When looking at how you actually unlock a door, it's typically through a wall or door-mounted reader. At first glance, all door access readers may seem the same. The main differences are how they connect to the access control system (either on-premise in the IT room, or through the cloud) via wireless or wired connection - or not at all. But another factor is power supply - either they are battery powered, low voltage connected, or "power over ethernet" (PoE) - more about that below.
In the end you can think of readers in four different categories:
- Standalone proximity readers
- Wireless proximity readers
- Proximity readers
- IP and PoE readers
Let's look at the reader types in more detail.
Reader Types
Standalone Proximity Readers
They are connected to power but have no data connection at all. They are typically installed by a local locksmith for a one-off type of installation scenario.
Standalone proximity readers do not have a central control panel.
Sometimes these readers are called "panel free" because they are fully installed in a decentralized way. Think about it like programming a PIN code for each individual person on each individual reader - it's a great option for very small "quick fix" kind of installations but will generally increase the complexity: You have to go to each and every reader to test and activate the card, you cannot control access in real time but would need to deactivate the card on each reader. That's why they often come with PIN pads.
Kisi's opinion: We don't see anyone using these readers, however they are still being recommended by local locksmiths and integrators. Stay away.
Wireless Proximity Readers
Used by hotels to avoid wiring all doors to a central location. They typically operate on battery power and are connected to a wireless repeater.
Think about hotels - those readers you see on the locks are wireless readers. This means they are not wired to power (battery operated) and you don't have a wired data connection. Typically in the hallways you might see some small access points made by the same brand as the wireless readers - and sometimes the locks itself. That's how the locks connect to an online environment: Via RF (radio frequency) they communicate on a power-saving protocol to this access point which is itself connected to the internet. That way you don't have to physically connect each lock but at the same time have real-time updated information.
Kisi's opinion: If you don't have 50+ doors, don't even think about doing it. Someone has to update all the batteries in the locks.
Proximity Readers
Reading RFID, Bluetooth (BLE) or NFC formats connected through a data protocol directly to the access control panel.
Proximity readers or commonly called "prox readers" are the most frequently used type of reader in commercial environments. They are universally compatible with pretty much any access control systems, since they typically communicate on a protocol invented around 1974, named "Wiegand Protocol". Conforming to the lowest possible standard comes with the problem that each of those prox readers have been hacked and can be hacked by anyone who follows instructions. Here are some examples: Hack HID, Copy a prox ID card or the Wiegand vulnerability.
Kisi's opinion: Proximity readers are a great "default" for standard environments. However they lack more advanced options which allow for scaleability, security and future readiness.
Other than understanding a reader, you'll also need to know more about the different types of key cards.
IP readers (IP-Connected Proximity Readers)
This is a more modern reader type which can be integrated into IT systems.
Here is an example of how Kisi's IP-based Pro Reader is connected. Notice how there is no connection between the reader and the controller.
Currently the most advanced version of readers - due to their IP connectivity, they can be fully integrated into IT environments. Also data traffic to and from those readers can be controlled and secured more easily. Think about the installation similar to any CCTV camera.
Kisi's opinion: Well we decided to build an IP reader because it is what proximity readers are not: integrateable, future proof, manageable at scale and secure.
IP readers are great for security because there is no direct connection between the reader and the panel. That means the line cannot be intercepted or tampered with since everything has to run through your firewall on the switches first before talking to the other device.
How do proximity readers work with other components?
We get it, you are planning a fancy office, how to specify electric door hardware is the last item on your mental to-do list. Always remember, if you’d like to be in a nice office (like the one below) you will always have to unlock the door!
That’s why a lot of construction and architecture companies ask us how to specify electric door hardware into their project. When thinking about how to specify electric door hardware it is important to think about more than just the reader. (This might be the only visible part to the user).
Some of the hardware products covered in this overview are:
- Card readers / Proximity readers
- Controllers
- Magnetic and mortised locks
- Doors
- Safety devices
You can use this guide also to specify electric door hardware that is not manufactured by Kisi, such as HID readers. However keep in mind the vulnerabilities that exist in those products, see posts:
Timing: When to specify electric door hardware
For a construction company, the best phase to start looking at this is when they start drafting the plans. Typically they need to indicate wiring or cable runs. Once the walls are closed you can still install all hardware, but cables need to be pulled when the walls are open.
The other critical part is specifying the doors. It is important to leave out sliding doors because they mostly do not work with electric door hardware.
