Showing posts with label Card reader. Show all posts
Showing posts with label Card reader. Show all posts

Tuesday, August 1, 2023

IoT - How it Works in Access Control

Internet of Things - How it Works in Access Control 

The "Internet of Things" precisely known as IoT is an integrated network of intelligent computing devices connected through the internet to communicate with each other without any human interference.

What is IoT?

The Internet of Things (IoT) is a technological concept of connecting multiple devices that have the possibility of switching on and off the web in order to use software and automation processes for smart living. IoT is an innovation that changes the way we organize our lives at home and at work, as well as the way we move and use transportation means and manage industrial machinery. Any object, even people, in terms of smartphones and wearables, can be a part of the IoT grid.

The IoT is not limited to computers or other most common devices used for web connections. It’s typical to expect a desktop, a tablet, and a mobile to find their place in the IoT, but the concept encompasses way more. For example, smart vehicles, whose navigation systems depend on a computer dashboard connected to the web can be part of the Internet of Things. Any equipment that can support the smart sensor technology is viable for the IoT environment.

It’s not too difficult to imagine how the IoT grid is and how it will be transforming our workplaces. The Internet of Things at work enables smart buildings that automate business processes and improve security. In a way, IoT office solutions are a bridge from the physical to the virtual workplace.

Taking the physical information and transforming it into virtual data via IoT sensors results in the ability to manage many processes from anything that has a computer processor. Although we haven’t exhausted all IoT ideas for offices, many organizations have benefited from accepting the basics of the concept, creating smart lighting and aircon systems, as well as smart access control systems.

The access control mechanisms restrict unauthorized users from accessing the system by introducing appropriate mechanisms. Data sharing is the process of exchanging information among IIoT users. The access control and data sharing strict the legitimate users can only exchange their data. The access control defines which type of users can access the information of the particular IIoT system and is permitted to perform the control activities.

Internet of Things Ecosystem

IoT is a new concept of integrated network of different kinds of computing devices in the field of information technology. It is based on the IP network in which every individual machine used in manufacturing, security, transportation, and other fields of our day-to-day life is assigned a unique IP to communicate with each other.

Every machine/device is connected with the related sensors, which trigger the control system to issue instructions to a particular machine for some action to perform automatically. This network can communicate through both wireless and wired internet connectivity.

How is IoT used in access control system?

Internet of things is a backbone of modern IoT access control system commonly known as intelligent door locking systems. In this system, every lock, lock access controller, card reader and other associated devices are assigned a separate IP address, which is used for communication among the devices.

In a single building, all those intelligent machines are normally connected through wireless networks to their consolidated management software or mobile application. These applications can be configured for automatic as well as manual operation of different locks and controllers. The security alerts and notifications can also be configured to receive on mobile apps in real time.

Each device/machine is configured for its operating conditions, criteria, sensitivity and authority in core management control software, which is used as controller of the entire system. A duplicate control of this system is used as a mobile app on your mobile devices too; you can receive the status of your access system and you can also issue instructions from your app. Any malicious activity in your access system generates an alert and detailed notification on your mobile app or main management software controller.

What products use it?

Internet of things is used by thousands of types of products in general and almost all parts of the IoT security system commonly used in modern buildings. In access control, intelligent lockscard readerskeypads and other related devices use the technology behind the concept of the internet of things.

Every authorized mobile device also uses its unique IP address in the network to get an access into the main controller for using the intelligent locking system. The main server also has a unique IP address to establish iot communication among the components of entire IoT access control ecosystem.

Advantages of IoT in Access Control

The main benefits of using IoT security system based on IoT include:

- Fully integrated and highly intelligent system

- Accessible from anywhere around the world

- Capabilities to configure for different level authorities

- Can be used for both automatic and manual operations

- Easy to track the records of events

- A comprehensive approach towards secure life

Disadvantages of IoT in Access Control

The main disadvantages of using IoT access control system include:

- Certain hacking and security related issues still persist

- Not so mature technology

- Complex and costly

The nodes maintain an access control list that includes information about IoT devices, users, and associated access levels. Generally, the IIoT is formed using a group of embedded devices like sensors, cameras, and actuators to achieve a specific task. Designing access control and data sharing in such environments are very challenging owing to limited resources and heterogeneity. Context awareness, inter-domain operation, privacy assurance, resource efficiency, manageability, and accountability are some of the requirements of IIoT access control. The access control strategies are categorized into rule-based, capability-based, user control, and attribute-based.

The phrase “knowledge is power” has been taken to a whole new level by IoT technology that has been adapted in diverse areas. Governments have implemented the use of IoT devices in their activity processes such as the use of military drones while IoT devices are used by healthcare facilities and hospitals to provide high-quality healthcare services.

