Introduction to Electronic Access Control

What is electronic access control and its components?

Typical electronic access control systems installed at buildings where people live and work nowadays include access cards or key fobs as credentials, card readers to authenticate that the person has been granted access and an electronic controller. A standalone reader includes all components - the processor, the reader and the control in one unit.

Many benefits from electronic access ensue from its components. Depending on the components, electronic access control systems not only let people in, but can also keep track of who got in and designate access based on need. System components enable person and role identification, approve access and keep people accountable.

1. Electronic Access Control Point

Although a door is the most common access control point, access can be controlled at windows or cabinet doors, too. In fact, any physical barrier that can be electronically controlled can serve as an access point. Turnstiles, parking gates, elevators and double doors can all be used as access control point components.

2. Access Cards and Key Fobs

You have probably experienced getting through a restricted door, where you had to present a card or a fob, enter a PIN code, or have your identity confirmed by a security guard with video surveillance. Access cards or fob readers have replaced old mechanical systems, in which you need to either unlock a door to let a familiar face in, or manipulate a mechanical device or an electric switch to open a door.

cards
Smart cards can be integrated as an effective access control component

3. Keypads, Card Readers and Biometric Access Control

Electronic access card readers are usually placed near the main door frame of a building. They read the information in the credential and send it to the control panel for processing. If all is well (if the person does present verified credentials), the system lets them in.

If you work in high-risk areas, you might have experienced biometric access control, palm geometry or facial recognition tools that “read” your identity. These are seldom used in domestic and commercial buildings. In contrast, they are fairly popular at locations that require strict access control or double authentication.

A keypad requires you to share a passcode. A card reader grants access by placing the access card near the sensitive part of the reader. For biometric features, you need to have your eyes, your fingers or your palms authenticated.

4. Electronic Access Control Panel

The small computer that makes the decision of who gets in and who doesn’t is called an electronic access control panel. Often, it includes a standalone control panel unit. Advanced electronic access systems simulate a control panel from a desktop or a mobile app.

A magnet switch controls the doors. If you need to restrict both entry and exit from a building, you will need to install two separate readers.

Electronic access control panels contain programmable processors which can assign specific roles, as well as time and date windows to persons authorized to exercise certain roles. Typical example include handymen, nannies or construction workers who need to enter occasionally, as well as remote visiting colleagues and freelance professionals working in a shared office space.

Why should one choose electronic access control over other forms of access control?

The advantages of choosing electronic access control over other forms are based on its versatile functionality. Older access control systems do not provide comprehensive options for identification, authorization, approval and tracking. Needless to say, because of its limited potential to verify who, when and how was responsible for an unauthorized access, conventional access control systems are less secure and reliable.

Here are some of the challenges of former mechanical access control tools that electronic access control successfully solves:

1. Say Goodbye to Lost or Stolen Keys

It is so easy to lose a mechanical key. If you recollect the number of times you’ve panicked after not being able to immediately find your keys, then it is easy to picture the advantages of a code that is accessible only by you and no one else.

Electronic access systems with smart cards can disable a lost card from a central controller. Even better - when the control panel of the electronic access system is integrated into a mobile app, you won’t have to spend a minute without safety, as you always have your smartphone at hand.

2. Time and Role-Based Access

A key grants access to the holder, whoever it is, anytime. You may have given the key to the tenant, but it’s so easy to lend it to another person who wouldn’t be normally expected to have access to a shared building at all times.

From the dashboard of an electronic access control, you can have overview of specific times and dates a person can be let into the restricted area. A group of persons, such as repair workers can get access once a month, a babysitter can get in from 8 to 10 pm, and the cleaning company can be authorized to enter Tuesdays only.