At Kisi, we have strict requirements for certain building plans because improper construction specifications can definitely slow down an installation and we like to help construction teams meet their project deadlines. Here are the ideal construction-related installation requirements for Kisi or electronic door hardware in general:
Using the Floor Plan for Planning Access Control
Typically the architect or engineering consultant draws a schematic of the wiring plan including wire runs, where they are dispatched to and any hardware installed. Here are some schematic basics you might want to include:
- ReaderMotion sensorPush to exit buttonLockWire
Door planning: In the past it helped many companies to visualize the plans with the specific picture of the existing door. Here is an example:
Specify electric door hardware (locks) to use for swipe card reader compatibility
Any wired lock like electric strike, wired mortise lock or electromagnetic lock should work and can be included in the construction scope. To understand the difference between smart locks and commercial grade access control systems you can look at this comparison, which includes use cases for connected lock manufacturers like Kevo, Lockitron and August.
Whatever lock you end up choosing, one cable needs to be dispatched to the lock position. This cable will connect the door security hardware AND the motion sensor or push to exit (if required). That’s why we typically recommend to pull CAT5e or CAT6 cable compared to regular low voltage cable.
We also have a wiring diagram ready in our installation guide. Generally you might look for wiring diagrams for electric door hardware which are included in the document.
Electric strike wiring diagram
If it’s for a regular door, installed on the door frame next to the lock.
Magnetic lock wiring diagram
If it’s for a glass door with magnetic locks, installed on top of the door.
Wired mortise lock wiring diagram
If you’d like to avoid an electric strike and wire the cable through an electric hinge to the wired mortise lock that replaces the regular lock.
Advise on other locks advise
One note about sliding doors: They are NOT recommended. They look very elegant but are absolutely not usable with wired electronic locks.
Generally all locks are wired to a power source. Typically the power source is in the IT – or communications room. However if it’s a small one door installation you could also wire the lock to a power source close to the door. Keep in mind this shouldn’t be accessible for the regular user, otherwise you might end up with manual interference.
Now Spec the Swipe Card Reader (Proximity Reader)
Kisi's state-of-the-art swipe card reader is our Pro Reader. For ease of understanding we stick with the industry standard “swipe card reader”.
The first question we typically get is about mounting specs.
Mounting specs of the reader device
A Kisi swipe card reader is on-wall mounted. The Kisi readers come with set screws to mount. The reader cable needs to be dispatched to the reader height next to the door 48” from the floor, with minimum distance of 10” from the door frame.
Wiring diagram for swipe card reader
The Kisi pro reader works best with a wired CAT5e or CAT6 cable pulls from the future position of the swipe card reader to the IT room. Which CAT cable it is doesn’t really matter for us, your cabling company might have preferences depending on quality and distance.
The reader must be installed outside the door on the same side of the door as the door handle. IE: door handle is to the left of the door, install reader to the left of door.
Do you already think “that’s a lot of cable going on here”? I’ve recently been in an office buildout construction site where we took this picture:
That’s around 80 boxes of CAT6 cable. Considering the price of just one box, it might as well be a small luxury sports car sitting there! Cabling is not cheap and it shouldn’t be the place where you save, because most likely you will never be able to change or edit the cable runs during your entire stay in the office.
Important: The beginning and end of the cable have to be labelled with the door name, so there is no confusion as to which cable to choose.
Option: Front desk wire – Most companies prefer to have a hardwired unlock button at the front desk, so there needs to be a signal cable run to the front desk from the IT room.
Installing Access Control Panels in Server / IT room
Ideally, Kisi controllers are mounted on a wall mount wood board at a height of 5 to 6 feet above the ground. There needs to be 2 power outlets for every one Kisi controller.
All wiring must be secured to the wall with a stable gun or wire tie downs. Ideal compatibility is a drop ceiling.
The Pro Controller needs an ethernet CAT5e or CAT6 cable for data connectivity, a twisted pair power cable and enough space for running up to four door signal cables as well as alarm panels and if needed backup power. More details about this in the next paragraphs.
To give you an idea how a very large installation could look like:
Sorry to disappoint, typically it never looks that nice, but just keep it in mind as a goal to strive towards.
Power and Functionality Backup
Very confusing for construction planning to understand are typically the failover power backup systems. Our first advise is always to check if the building has a backup generator for power. That saves all the trouble. Otherwise for emergency requirements you’d need a 24h backup battery spec’d for the amount of locks you have.
The typical backup battery brand recommendation would be Altronix.
For functionality backup a physical analog backup must be installed in form of manual key override or pin pad.
Connecting Fire Safety and Fire Alarm to Access Control
The fire safety system can be connected with Kisi via dry contacts normally open or normally closed. The fire vendor / architect has to specify emergency push bars where needed. A typical brand used for fire / emergency panels is Bosch.
Conclusions
A card or mobile reader represents only one component of an access control system. While it is important to look at the specs of the hardware, it is equally important to understand the value that the system can provide as a whole. Here you can learn more about the benefits of cloud-based access control systems.