While smartphone and computers have been around for a long time, IoT is a relatively new phenomenon. Therefore, manufacturers and software developers have had sufficient time to address the susceptibilities pertaining to their data breach. IoT devices, alternatively, are extremely useful and come with various capabilities. Manufacturers still encounter problems such as dearth of passable hardware that is strong enough to examine and encode data yet trivial enough to fit inside the restricted space. Cybercriminals can access your home Wi-Fi network through such indiscreet devices and use the opportunity to watch your home surveillance camera to carry out a crime.

The fundamental purpose of implementing IoT devices across numerous segments is to create a completely cohesive smart city. With this integration, any device used in a manufacturing industry can link to another being used by government organizations, healthcare providers, trades or even one’s home network. Nevertheless, the law is yet to formulate privacy protection laws that cover all weaknesses across the different sectors. Cybercriminals continue to take advantage of this shortcoming, which results in the loss of revenue already invested into the project.

How to secure IoT networks

Here are some of the steps that can boost the security of your IoT network.

Know your IoT network

The first measure to take to enhanced security is to recognize and learn what you have and what needs to be protected. While it may appear one of the initial and basic steps, many companies tend to ignore this. Having an appropriate list of what’s on your IoT network and updating it frequently is key to security in any IoT network.

An IoT network usually comprises numerous devices and any of these devices can be used as a source to upset an entire IoT network. Organizations should focus on fixing the fundamentals to face the mounting cyber-risks in IoT.

IoT network security architecture

Most of the normally used surveillance devices barely support the wireless network security standards such as WPA2 or WPA3, which makes them highly vulnerable, capable of easily falling into the hands of hackers. Companies find upgradation of all these devices extremely expensive, so they should think about redesigning their network security architecture.

Divide the responsibility

One of the main problems with IoT security is that businesses often end up with security flaws since they have too much to achieve. Organizations that have their own IoT network characteristically purchase or hire paraphernalia and services from numerous services or device providers. Because IoT has to do with all these devices working together in a network, this medley of equipment can open up numerous holes that can be used to disrupt the system.

Setting up one-way connections

Setting up one-way connections is very important in an IoT network. If the endpoints in an IoT network have more privileges, cybercriminals can exploit them for cyberattacks. With the rise in the number of devices being a part of the IoT, the surface area for the invaders to attack is also increasing. Hence, businesses should restrict the skills of these IoT devices for security motives. Frequently, IoT devices are arranged in a way that they can start network connections by themselves. Although this provides much flexibility and other benefits, it can also lead to numerous security problems. By applying the exercise that all IoT devices are able to stay linked or start connections only using network firewalls and access lists will guarantee better safety.


Thursday, October 10, 2019

OSDP an Access Control Protocol by SIA

OSDP an Access Control Protocol by SIA

ACCESS CONTROL WIEGAND PROTOCOL

In access control world we used Wiegand Protocol (Invented by John Wiegand in 1970). The communication protocol used in the Wiegand interface is called the Wiegand protocol. This protocol talks reader to controller. Basically Wiegand interface is a wiring standard used for interconnecting peripherals like fingerprint readers, card swipers or iris recognition devices. Initially created by HID Corporation, the Wiegand devices gained popularity thanks to the popularity of the Wiegand effect card readers of the 1980s. The Wiegand interface is considered a de facto wiring standard for card swipe mechanisms, especially for electronic data entry. Wiegand devices were originally developed by HID Corporation.
The Wiegand interface consists of three wires in the physical layer, the first wire is for ground and other two for data transmission, known as Data low/DATA0 and Data high/DATA1. The wires are composed of an alloy with magnetic properties. DATA0 and DATA1 are pulled up to high voltage, when no data is sent. When "0" is transmitted, the DATA0 wire is pulled to a low voltage while the DATA1 stays at high voltage. When "1" is transmitted, DATA0 stays at high voltage, whereas the DATA1 is pulled to a low voltage.

The most popular Wiegand interface is 26. It could be 3 bytes (Wiegand-26), 5 bytes (Wiegand-42) and even 7 bytes. Cable runs are limited to 500 feet. The Wiegand interface is unidirectional. It means that data is transferred in one direction only: from reader to the access panel. So access panel waits for a code on the line. If code is absent it means that there is no card near the reader or the reader is dead or the line is corrupted. To solve this problem in this way I asked one vendor to make a new firmware for its reader and now it sends each half an hour a "heart beat" code.
Given such limitations it has become increasingly clear that for reader technology and capabilities to progress, a bi-directional connection between the reader and access control system is a necessity. Some access control and reader manufacturers have recognized this need and developed proprietary bidirectional solutions. The OSDP a nonpriority interface specification that can be implemented without restriction. The protocol was originally developed by HID Global and Mercury Security Corp. in 2008 and adopted by SIA as a standard in 2011. SIA formed OSDP working groups, open to all members, and subsequent contributions have been provided by those participants.