For coworking spaces, users can be distributed into groups based on their membership. This simplifies the use of conference rooms, individual offices, laundry or kitchen use, as well as special equipment stored in limited access areas.

friends
Only friends can come in and you get to decide who gets in from your phone

3. Remote Access Control

Mechanical door lock cannot be controlled remotely. You need to either be present to notice a break-in or get a call from the police; not to mention the situations where you need to wake up in the middle of the night because a colleague in a rush has forgotten to lock the door or the need to assign security managers to multiple remote locations for your corporation.

None of these is pleasant. If you don’t use standalone units but opt-in for a network electronic access, you will solve all of these problems at once. With modern equipment integrated into the electronic access control systems, you can monitor, re-program and remove credentials from one central location.

4. Multiple Credentials

When a single credential is presented, the electronic access control system grants access. This makes it easy for intruders to copy or abuse the credentials in other ways. Multi-factor authentication, such as two-factor authentication granted only after you’ve entered a code on the keypad and had your finger scanned provides high-level safety in restricted environments.

5. Monitoring Reports

When someone tries to use a key in a lock and fails, you can never tell that the event happened, unless you catch them in the act. Someone can use a stolen key on several occasions, until the time is right or to get into a forbidden company area, thus causing damage more than once.

Since electronic access control systems record each transaction, you can keep an audit trail of all access attempts, and print out reports for specific areas, times and dates. When someone unauthorized gets in, you can react promptly by calling the law enforcement. The system can notify the police automatically or inform the person in charge of security that someone who isn't supposed to be in, is in.

Evaluating a system provider

Not all electronic access control providers use the same system, integrate all components or offer versatile contracts. Consequently, once you complete an initial risk assessment for the place you need to control, keep an eye on the following considerations:

  • Can you integrate the new electronic access control into the old one?
  • What are your business or residential needs - how many people and areas does the electronic access control need to serve?
  • Do you need to install expensive equipment or use web-based or mobile app solutions?
  • Does the software package include scheduled or random maintenance and a flexible contract?
  • Are there off-site and on-site software solutions on offer?
  • How easy is to keep track of the events?
  • Is the provider available to serve your business internationally?
  • How easy is to install and user-friendly is the electronic access control system?

Most advanced and customer-oriented electronic access businesses typically include highly scalable solutions, making it easy for the customers to feel safe, yet unencumbered with severe restrictions in an increasingly fast, connected and mobile world.

Kisi Products
Regain Full Control the Easy Way

Discover what makes Kisi the most advanced cloud access control solution.

Proximity Readers

Reading RFID, Bluetooth (BLE) or NFC formats connected through a data protocol directly to the access control panel.

proximity reader
HID multiCLASS

Other than understanding a reader, you'll also need to know more about the different types of key cards.

IP Readers

This is a more modern reader type which can be integrated into IT systems.

The Kisi IP reader is connected to PoE and not wired back to an access control panel.

Kisi's IP connected reader - reads secure cards, iOS and Android Apps - PoE based reader with Bluetooth and NFC functionality

Here are details about the four types of proximity readers in more depth:

Standalone proximity readers

Sometimes those readers are called "panel free" because they are fully installed ina decentralized way. Think about it like programming a PIN code for each individual person on each individual reader - it's a great option for very small "quick fix" kind of installations but will generally increase the complexity: You have to go to each and every reader to test and activate the card, you cant control access in real time but would need to deactivate the card on each reader. That's why they often come with PIN pads. 

Kisi's opinion: We don't see anyone using these readers, however they are still being recommended by local locksmiths and integrators. Stay away. 

Wireless proximity readers

Think about hotels - those readers you see on the locks are wireless readers. This means they are not wired to power (battery operated) and you don't have a wired data connection. Typically in the hallways you might see some small access points made by the same brand as the wireless readers - and sometimes the locks itself. That's how the locks connect to an online environment: Via RF (radio frequency) they communicate on a power saving protocol to this access point which is itself connected to the internet. That way you don't have to physically connect each lock but at the same time have real time updated information.

Kisi's opinion: If you don't have 50+ doors, don't even think about doing it. Someone has to update all the batteries in the locks. 

