Maximum access control combines three types of identification

Aug 1, 1997 12:00 PM, G.F. BRYANT JR.

How to achieve the best access control available for a single point of entry, regardless of cost.

Q Without respect to cost, what is the most secure access system available for a single point of entry?

Lyle Sparks

Vintage Depot

A Decades ago, as far back as 1977, the National Bureau of Standards determined that three categories should be addressed for maximum controlled access. The three categories of identification basics are:

*Knowledge: something remembered like a coded number or procedure. A personal identification number (PIN) is an example of something remembered, as are passwords or biographical data.

*Possession: something carried like a token or card, such as magnetic stripe, proximity, Wiegand, smart/chip and laser. A PIN, in combination with a facility code, may be embedded into the credential. Holographic effects with encrypted information may also be embedded.

*Biometric: something inherent to the individual, such as physiological or behavioral traits. Some examples are voice, signature, eye and fingerprint. The traits are sometimes referred to as personal identification verifier or PIV. Dynamic PIV's include keystroke, gait and signature. A greater degree of security may be achieved by combining the categories.

Types of errors

Properly functioning access control equipment is still susceptible to two kinds of errors.

*Type I errors: a percentage of the time that authorized conditions are rejected. Typically a 1 percent error rate is expected, which may be complemented by various procedures, such as stationing a guard who could verify rejected personnel.

*Type II errors: a percentage of the time that unauthorized conditions are accepted. Typically, error rates of far less than 1 percent (+/- 0.001) are the norm. However, the potential exists for an unauthorized intruder to have access to a controlled area.

Imagine a facility with 1,000 people on a particular shift with multiple ingress and egress during the day, through a single access point. Calculating the potential for unauthorized access leads to a shocking realization - access control systems are not security systems; they are people management systems.

Access control was never designed to replace the secure functions of a stand-alone intrusion detection system. Normally, fully integrating or partially integrating with an intrusion detection system (IDS) from an access control system (ACS) may be more secure than compromising with one subsystem manufacturer. An exceptionally versatile access control manufacturer may not provide state-of-the-art intrusion detection, or vice versa.

With this in mind, combine the three categories for maximum results. A keypad (with each key position moving to a different location upon each activation) in conjunction with an embedded computer chip card reader and a biometric with a low type II error rate offers a fairly secure answer.

However, the throughput time necessary for each individual to present themselves, await confirmation, enter the area and reset for the next person is a major consideration. Initial amount of time required to enroll all personnel into each device is also a factor, not to mention the cost.

Once access control hardware has been decided upon, be sure to include industrial grade hardware at the portal. This includes a heavy-duty, high-traffic door strike. An opto-isolator may be beneficial to protect the electronic circuitry of the access control hardware. Interface the balanced magnetic contact, located at the door, into a high-security intrusion detection system and, if procedures are followed, chances are pretty good that access will be adequately controlled.

The column draws on the expertise of the World Institute for Security Enhancement (WISE), Greensboro, N.C., a non-profit organization offering education and consultation on safety, security, investigations and loss prevention. G.F. Bryant Jr. is executive director of the WISE and president/CEO of Bryant and Associates, Greensboro, N.C.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue