A KEY component to campus access control?
If you stay in a hotel that still issues a traditional metal key you are likely to be staying in either a quaint bed-and-breakfast or a decrepit motor lodge. Card-based door entry systems have become the norm for hotels and motels across the country. It was only a matter of time before the natural evolution of these devices brought them to the college residence hall. That time has come and the growing flexibility of these systems is taking them beyond the residence hall and into a variety of multi-access areas such as labs, recreation rooms, offices, and classrooms.
How do they work?
Doors have holes drilled into them to accept handles and locks. There are two basic mounting patterns, Mortise and Cylindrical. The lock on your office is of one of these varieties and you can easily remove the locking mechanism and replace it with another. Should you wish to simply replace the mechanism with another keyed variety, you could purchase any brand lock assuming you selected the correct type–Mortise or Cylindrical. Or you could replace it with a hotel-style door lock that also comes in either Mortise or Cylindrical variety. In short if you have a door that currently has a lock on it, you can most likely replace the lock with a card-based mechanism–without replacing or modifying the door.
At the most basic level, these mechanisms consist of normal door hardware as well as card reading equipment, electronic memory, a battery, and electronic signal circuitry. When a card is inserted into the reader, a unique code or identification number is read from the card and checked against the authorized numbers held in the lock’s memory or mathematically checked for validity. If the number is authorized, a signal is sent to the locking mechanism to trigger the opening process. A transaction record is written to the lock’s memory noting such information as the date, time, and card number.
Is this different than
other access systems?
Traditional security and access control systems are online systems, with each and every reader (or point of entry) connected via a wire to a central host computer. In an ideal world, all access readers would be deployed in this manner as the level of control is maximized with this type of host-based system. In the real world, however, it is often impractical to connect each and every door to a central security system. The costs would be overwhelming. While the offline hotel-style locks can cost less than $500 per door, online readers typically cost more than double this amount. In a four-floor dormitory with 100 rooms per floor, it could easily cost an additional $200,000 to connect all doors to the online system. Campuswide this can amount to many millions of dollars as all dorms and buildings are considered.
Few can afford this luxury, so many are opting to combine the best of both worlds. Using the online security system to control access at external doors where control is most critical and the less expensive hotel-style mechanisms to control internal doors, a solid yet cost effective system can be attained. Further evidence of this natural fit between online and offline systems can be seen in the partnerships emerging between online card/access control providers and door lock companies (e.g. BEST and CBORD, Blackboard and VingCard Persona).
What card technologies can be used?
Hotel-style mechanisms are available to read a variety of identification technologies. Early on, plastic cards with a specific pattern of holes punched into them were common. Other locks simply had a series of numbered buttons and a code was physically-entered into the lock. Today magnetic stripes, smart cards, proximity cards, and contactless cards can all be used in these mechanisms. Typically, however, only one technology can be used in any one lock. Thus, you must decide the technology you’ll be using prior to selecting the manufacturer and model of lock.
But just when you think things got easy, think again. Just because you have a magnetic stripe or a chip on your campus card does not mean that your card can be read in a magnetic stripe-reading or chip-reading lock. That would be just too easy, wouldn’t it?
Magnetic stripes are encoded via either standardized (ISO/ABA encoding) or proprietary methods. Campus cards are no exception. Most hotel-style locks read their own proprietary encoding to determine identification numbers, codes, and subsequent privileges. The campus card vendor’s proprietary encoding is different from the lock manufacturer’s proprietary encoding so these cards will not match. In most cases, the lock requires its own dedicated track on the stripe for operation. This track cannot be shared with other applications (for more on magnetic stripe tracks, see CR80News February 2002).
Most commonly, lock manufacturers have elected to utilize track three on the magnetic stripe. On most campuses, the third track is not utilized for other applications as most choose to use track two or tracks one and two for the data elements required by mealplan, library, banking, and other applications. Thus, this use of track three has worked well. Except, however, on those campuses with two-track magnetic stripes on their existing cards. In these cases, the manufacturer must enable the locks to read track one or the campus is unable to use the vendor’s locks.
You may ask, “why don’t the lock manufacturers utilize the same standard encoding schemes that the banks, many campus cards, and other organizations have agreed to use?” For good reason, some argue, in that a lock that read the standard ISO number and used it for identification would be far too easy to defraud, creating fake cards to gain access to secured facilities.
Similarly, campuses wishing to drive thelocks via data on their campus card’s chip run into problems of their own. There are many different varieties, manufacturers, operating systems, and proprietary file layouts for chip cards. Each one of these variables impacts the ability of a card reader–in this case a lock–to read the chip. If the lock has not been programmed to read the specific card, from the specific manufacturer, with the specific operating system–it will not work. Furthermore, just because a lock manufacturer says the lock will read the type of card you have on your campus does not mean it will read the proprietary file layout of your card. Be cautious and diligent as you investigate this process.
Now that we have waded through the general discussion let’s investigate some of the options available to the campus.
Who are the providers?
Best Access Systems, VingCard Persona, Tesa Entry Systems, Locknetics, Saflok, and a handful of other companies offer hotel-style door locks to the campus market. While all serve fundamentally the same purpose and operate in similar manners, there are real and significant differences between the vendors.
What are the key parts to the system?