Proximity readers (prox readers)

Proximity readers or commonly called "prox readers" are the most frequently used type of reader in commercial environments. They are universally compatible with pretty much any access control systems, since they typically communicate on a protocol invented around 1974, named "Wiegand Protocol". Conforming to the lowest possible standard comes with the problem that each of those prox readers have been hacked and can be hacked by anyone who follows instructions. Here are some examples: Hack HIDCopy a prox ID card or the Wiegand vulnerability.

Kisi's opinion: Proximity readers are a great "default" for standard environments. However they lack more advanced options which allow for scaleability, security and future readiness.

IP readers (IP connected proximity readers)

Currently the most advanced version of readers - due to their IP connectivity, they can be fully integrated into IT environments. Also data traffic to and from those readers can be controlled and secured easier. Think about the installation similar to any CCTV camera. 

Kisi's opinion: Well we decided to build an IP reader but the reason why we did it is because it is what proximity readers are not: integrateable, future proof, manageable at scale and secure.

IP readers are great for security because there is no direct connection between the reader and the panel. That means the line can not be intercepted / tampered with since everything has to run through your firewall on the switches first before talking to the other device.

Here is an example of how Kisi's IP based Pro Reader is connected. Notice how there is no connection between the reader and the controller.

How do proximity readers work with other components

We get it, you are planning a fancy office, how to specify electric door hardware is the last item on your mental to do list. Always remember, if you’d like to be in a nice office like below, you will always have to unlock the door!

Fancy Office Space

That’s why a lot of construction and architecture companies ask us how to specify electric door hardware into their project. Mostly it also includes swipe card readers from Kisi. When thinking about how to specify electric door hardware it is important to think about more than just the reader. This might be the only visible part to the user). That is exactly the reason why we came up with this guide to make your life as easy as possible.

Some of the hardware products covered in this overview are:

  • Card readers / Proximity readers
  • Controllers
  • Magnetic and mortised locks
  • Doors
  • Safety devices

You can use this guide also to specify electric door hardware that is not manufactured by Kisi, such as HID readers. However keep in mind the vulnerabilities that exist in those products, see posts:

  1. How HID Keycard Can Easily Be Hacked
  2. Wiegand Protocol Vulnerability

Timing: When to specify electric door hardware

The best phase to start looking at this is when your construction company is start drafting the plans. Typically they need to indicate wiring or cable runs. Once the walls are closed you can still install all hardware, but cables need to be pulled when walls are open.

The other critical part is specifying the doors. It is paramount to not specify a sliding door because they mostly do not work with electric door hardware.

Here are the ideal construction related installation requirements for Kisi or electronic door hardware in general. If Kisi comes in to install with a newly constructed space and those requirements are not met we can not guarantee for meeting project deadlines.

Using the floor plan for planning access control

Typically the architect or engineering consultant draws a schematic of the wiring plan including wire runs, where they are dispatched to and any hardware installed. Here are some schematic basics you might want to include:

  1. ReaderMotion sensorPush to exit buttonLockWire

Door planning: In the past it helped many companies to visualize the plans with the specific picture of the existing door. Here is an example:

Overview of Access Control Devices

Specify electric door hardware (locks) to use for swipe card reader compatibility

Any wired lock like electric strike, wired mortise lock or electromagnetic lock should work and can be included in the construction scope. To understand the difference between smart locks and commercial grade access control systems you can look at this comparison, which includes use cases for conntected lock manufacturers like Kevo, Lockitron and August.

Whatever lock you end up choosing, one cable needs to be dispatched to the lock position. This cable will connect the door security hardware AND the motion sensor or push to exit (if required). That’s why we typically recommend to pull CAT5e or CAT6 cable compared to regular low voltage cable. 

We also have a wiring diagram ready in our installation guide. Generally you might look for wiring diagrams for electric door hardware which are included in the document.

