Intelligent access and entry control

There are numerous options for designing access control (ACC) and access control (ACC). In order to be able to select the individually appropriate technology, intensity, scalability, the required user comfort and the desired cost-effectiveness, a comprehensive risk analysis is first required. The size of the property, the type of use, the number of people authorized to enter or access the property, the density of use, the value and need for protection of facilities, warehouses and specific operating areas, the local situation and the frequency of damage events and threat situations in the past, as well as corresponding police findings, must all be taken into account. A vulnerability analysis for the entire perimeter area is also necessary to rule out the possibility that the ZTK/ZFK can be circumvented. A security concept must define the protection goals to be achieved by the control system and the criteria according to which the control system and all its components are to be selected. The security concept must include all technical, structural and organizational security aspects and integrate the ZTK and ZFK functions into the operational process. To ensure that the ZTK and ZFK are accepted and supported by the employees, it is advisable to also involve the works council and the data protection officer.

Components of the ZTK

The ZTK must be secured by lockable doors and, depending on the need for protection, also by separation systems. The separation lock consists, if it is limited to the order function of the access in case of low security requirements, of a turnstile or a turnstile, in case of access to high security areas of push-pull locked doors, which prevent a simple passing through. In this case, the possibility of contacting a permanently manned control center by video and audio must be provided in front of and inside the lock, the interior must be video-monitored, and each lock door must be monitored for opening, locking, and breakthrough. The outer door of the lock must have the resistance quality RC3 according to EN 1627. The airlock system should be handicapped accessible and suitable for escape routes. In the case of electronic ZTK, wired wall readers are mostly used at the entrance doors, while doors at control points in the interior are usually equipped with wireless, battery-operated fittings. Data is transmitted either via a virtual network or via radio networking. The trend is toward wireless solutions. Here, Bluetooth is used as a universal interface. Further developments in the use of Bluetooth Low Energy are accelerating the trend toward mobile or virtual keys. This was also the result of a survey of security experts from several industries in Europe, presented in the study "Wireless Access Control Report 2021" by IFsec Global 400.

The electronic ZTK system eAccess from the Swiss company Glutz1 , for example, is installed without cabling, assigns access authorizations centrally via the software and networks the ZTK of several buildings and locations with each other via an online gateway. In a 2020 survey by HID Global and ASIS International, 57 percent called mobile access a "top trend" in ZTK, primarily because of the user convenience it provides. The personal, authorization and log data required for ZTK and generated during control must be encrypted in a central database. And data transmission during communication between the database and wall readers, as well as between the control hardware and the badges, must also be encrypted. RFID solutions with 13.56 MHz and AES 128-bit encryption are recommended for communication between the door components and the badges, so that data on the badge cannot be read by unauthorized persons. For ZTK to high-security areas such as data centers, research or development laboratories, and nuclear power plants, two-factor authentication should be used, i.e., identification by a biometric feature (facial recognition, palm veins, or fingerprint) in addition to authorization verification by card or smartphone. For example, the Swiss company TBS Biometric Systems offers contactless fingerprint readers, face scanners and iris scanners. High-security portals of the highest security level work with Stereovision, a recognition system embedded in the ceiling that analyzes shapes, size and volume in three dimensions thanks to the combination of optical sensors and infrared sensors and excludes light or reflection influences.2 The electromechanical locking on the server cabinets of the data center can be linked to the ZTK and the lock monitoring can also be coupled with an EMA.

Intelligent ZFK

Duplicity of entry barriers through gates or gates and authorization verification is also required for ZFK. Industrial gates should provide adequate breakthrough resistance to resistance class 4 and high closing speed. Retractable bollards prevent breaching of barriers or gates with an armored vehicle outside of access control hours. The IFC must record the vehicle's access authorization and the identity of the driver and any passengers in the vehicle. UltraHigh-Frequency (UHF) readers from the Stid company, for example, have a read range of up to 13 meters, so authorized vehicles and their crews can be checked smoothly.3 The ZFK with RFID uses transponders located on the vehicle for long-range detection. Wide-area readers are most useful where a high and fast flow of vehicles is desired. Simpler, but limited to the vehicle, is a ZFK with license plate recognition based on video analysis. When an unknown license plate is detected, an alarm recording is triggered. The driver can then be contacted via an intercom system.

