printer friendly version

Dispelling myths from the past

Gary Chalmers asks if the access control playing field has changed.

Access control has always been a key priority for business. Securing premises, people, possessions and property (the intellectual kind especially) is a non-negotiable requirement that companies overlook at their peril, a requirement around which an entire business sector has grown.

But has the playing field changed? Are the myths of the past holding back the solutions of the future, allowing unscrupulous market players to drive ageing products out to uneducated consumers? The answer to these questions, I believe, is a loud and resounding Yes.

Biometrics is a relatively new player on the security scene, and many people do not realise that the initial systems had significant weaknesses which, when combined with the legacy systems in place, resulted in today’s overly complex solutions.

Originally, security systems were designed around card-based readers, where the intelligence lay in the back-end controller. The better systems linked card readers to controllers in the ceiling which acted as a kind of digital doorman. Requests from readers are passed to the controller, which in turn passes these requests on to the server for verification. The server’s response is returned to the controller which, depending on the result received, would send the signal that releases the door. This meant that taking the card reader off the wall and trying to short circuit the cables had no effect whatsoever on the release of the door – you would need to have a ceiling breach in order to reach the cables that actually triggered the release signal.

When biometric readers first came onto the scene, their communication in a standalone mode was a direct, unsecured electrical pulse sent directly to the relay itself. The little-known yet terrifying flaw in this design is that you can bypass the average biometric device by removing it from the wall and shorting out the correct lines on the signal wire.

To avoid this situation, most security companies use biometric readers as nothing more than fancy card readers. Sitting behind the biometric reader is a connection to a controller in the ceiling, which still talks to a back-end, centralised system, and then sends a signal to the door to release based on the rules in its database.

The biometric reader is, in this case, a dumb terminal that resolves a fingerprint to an identity and sends a card number to the controller using a standard communication protocol called Wiegand.

The issue with this type of design is that it is mostly just smoke and mirrors: using old technology with a new front end to convince customers it is a modern solution. The result is a costly, highly complex solution which has multiple points of failure and requires high-value service level agreements and skilled personnel to maintain.

Modern solutions

With the advances in many biometric systems today, the need for this whole back-end system – and the separate door controllers – is completely redundant. Myth debunked.

Most modern readers have secure, encrypted communications to the relays while running the intelligence they need to deny or grant access internally, only using a back-end database for complex instructions when required. Many companies will tell you that not using a back-end controller means a lack of control, inability to do accurate anti-passback, and reduced security overall.

The truth, however, could not be further from this myth. All the features of the older systems are available with most of the new biometric systems, but without any of the additional overhead in terms of cost or maintenance. By removing the back-end system and the controllers from the equation, products are able to provide a significantly lower cost-per-door than the legacy systems, which is the true comparison a user should be making.

Many companies make the mistake of comparing one biometric reader’s price to another, without understanding that while the more intelligent readers may be similarly priced, or even more expensive than older technology, the overall cost per door is significantly reduced when you factor in the additional costs of the controllers and the back-end system on the legacy product.

Next generation biometric products offer simplicity over legacy systems, which translates to significant cost savings on purchase, support and maintenance of the system. In addition to this, the simplicity of use from an internal maintenance point of view results in system performance increases.

There is simply no reason anymore to tie an organisation into a single legacy system which has a limited life span, despite what the guys in the designer suits say.

Share this article:

Further reading: