+ Changes in the Building and Site Security Industry
We've all seen or used card readers near doors and tapped our proximity card to it and heard the familiar 'click' of the door hardware opening allowing us access. But do you know how that all happens?
When you present a proximity or contactless card to a card reader, the reader is already blasting out an initiation signal waiting for the right card to be induced with enough power from the card reader to excite the wires that are imbedded into the card. There is a read range that each card reader is capable of, which varies by manufacturer and model. The card has a small integrated circuit inside it that receives the initiation signal and induced power to then send a string of bits (26bit, 40bit, or 84bit) that is hard coded into the cards integrated circuit back out the same wires that are in the card and are then read by the card reader. This all happens almost instantaneously. What then happens is the string of bits from your card that have been transmitted to the card reader are then sent to an Access Control Panel (ACP) that is typically within a 500' distance limitation, the protocol of the cards string of bits. The ACP uses imbedded software to check if your string of bits matches that door's entry criteria (level of access, proper time of day,etc).
If you do not meet those criteria or there was an error in the string of bits being sent - maybe you were too quick when presenting the card- then the ACP logs the card number as a 'denied entry' and the door hardware does not open. If you do meet the criteria, then the ACP logs your entry 'access allowed' and then closes a Class C relay that is connected to a separate door hardware power supply (coordinated voltage and inrush current with the Architect's specified door hardware). The separate power supply is not a smart device. It either sees an open contact (denied entry) or closed (access granted). That power then is transferred to the door hardware or another relay that is connected to common (120VAC) power to activate the door lock to open. The tricky part is specifying the correct power supply voltage, AWG conductors, voltage drop of those conductors, and inrush current to power the door hardware.
So, what's new about all this?
One-word: Hacking. Sophisticated hackers are able to splice a Bluetooth or WiFi transmitter to the back of a card reader when no one might be looking and then they can read all of those strings of bits that are being sent of the Wiegand protocol to the ACP. The perpetrator then clones a card and can walk around your entire building/facility depending on the level of access for those cloned credentials.
What we are able to do now is use more sophisticated integrated circuits on the proximity cards (called smart cards) and use better card readers that use a sophisticated negotiation approach to getting the information off of the card and then encrypt the bits before they are sent to the ACP where they are decrypted and run through a similar process of checking whether or not you are 'access granted' or 'denied entry'. The encryption standard is called Open Supervised Device Protocol (OSDP) and requires a specialist on the installing teams crew who can work through the programming requirements that are not that easy. However, what's cool is this protocol or something very similar to the sophisticated negotiation between the reader and card is now happening at all of our contactless point of sales whether they be tapped to pay credit cards or our iWatch, iPhone, Google Wallet, etc. BUT buildings are lagging behind in rolling out these new card readers and smart cards (The entire OSDP system costs a lot more if you hadn't guessed). The point is that the legacy Weigand protocol is in approximately 80% of existing building's access control systems out there. and there aren't a lot of budgets to rip and replace systems that are currently working (but not secure) and upgrade all of their proxy cards to smart cards. I'll cut it off there since there a quite a few more rabbit holes I could go down, but I hope you now know how your access control works.
Randy Gruberman PE, RCDD, CxA
FL Southeast Market Leader/Low Voltage Service Leader