Networking

The security value of the ZTK and ZFK is increased by integration into the higher-level hazard management system and by networking with other security and classification systems on the property. In the Physical Security Information Mangement System (PSIM), all data from such systems flow together. To avoid having to enter master data twice in a database of the enterprise resource planning (ERP) system and in the ZTK software, both systems should be synchronized. The visitor management system should be integrated so that the access authorization of suppliers and customers and external forces can be checked equally, including the specification and logging of the time duration and any specific local restriction on the authorization to stay. Working time control can be linked to the ZTK, as can a payment system for the use of the canteen. Integration of the ZTK into the classic building technology enables automatic switching on and off of lights and heating at the beginning and end of the use of premises. Elevator control can be combined with the ZTK. The released floors are defined in the access protocol of the card user. It also makes sense to network the ZTK with the escape route and evacuation system, so that in the event of an evacuation it can be determined how many people are in the property.

The ZFK can be linked to the parking management system so that a parking space can be automatically assigned to the incoming vehicle. It also makes sense to network it with the logistics system, in which the delivery and loading processes are documented. Increasingly, ZTK and ZFK and the associated IT infrastructure are being outsourced to a public or hybrid cloud. Market analyst Gartner predicts that the acceptance of identity management solutions provided as IDaaS (Identity Management as a Service) in the cloud will increase rapidly, initially especially among SMEs. The driver of this development is the increased scalability and security in the cloud. Such solutions offer the advantages of simple administration and the highest possible availability, location-independent access, professional data protection, high IT security and long-term cost-effectiveness. The costs are more clearly calculable than with on-premise solutions.

Industry-specific ZTK

The electronic ZTK and ZFK can take into account the special requirements of individual industries. In hotel operations, for example, the ZTK is linked to the elevator control system to ensure that each individual floor with guest rooms in the elevator can only be accessed by guests with access rights. In hotels in particular, it makes sense to link the ZTK with systems for escape route control and voice alarms to ensure that all hotel guests are warned and rescued in good time in the event of a fire. For ZTK in sports stadiums, the use of a facial recognition system linked to an image file of hooligans who have been banned from stadiums for aggressive behavior can identify such individuals when they attempt to violate the ban. For so-called coworking spaces, the ZTK can be integrated into the booking management system, giving users access rights to meeting rooms and access rights to work equipment. The Swiss coworking space provider Office Lab, for example, uses a central management tool for master data, bookings, access rights, contracts and payment.

The authentication process in higher education should cover as many student applications as possible, such as booking workstations in the library or using sports rooms. The cashier's room of a bank branch must be particularly well protected against robbery. A singling gate with integrated biometric access control system ensures that the singling gate door to the teller room only opens after successful personal identification. Hospitals are properties with a particularly high complexity of rooms that may only be entered by certain function holders, so the ZTK to these rooms must be geared to specific persons, function holders and shift times. In the ZTK, access to medicines stored under lock and key must be included in the record keeping. ZTK must also be particularly thorough in the food industry, for example. Only authorized persons are allowed on the respective premises. Critical areas are video-monitored. Delivery traffic must be documented in an audit-proof manner.

Conclusion

An intelligent and reliable ZTK and ZFK is indispensable for corporate security across all industries

Sources
1) Trade journal GIT Sicherheit, issue 5-2022, p. 22/23 2) Protector, issue 3-2022, p. 26/27 3) GIT Sicherheit, issue 5-2022, p. 28-30

This technical article appeared in the printed issue SicherheitsForum 4-2022. You want to read the articles of this issue? Then close right away here a subscription.