Obviously there is the lock itself, but of equal importance is the management system and the data collection system. The management system is the software package that enables the creation and issuance of keys or card ID codes, the programming of individual locks, and the handling of lost/stolen/expired cards. The data collection system is used to collect transaction histories from and enable reprogramming of locks in the field.
Questions & Answers
(1) Are these locks really sturdy enough to withstand the abuse of college residence hall life?
Hundreds of campuses across the country have installed these locks in locations on the campus. While isolated problems with vandalism and failure certainly occur, the general impression is that the units tend to hold up well. Some vendors have different physical chassis for the campus market and the hotel market. You should understand the differences and feel comfortable that the physical makeup of the lock will meet the rugged requirements of dormitory life.
(2) What type of battery is used in the lock? Some vendors utilize standard batteries (e.g. AAs, AAAs) to power the locks while others use less common battery type not used in consumer devices. There have been reports of individuals opening the locks to remove the standard batteries for use in portable CD players or other consumer electronic devices. If this is going to be a problem anywhere, it will certainly arise in residence halls.
(3) What happens when a battery is removed or dies?
Nearly all locks are protected by a backup power supply to ensure that transaction and programming data are maintained when the batteries fail or are removed. The lock, however, becomes disabled forthis time. This is not an issue for exiting a room as, like normal locks, the entrance for the outside is controlled but the exit from within is freely available via the handle. It will, however, require new batteries or a manual key override to gain entrance to the room. In most cases, as battery power is getting low, a warning is provided either by audible sound or blinking light. Under normal circumstances, this provides plenty of advanced warning for battery replacement.
(4) What options are available in these locks beyond the Mortise and Cylindrical choice? In other words, what else will I have to decide?
While each vendor will differ to an extent, there are a couple of basic options for you to decide between. Many vendors provide a couple of options with regard finish and color (e.g. brass or pewter). The locks can come with or without a built-in deadbolt that provides extra security–not controlled by the card–when locked from within the room. Locks are often available with or without a numeric keypad to enable the added security of a code number to be used either alone or in concert with the card.
(5) What type of data is collected in the locks?
In general, the locks keep a log of transactions for both accepted and rejected openings. At a minimum, each transaction will track card number, date and time, and result (accepted or rejected). The number of transactions stored is limited by the unit’s memory capacity and the volume of customized optional data held in the unit (see question 7). Once the maximum number of transactions is reached, the lock will overwrite existing records starting with the oldest (first in, first out).
(6) How, when, and why is data extracted from the locks?
All manufacturers offer some form of portable data collection device to retrieve records from the locks. This can be a laptop computer, a handheld computer, or a personal digital assistant (PDA). The collection device is attached to the lock via a port most often hidden on the underside of the chassis. Data can be extracted from the locks at anytime, however, in practice data collection is rare. Most installations only collect data in cases of suspicious activity (e.g. a crime has occurred in the secured location, theft is suspected, employee abuse of facilities). In these cases, the logs can be monitored to determine which cards were used to enter the premises at what times. The same device used to collect this data is often used to reprogram locks in the field with customized functions and data.
(7) What type of customized functions can be added to the locks?
While differences exist in the specific functions and the handling of these functions, a number of extremely useful customizable options can be available. First, locks can be programmed to lockout valid cards for a given period to keep students out of dorms during mandatory vacation periods. Locks can be set to deactivate a previously valid card when a next-in-line valid card is presented. In practice, this can allow a new student to be assigned to a dorm room and given a key that invalidates the previousoccupant’s key. Thus, the need to collect keys or visit and re-key a lock for which a key was lost or not returned is eliminated. These are just a few of the powerful uses of the customizable features available on many of these systems.
(8) How can I grant access to rooms by staff and security personnel like I have in the past with physical master keys?
The use of varying access levels can enable the creation of staff cards and security personnel cards with different privileges. For example, a member of the housekeeping staff might have a single card providing access to all rooms on a given floor of a specific dorm during approved working hours while a security officer might have complete access to all locks during all time periods.
(9) What are the functions of the management software?
The management software handles the key issuance process, sets parameters for expiration of keys, coordinates the linking of locks/rooms and keys, manages lost and stolen key handling, and creates master keys for staff and security personnel. Most are PC-based packages with attached encoders. Recently, the integration of these management systems into the card issuance and management systems provided by card system vendors has been gaining ground.
What have we learned?
If you are considering a move to an offline security system, there are many elements to consider. Understand the current key issuance process on your campus. Talk to the people that run your key bank and learn what the challenges and strengths of the current physical key distribution and collection process. Remember that some may feel threatened by a new system that changes the role of any campus locksmith, security, or key handling staff.
Evaluate the vendors and find out which best meet your needs. As we have stated repeatedly, each has different ways for handling features of the system and some may better match your situation than others. Find out how each system will interact with your current card issuance process. Do you want the card office staff to distribute the keys (encode the keys on the cards) or do you want this process to continue through housing or security? Will the system tie in with your current software and processes?
Finally, if you are currently utilizing a two-track magnetic stripe consider switching to a three-track stripe next time you reorder cards. It will not impact your current efforts but it will better prepare you should the move to offline locks occur on your campus. This move is happening with greater and greater frequency as the cost efficiencies are realized and the focus on campus security continues to grow.
Thanks to all the manufacturers who helped in the preparation of this article. Special thanks to Jana Lasch and Robert Rodenbeck of BEST Access Systems for their invaluable contributions.