Security
1. Password Authentication
2. Card (RFID/5MHz card)
3. Finger print
4. Retina Authenticating
Passwords
• A password is a string of characters that should be
different for each user and highly protected. It is
something that a subject knows and is the most
widely used authentication method in place today.
• The problem is that it is the most insecure
mechanism when compared to other authentication
technologies, because users and administrators do
not usually practice the necessary disciplines
required to provide a higher level of protection.
• Also, specialized utilities have been developed to
uncover passwords and compromise this type of
authentication method. The following is a list of best
practices that should be implemented and enforced as
part of a company-wide password policy:
• Passwords should have at least eight characters
(alphanumeric and symbols) and a combination of
upper- and lowercase.
• Users should not be able to reuse the same
passwords (password history).
• Systems should have a threshold (clipping level)
configured that limits the number of unsuccessful
logon attempts.
• An accurate audit log should be
maintained that includes information
about each logon attempt, which includes
date, time, user ID, and workstation.
• The password lifetime should be short
but practical.
• Passwords should not be shared.
• Passwords should not be easily guessable
nor should they be dictionary words.
• Passwords should never be stored in clear text;
• some type of encryption scheme, as in a one-way
hashing method, should be used to ensure that
passwords are not easily read.
• Servers that store passwords should have limited
physical and logical access and should be highly
protected.
• Some companies choose to use password
generators, which are software applications that
create complex passwords for users instead of
allowing them to come up with their own.
• Attacks on Passwords:- There are two
types of attacks that are commonly used
against passwords: dictionary and brute
force attacks.
Cognitive Password
• A cognitive password is based on fact or opinion
used as the secret code, which is usually easier for a
user to remember and is more difficult for an
attacker to uncover.
• The user goes through an enrollment process by
answering questions that typically deal with
personal experiences and the answers to these
questions are documented and used as cognitive
passwords when the user needs to authenticate
herself at a later time.
• For example, when Chrissy calls a help desk for the
first time,
• she is enrolled for proper
authentication by being asked the
following questions:
• What is your mother’s maiden
name?
• What is your dog’s name?
• What city were you born in?
• What is your favorite color?
When Chrissy calls back to get assistance from
the help desk at a later time, she is presented
with one or more of these questions to prove
her identity. Once the help desk person is
convinced of her identification, he can move
on to assisting Chrissy.
One-Time Password
• A one-time password is a set of characters
that can be used to prove a subject’s identity
one time and one time only.
• After the password is used, it is destroyed and
no longer acceptable for authentication.
• One-time passwords are usually generated and
supplied to the user via a handheld device with an
LCD display, referred to as token device.
• The user reads the password provided by the token
device and enters it, along with a username, into a
system for authentication purposes.
• The password is good for only that session and
when the user needs to authenticate again, another
password is dynamically created.
44
System Automation
45
Controller:
• The controller is the heart and brain of a
system. It interrogates the reader input
and grants or denies entry.
• It maintains audit trails. Controls
automated relays (scheduled lock/unlock).
Basics of Access control
• Relay Concept
• A relay is an electromagnetic switch operated by a relatively small electric current
that can turn on or off a much larger electric current. The heart of a relay is an
electromagnet (a coil of wire that becomes a temporary magnet when electricity
flows through it). You can think of a relay as a kind of electric lever: switch it on with
a tiny current and it switches on ("leverages") another appliance using a much bigger
current. Why is that useful? As the name suggests, many sensors are incredibly
sensitive pieces of electronic equipment and produce only small electric currents.
But often we need them to drive bigger pieces of apparatus that use bigger currents.
Relays bridge the gap, making it possible for small currents to activate larger ones.
That means relays can work either as switches (turning things on and off) or as
amplifiers (converting small currents into larger ones).
NO is normally open i.e. the contacts are normally open and close when the switch is actuated. NC is normally
closed i.e. the contacts are normally closed and open when the switch is actuated. 1NO1NC is generally used to
describe contactors (industrial power relays) and manual switches like emergency stop buttons
Access Control Systems
Access control systems are the systems which provide secure access only to authorized persons in any facility.
Basic use of this can be seen as attendance providing systems incorporated in offices. The user credentials
are uploaded in the systems and then the identity is verified at the time of user entry by means of password
thumb impression or card readers.
• Wiegand-effect Card
• Proximity Card
First, Second, or Third
• Smart Card Layer of Defense
• Bar Code
Peripheral items for Access control
• Magnetic Locks
• An electromagnetic lock, magnetic lock, or maglock is a locking device that consists
of an electromagnet and an armature plate. There are two main types of electric
locking devices. Locking devices can be either "fail safe" or "fail secure". A fail-secure
locking device remains locked when power is lost. Fail-safe locking devices are
unlocked when de-energized. Direct pull electromagnetic locks are inherently fail-
safe. Typically the electromagnet portion of the lock is attached to the door frame
and a mating armature plate is attached to the door. The two components are in
contact when the door is closed. When the electromagnet is energized, a current
passing through the electromagnet creates a magnetic flux that causes the armature
plate to attract to the electromagnet, creating a locking action. Because the mating
area of the electromagnet and armature is relatively large, the force created by the
magnetic flux is strong enough to keep the door locked even under stress.
