Or swipe the card and get a Pepsi, burger and sweet potato fries.
Electronic access control systems, around since the Rusco days and before, have come a long way since the time of minicomputers, twisted wires (the Wiegand Effect) from an auto part maker and Swiss cheese-like IDs called Vingcards, whose holes would open a hotel room door.
Today, cards and biometrics provide access to enterprise computer networks, turn on office lights, operate vending machines, authenticate first responders at disaster sites, pay for meals and much more. The real estate in a card or biometrics device can provide multiple applications beyond security, and without additional investment. And, in another security step, organizations now integrate card access with security video.
Colleges and universities are among places where enterprise security leaders are squeezing more out of electronic access control.
Take, for example, the University of Georgia, a pioneer in adopting security technology that goes beyond the typical. It started using two-dimensional hand geometry way back in 1972 and now combines a swipe ID card and biometrics.
Give the Card a Hand
When it was time to replace the school’s old hand readers a decade ago, the administration evaluated various biometrics technologies such as facial, hand, fingerprint, iris and signature devices. At that time, the University needed an access control system that was fast, easy to use and foolproof. To provide a safe, secure campus, the school wanted to verify students entering residence halls and athletic facilities and to limit dining hall access to students who paid for a meal plan. Ingersoll Rand Security Technologies’ Schlage HandKey hand reader was the answer. Today, there are 59 readers in active service on campus, used in the dining rooms, Ramsey Recreation Center and all residence halls.Bill McGee, manager, Bulldog Bucks office, Blackboard Transaction System, UGA card services, joined the University in 2007 coming from a similar position at Clemson, and inherited the biometric systems. “A biometric hand reader provides single point entry, a true ‘one to one’ match,” stresses McGee. “It calls for two types of verification, the person’s ID number and their hand. Importantly, the units can be calibrated to adjust the sensitivity of the hand reads. We want ours to be very accurate, assuring only the right person can enter. With more than 8.5 million transactions per year, we’re proving that that hand readers are durable.”
The first hand readers were installed in the Bulldog’s food service area, championed by J. Michael Floyd, executive director of food services. Floyd even boasts a hand reader museum in the food service administration office where the different units used over the past 37 years are on display.
The dining plan is “all you can eat” for five or seven days. Students either swipe their card or input their student number and then lay their hands on the biometric reader. This versatility is one reason the system has a high level of acceptance among the students. More than 8,500 students and faculty use the hand readers in the food service halls creating more than 3.5 million transactions per year.
Based on success in the food service area, the University then installed a similar system to control access to the Ramsey Center. More than 46,000 individuals on the center’s membership list now use the access control approach to enter the facility, creating 2.8 million transactions per year. The number of users at the center is high because Bulldog students, their relatives, faculty, staff and alumni can all use the facility. At the facility, two outdoor style readers control the outer doors while standard hand readers inside the building control entry at the turnstiles.
Beyond the Door
After using magnetic stripe cards for years to enter its dormitories, the University decided to tighten up residence halls security by also incorporating hand readers and requiring students to first swipe their ID cards in a slot on the biometrics reader to enter their ID number and then have their hands scanned. “Housing basically has an electrified door system,” reports McGee. “Any door can be opened from the control desk or remote desks around campus. We also have cameras on the doors. By adding the hand reader, we go from an access control system to a security access system. We feel that this is an important attribute. By simply putting one hand reader at an entrance, an organization can turn that door into a security system in its simplest form at a low cost. “Our reads have a 99.9 percent success rate,” McGee attests. “In that rare instance that something goes wrong, guards can see the person via the surveillance system, check to see that they’re approved and manually override the lock.”
Ithaca, N.Y.-based CBORD specializes in campus ID card software for colleges and universities as well as healthcare facilities. The University of Virginia has worked with CBORD providing students and staff with a one-card solution. Virginia’s identification card has combined many features all on one card, including:
• Identification
• Library circulation privileges
• Building access
• Meal plans
• Student health facilities
• Access to recreational facilities
• Charge privileges at University bookstore locations
• Admission to athletic events
• University transit
• Access to student legal services
• Cavalier Advantage access to University services
This latter benefit is really helpful. Cavalier Advantage is an account on the student, faculty or staff ID card. It is activated once funds have been deposited with the University and conveniently eliminates the need to carry money on campus. Cavalier Advantage works as a declining-balance account on the ID card; funds must be available in the account for its use. When purchases are made, the balance decreases.
• Identification
• Library circulation privileges
• Building access
• Meal plans
• Student health facilities
• Access to recreational facilities
• Charge privileges at University bookstore locations
• Admission to athletic events
• University transit
• Access to student legal services
• Cavalier Advantage access to University services
This latter benefit is really helpful. Cavalier Advantage is an account on the student, faculty or staff ID card. It is activated once funds have been deposited with the University and conveniently eliminates the need to carry money on campus. Cavalier Advantage works as a declining-balance account on the ID card; funds must be available in the account for its use. When purchases are made, the balance decreases.
The evolution of the security card can even move farther away from door access.
Smart cards, with the ability to usually operate up to four applications including security, can easily expand systems but, according to Beth Thomas of Honeywell, they are mostly used today for certain segments such as government and military as well as the one-card fusion of physical and IT security.
Open Platform the Key
But, no matter the card, the key to going beyond security on an access card is having an open platform, adds Thomas. “You have to think about the platform, especially into the future.”The issue of interoperability is important for vendors, integrators as well as end users. The Physical Security Interoperability Alliance, as one standards organization, realizes the importance as enterprises transition to IP, according to Ian Johnston, PSIA supporter and from IQinVision.