Electric strike wiring diagram

Diagram Electric Strike

If it’s for a regular door, installed on the door frame next to the lock.

 

Magnetic lock wiring diagram

Magnetic Lock Diagram

If it’s for a glass door with magnetic locks, installed on top of the door.

Wired mortise lock wiring diagram

Electric strike diagram

If you’d like to avoid an electric strike and wire the cable through an electric hinge to the wired mortise lock that replaces the regular lock.

Advise on other locks advise

One note about sliding doors: They are NOT recommended. They look very elegant but are absolutely not usable with wired electronic locks.

Generally all locks are wired to a power source. Typically the power source is in the IT – or communications room. However if it’s a small one door installation you could also wire the lock to a power source close to the door. Keep in mind this shouldn’t be accessible for the regular user, otherwise you might end up with manual interference.

Now let’s spec the swipe card reader – or proximity reader

Tap to Unlock by Kisi

Kisi's state-of-the-art swipe card reader is our Pro Reader. For ease of understanding we stick with the industry standard “swipe card reader”.

The first question we typically get is about mounting specs.

Mounting specs of the reader device

A Kisi swipe card reader is on-wall mounted. The Kisi readers come with set screws to mount. The reader cable needs to be dispatched to the reader height next to the door 48” from the floor, with minimum distance of 10” from the door frame.

Wiring diagram for swipe card reader

The next question typically evolves around cables: The Kisi pro reader works best with a wired CAT5e or CAT6 cable pulls from the future position of the swipe card reader to the IT room. Which CAT cable it is doesn’t really matter for us, your cabling company might have preferences depending on quality and distance.

The reader must be installed outside the door on the same side of the door as the door handle. IE: door handle is to the left of the door, install reader to the left of door.

Do you already think “that’s a lot of cable going on here”? I’ve recently been in an office buildout construction site where we took this picture:

CAT6 Cable

That’s around 80 boxes of CAT6 cable. If you ever looked at the price of one box, you know might as well be a small luxury sports car standing around. It’s what it costs. Cabling is not cheap and it shouldn’t be the place where you save, because most likely you will never have a chance to change or edit the cable runs during the entire time of you staying in the office.

Important: The beginning and end of the cable have to be labelled with the door name, so there is no confusion as to which cable to choose.

Option: Front desk wire – Most companies prefer to have a hardwired unlock button at the front desk, so there needs to be a signal cable run to the front desk from the IT room.

Installing access control panels in server / IT room

Ideally Kisi controllers are mounted on a wall mount wood board at a height of 5 to 6 feet above the ground. There needs to be 2 power outlets for every one Kisi controller. 

All wiring must be secured to the wall with a stable gun or wire tie downs. Ideal compatibility is a drop ceiling.

The Pro Controller needs an ethernet CAT5e or CAT6 cable for data connectivity, a twisted pair power cable and enough space for running up to four door signal cables as well as alarm panels and if needed backup power. More details about this in the next paragraphs.

To give you an idea how a very large installation could look like:

Access Control Panel

Sorry to disappoint, typically it never looks that nice, but just keep it in mind as a goal to strive towards.

 

Power and functionality backup

Very confusing for construction planning to understand are typically the failover power backup systems. Our first advise is always to check if the building has a backup generator for power. That saves all the trouble.  Otherwise for emergency requirements you’d need a 24h backup battery spec’d for the amount of locks you have.

The typical backup battery brand recommendation would be Altronix.

For functionality backup a physical analog backup must be installed in form of manual key override or pin pad.

Connecting fire safety and fire alarm to access control

The fire safety system can be connected with Kisi via dry contacts normally open or normally closed. The fire vendor / architect has to specify emergency push bars where needed. A typical brand used for fire / emergency panels is Bosch.

Starting a new project?
Download our Physical Security Guide

Get the full guide and other great security content from Kisi. 

Download Guide
Kisi Physical Security Guide