True versatility is a quality that all end users want to see in their access control systems, but is it really achievable? Brian Sims reviews some recent projects in both the private and public sector to find out.
Over the last decade or so, huge strides have been taken in the field of corporate access control. Nowadays, access to an entire organisation's many and varied satellite offices dotted all over the globe can be controlled by a central server communicating with a number of distributed panels. These are then used to control ingress and egress through doors, lifts and car parks by virtue of various types of well-developed reader technology.

The natural drive in product development has been to make the access control software as functionally rich as possible. Often described as multi-functional, the cards or badges used to open doors might also be deployed for computer access, cash transactions and personal identification.

In essence, system providers have focused on making the systems simple to use, certain in the knowledge that little end user training will be needed and that the systems devised will be able to manage entire enterprises. With the correct privileges, for example, a security guard can open and close the door to a bullion room from the other side of the world. Conversely, by altering certain parameters the workforce of an entire corporation might find themselves locked in or out.

When he was looking to source an access solution for financial services company the Halifax, Tony Ridley – the plc's manager of security services – wanted "operational advantages". He told SMT: "We wanted to be able to add and remove cards in an instant if they were lost, stolen or simply damaged."

As befits an organisation employing over 36,000 people and up to 4,000 subcontractors, security is at the top of the agenda (not least because of what the plc 'does for a living', of course). With maximum flexibility in mind, Tony Ridley specified a Public Access Terminals (PAT) system that would offer not only an access solution, but would also double-up on cashless vending and provide photo ID to boot.

"If you go for a contactless card solution," added Ridley, "you're obviously going to eliminate wear and tear on the cards. The great benefit, though, is that the system we chose involves the user having to hold the card virtually against the reader. With conventional proximity solutions, doors may be opened from much greater distances – a process that runs the risk of allowing unauthorised users to gain access to secure areas."

Using the PAT system has also enabled Ridley to grant access for certain members of staff in particular buildings or rooms. "Time dependency can be built in, and we've brought Girovend on board for cashless payment," said Ridley.

Machines located near the staff restaurant cash tills allow personnel to replenish their cards with credits. "Staff are now tending to take much greater care over their access cards," added Ridley. "Losses have been reduced significantly since we introduced cashless vending."

The system that Ridley has chosen – namely the Enterprise Security and Information (ESI) system – also boasts reporting functions with read outs of which doors, turnstiles and entrances have been used by particular members of staff at specific times. In turn, such information may then be used alongside CCTV footage as corroborative evidence in allegations of unlawful behaviour.

Access in the education sector
True versatility is a quality that all-too-few student ID and access control systems possess. Most of the packages that appear on the market are designed to be capable of working with solutions from the same developer and nothing else. Such an approach is flawed with, disadvantages in a number of situations (in particular wherever access control functions need to be integrated with existing legacy photo ID systems).

Exactly that situation faced the security team at South Bank University. The team was considering the addition of an access control solution to its current ID card production software. Having chosen an ESI system (with an eventual 18,000 issued cards), the completion of each phase of the scheme's development will see the installation of an additional 20 turnstiles. These will supplement those already located in the University's renowned Learning Resource Centre.

In use, mag-stripe readers at each turnstile are connected to the ESI for education software. This links to the University's own SQL database, dynamically retrieving information from the server on the status of each student. Any out-of-date cards cannot then gain access.

And it's here that the 'three tier' architecture PAT has developed for the ESI really comes into its own as far as the end user is concerned. ESI makes use of a link that requests selected information from the main University database. The software then deploys this information to enable individual cards to operate the appropriate access rights assigned to them. This process is fully automated, allowing ESI to be completely separated from the University's main database.

One benefit is that it's then virtually impossible for data to be corrupted or deleted, be it maliciously or inadvertently.

As most colleges and universities already have their own databases, of course, PAT provides these dynamic links that can interface with a variety of databases. In the case of South Bank University, an SQLv7 server was already installed courtesy of a third party organisation, and proved suitable for the task at hand.

Airport security: the access control dimension

In the aftermath and horrific once unthinkable events in New York and Washington, the public is now looking to the Government for reassurances over safety. Ultimately, however, the onus will fall on the individual security manager to review security measures per se. The responsibility for providing system solutions, on the other hand, will rest squarely on the shoulders of product designers and manufacturers. To this end, PAC International md Richie Herkes believes that effective access control systems can be used to heighten airport security. “Let’s face it, airports employ thousands of staff, all of them with different job descriptions,” said Herkes. “And all of them with different access requirements at different times of the day all year round. What the security manager desperately needs in that sort of environment is a failsafe means of identifying bona fide employees, keeping track of authorised personnel and barring access to restricted areas like airside.” Herkes asserts that Xiamen Gaogi Airport in China “would have been paralysed” if an access control system hadn’t been installed there. No less than 32 door controllers and more than 100 proximity readers are mounted at access points and linked to one dedicated central PC that runs the software for the entire system. Readers are situated in security-sensitive areas around the terminal to separate airside from passenger areas, for instance, and the baggage handling zones from various retail and catering points. To date, over 300 employees have been issued with proximity tokens. Herkes is adamant that smart cards are the way forward. “Civil liberty issues may well prevent Government calls for ID cards for the general public in the UK, at least in the short term,” stressed Herkes. “You could argue, though, that using smart cards for security purposes is one way that managers could help in gaining universal acceptance for a national ID scheme.” Food for thought for all you end users.