On the card access control side, Tim Rohrbach of Monitor Dynamics sees value in open architecture mixing with custom solutions. While Rohrbach believes physical access control systems can handle debit accounts for school lunch programs and vehicle tracking needs, the coming together of physical and logical worlds is the biggest push at this time, especially through the Personal Identification Verification (PIV) interoperability specification.
Homeland Security Presidential Directive HSPD-12 requires that a Federal credential be secure and reliable. The National Institute of Standards and Technology published a standard for secure and reliable forms of identification, Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. The credential is for physical and logical access.
FIPS 201 has two parts: PIV I and PIV II. The requirements in PIV I support the control objectives and security requirements described in FIPS 201, including the standard background investigation required for all Federal employees and long-term contractors. The standards in PIV II support the technical interoperability requirements described in HSPD-12. PIV II specifies standards for implementing identity credentials on integrated circuit cards (i.e., smart cards) for use in a Federal system. Simply stated, FIPS 201 requires agencies to:
• Establish roles to facilitate identity proofing, information capture and storage, and card issuance and maintenance.
• Develop and implement a physical security and information security infrastructure to support these new credentials.
• Establish processes to support the implementation of a PIV program.
There are benefits in moving to PIV and PIV I for nongovernment users. In a security way, “the door opens and so does a network port” for the card holder, adds Rohrbach.
• Establish roles to facilitate identity proofing, information capture and storage, and card issuance and maintenance.
• Develop and implement a physical security and information security infrastructure to support these new credentials.
• Establish processes to support the implementation of a PIV program.
There are benefits in moving to PIV and PIV I for nongovernment users. In a security way, “the door opens and so does a network port” for the card holder, adds Rohrbach.
Patrick Maughan, director, risk and emergency management at The Ohio State University, Office of Student Life, equates card diversity with roles such as residences, transportation, recreation and other needs through BuckID, the campus identification card that also is multifunctional. The card creates security, convenience and revenue streams for computer use, printing needs and through myriad local merchants.
Stored value is growing beyond college and university applications.
There is a converged access control/stored value card system for a 1.1 million square foot building in Chicago with over four thousand occupants. The system allows employees to store value on accounts linked to their building access control smart cards, enabling them to make purchases in the building’s cafe, vending machines, and other retailers on-site.
Stored Value Part of the Card
According to the system’s developer, stored value cards offer some capabilities that credit cards do not. First, employees like the cards because they are convenient: employees can fund them automatically, and there are no interest charges like credit cards. And because they always have them with them at work, they are an easy method of payment. Companies like them also; some organizations’ benefits packages now include contributing to employees’ stored value cards each month. This is a boon to the organization for several reasons. First, it keeps employees on-site more during lunch hours, which increases productivity. This is well-documented, and best illustrated by the fact that a leading benefits consulting firm studied productivity of its own employees, and found that they spent far less time at lunch when they ate on-site. They opened a company-funded cafeteria at corporate headquarters, and saw productivity rise. Another benefit to the organization is that when the employee spends money on-site at retail operations owned by the company, the organization makes a profit on the sale, which can help fund the cost of the program.Circling back to security core applications, Charles Robey, former Central Bank of the South security director, points out that card access must respond differently in different locations within an organization. “It demands a diversified plan.” For example, a centralized operation center can house the entire banking operation, from the general customer service area to the restricted main cash vault and the restricted computer room. “In my case, various entry zones were programmed, according to the risk involved, along with the times of authorized entry. Along with programming the access cards, cards were also color coded, according to the risk, and doubled as ID cards that employees were required to display on their person.”
And when it comes to remote and sometimes unmanned facilities, access control may come in the form of security through wireless communications capabilities.
A case in point: After exploring and trying alternative solutions for two years, the Otay Water District of Spring Valley in Southern California selected and deployed a wireless mesh infrastructure solution for connecting diverse facilities. The system was designed and implemented by Sage Designs Inc., a local SCADA specialist.
“We’ve achieved real speeds in the 100 Mbps range using 802.11n technology,” says Bruce Trites, the district’s network engineer. “To date, we have rolled the wireless network out to more than 12 sites, creating a mesh point-to-multi-point design that has exceeded our expectations.”
Many of their more than 50 remote facilities, reservoirs, pump/hydro stations are in geographically isolated and non-densely populated areas. As a result, options for getting land method communications to these sites was cost prohibitive.
Otay Water’s goal was 30 Mbps plus to each of their sites, enough to handle SCADA security including video surveillance, and local Wi-Fi access at each site for operators and staff. “We recommended Firetide for this project,” points out Ken VandeVeer, Southern California sales manager of Sage Designs Inc. For Trites, it was throughput but also a matter of reducing the number of hours to visit various sites. “There were cameras out there, perimeterfence sensors” but wireless mesh made it more effective.
Access Controls, Other Systems Go IP
And subsystems can more easily talk among themselves. Earlier this year, at ISC West in Las Vegas, the Physical Security Interoperability Alliance (PSIA), a global consortium of physical security providers focused on promoting the interoperability of IP-enabled devices, showcased various PSIA-enabled products, including video surveillance, access control and intrusion detection. “PSIA continues to make significant strides in not only developing specifications but garnering additional support from all sectors of the industry,” says Robert Hile, the alliance’s chairman.Ian Johnston with IQinVision comments that there is a keen interest in the standards bodies and what they can deliver to enterprise security leaders and systems integrators. Danny Petkevich, vice chairman, PSIA, and director of Texas Instrument’s video and vision business unit, agrees. With so much IP-based security technology choices out there, it becomes a question of what you are comparing it all to, he says. And when it comes to video analytics, which can increase the effectiveness of electronic access controls, integration gets much more involved and flexibility becomes more important, according to Bob Cutting of ObjectVideo. Another PSIA participant, Pete Jankowski, adds that interoperability is all about communications among products and systems, no matter if it is card access or security video or intrusion detection.