Door Contact
They're typically installed on doors, windows or drawers throughout the house. They have two pieces:
one installed on the door itself; the other installed next to it on the jamb. When the door is opened and
the pieces move apart, the sensor signals ‘open' to your security system
Coded Devices
• Coded Devices
• Credential Devices
• Biometric Devices
First or Second
Layer of Defense
Entry Control
47
Access Control Major Devices
• Access cards
• Access card reader
• Locking device
• Door position switch
• Exit device
• Controller
• Software
48
Access Control - Cards
49
Most Secure
Least Secure
Bar Code
Magenetic
Stripe
Wiegand
Proximit
y
Relative Security
Chip
Card Technologies
Technolo
gy
Biometric
s
50
Card Reader Technologies
TYPE Principal Advantages Disadvantages
Bar Code Series of thin and thick Excellent for job Easy to duplicate
lines forming a code costing and time and
that can be read by a attendance. Good for card reader
low cost cards and
many times as a second technology on a
dual- tech card
Magnetic Card that has data Dependable and
Subject to wear and
Stripe encoded on a magnetic inexpensive. User may easy to duplicate
strip placed on a plastic encode cards to further and/or copy
card reduce costs. Works
well in a dual-tech card
package with Photo ID.
Wiegand Card embedded with Easy to use, high in Limited number of
ferromagnetic wires to security and has a long site/facility codes and
form a unique code life.Can be used with card numbers available
Photo ID systems
51
Card Reader Technologies Cont…
TYPE Principal Advantages Disadvantages
52
Access Control - Readers
• Reader must match the card
technology
• Select best technology for
the application. Consider:
– Security
– User throughput
– Cost
– User acceptance
– Ease of use
– Weather resistance
– Mounting
53
Access Control - Readers
• Reader ID technologies fall into
3 groups
– Knowledge based
• Use of pin’s and
keypads
– Possession based
• Card has
information
– Biometric based
• Hand geometry
• Fingerprint
• Retina scan
• Voice verification
• Handwriting
Access Control – Locking Device
Door configurations
determine type and style
of lock
– Magnetic lock
– Electric lock
– Shear lock
– Throw bolt or plunger
• Door prop
– A valid entry or exit request
followed by failure to re-secure
the door during allotted time
56
Access Control – Egress Device (RQE)
Function is to unlock door
and to momentarily mask
door position switch.
Numerous styles and
function.
– Push button.
– Exit bars.
– Motion detectors.
58
Access Control - Software
59
Access Control – Code Compliance
60
Access Control – Wiring Standards
• Follow manufacturer’s guidelines
• Twisting prevents wire from acting as an antenna
• Shielding helps stop RFI and EMI from being given off and
absorbed
• For powered devices, wire size critical to proper operation
• Stranded wire is preferred type
• Do not install lock control wiring in same conduit as other
circuits
• Avoid running wires near lights and other devices that may
cause interference
• Determine if plenum or other special rated wire is required
61
The following are some of the systems that
are included in access control systems:
Proximity:
These control systems are installed at the entry of a facility with a door lock system connected to it. When an
authorised person tries to access the system by using any means of a security key, the system verifies the data
saved in it with the en tered key and allows the user to enter the premises.
The following image shows a proximity security system:
Time and attendance systems (TNA) are used to track and monitor when employees
start and stop work. A time and attendance system provides many benefits to
organizations as it enables an employer to have full control of their employees working
hours as it monitors late arrivals, early departures, time taken on breaks and
absenteeism [1]. It also helps to control labor costs by reducing over-payments, which are
often caused by paying employees for time that are not working, and eliminates
transcription error, interpretation error and intentional error. TNA systems are also
invaluable for ensuring compliance with labor regulations regarding proof of attendance.
All of these benefits provide both employer and employees with confidence in the
accuracy of their wage payments all while improving productivity.
Time Attendance machine
• Modern automated time and attendance systems like ClockIt simply require
employees to touch or swipe to identify themselves and record their working hours
as they enter or leave the work area. Originally this consisted of using a RFID
electronic tag or a barcode badge but these have been replaced by bio-metrics(vein
reader, hand geometry, fingerprint, or facial recognition), and touch screens devices.
Modern biometric TNA systems offer additional benefits[2] over traditional manual
systems which include
• Faster processing of employees as attendance can be recorded with just one
touch or a quick scan
• Fraud prevention by eliminating duplicate and fake registration
• Saves time as attendance can either be integrated directly with your payroll
system or it can produce a report that can be downloaded or printed
• Improves punctuality and reduces long breaks and absenteeism
Keypad
Keypads are a great way to let users interact with the project. It can use them to
navigate menus, enter passwords, and control games and robots.
• A series of switches that are systematically arranged to be able to provide a
range of data depending on their combined states
• 4x3 keypad – common arrangement used for keypads
• Membrane/casing format keypad are popular in installation fixtures for its
minimalist design and structure
• Beneath each key is a membrane switch. Each switch in a row is connected to the other
switches in the row by a conductive trace underneath the pad. Each switch in a column is
connected the same way – one side of the switch is connected to all of the other switches in
that column by a conductive trace. Each row and column is brought out to a single pin, for a
total of 8 pins on a 4X4 keypad:
Pressing a button closes the switch between a column and a row trace, allowing current
to flow between a column pin and a row pin.
The schematic for a 4X4 keypad shows how the rows and columns are connected:
Biometric Devices
• Fingerprints
• Hand Geometry
• Retinal Patterns