What is OSDP
Open Supervised Device Protocol (OSDP) is an access control communications standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security products. OSDP v2.1.7 is currently in-process to become a standard recognized by the American National Standards Institute (ANSI), and OSDP is in constant refinement to retain its industry-leading position. Open Supervised Device Protocol (OSDP) v.2.1.7 is a communications protocol that allows peripheral devices such as card readers and biometric readers to interface with control panels or other security management systems. It adds sophistication and security benefits through features such as bi-directional communication and read/write capabilities. The OSDP standard with Secure Channel Protocol (SCP) will support both IP communications and point-to-point serial interfaces, such as RS-485.

BI-DIRECTIONAL COMMUNICATION

The access control industry’s move to open standards is cultivating a broad range of interoperable products with enhanced features and security. Open standards also ensure that solutions can be easily upgraded to support changes in technology and applications, and give users the confidence that investments in today’s technologies can be leveraged in the future. OSDP with SCP specification provides bi-directional communications and security features for connecting card readers to control panels or other security management systems.
Bi-directional communication is particularly beneficial for enabling users to change configurations and to poll and query readers from a central system, which reduces costs while speeding, and simplifying configuration and improving the ability to service readers.

Unlike earlier unidirectional protocols, including the Wiegand interface and the clock-and-data signal approach used with magnetic stripe readers, OSDP enables continuous reader status monitoring. It can also immediately indicate a failed, missing or malfunctioning reader, as well as provide tamper detection and indication capabilities. All signaling is done over two data lines, providing the ability to use four-conductor cable to both power the reader and send and receive data. This lowers installation cost compared to the 6 to 10 conductors typically used for Wiegand.

HID Global is one of the first manufacturers to support OSDP with SCP in its reader portfolio as part of its iCLASS SE platform. iCLASS SE platform readers with OSDP enable central management, which lowers operational costs by making them faster and easier to configure and service.

SYSTEM INTEGRATION
OSDP gives Higher Security, Advanced Functionality, Ease of Use, More Interoperability. OSDP provides continuous monitoring of reader status, and can immediately indicate a failed, missing or malfunctioning reader. OSDP can also provide tamper indication for readers with onboard tamper detection capabilities. OSDP protocol for control panels to send messages for display to a cardholder via a screen embedded within or connected to the reader. The OSDP standard is particularly important for government installations because it supports high-end AES-128 encryption (required in federal government applications). And it meets the requirements of the Federal Identity, Credential and Access Management (FICAM) guidelines. OSDP also works with biometrics – Weigand does not.

SYSTEM ARCHITECHURE

Replacing legacy access control panels while maintaining operation with legacy card readers and other field devices.
When the need arises to replace or upgrade a card access or security control panel and if the new panel is OSDP compliant, it may be advantageous or necessary to convert the field devices to OSDP compatibility. This normally means replacing all readers, sensors, contacts, relays, and door control equipment to OSDP compliant versions as well. If this is not an immediate option due to time or cost constraints, the Cypress OSDP-1000 can provide an effective solution.

Credential Reader - Any Wiegand (Data 0 / Data 1), Strobed (Clock/Data), F/2F, or Serial interface can be handled by the OSDP-1000 when configured in "Reader Interface Mode". Since the format of the data is reported by the OSDP-1000 to the new control panel as an array of bits or characters, the panel's software must be configured to process the raw bit stream or character string. The reader type is configured by either on-board DIP switch or via OSDP configuration command from the panel.

Door Strike / Gate Operator - If the panel has provisions for multiple, dry-contact relay outputs and the panel's power supply is capable of driving the door or gate operator, then the 2 wires already in place to provide this function can continue to be used. Otherwise, since the OSDP-1000 is mounted in a secure location (not accessible from the un-secure side of the door or gate), it can be used to control the door or gate via OSDP command from control panel. If the control current is 1amp or less (at 12 to 24Vdc), the OSDP-1000's on-board, form C relay can be used. The new control panel will simply command the OSDP-1000 to turn the relay on or off. If higher currents are required, an external relay can be added. The power for the door strike, mag lock, or gate operator can be supplied from the panel (centralized power) or a local power supply near the door or gate (distributed power).
Sensors, Contacts, Switches, EOL Devices - Since the OSDP-1000 is mounted on the secure side of the door or gate, all remaining field wiring can be terminated at the OSDP1000. The new control panel will request data via protocol command/response and use it to determine the status of the door position switch, request-to-exit button, or motion detector. The OSDP-1000 has 2 Supervised alarm inputs to accomodate end-of-line resistor configurations. These can also be used as digital inputs.
Power Considerations - The OSDP-1000 does not magically create power for itself, the reader, or door strike from the twisted pair communication wires (but we might be working on it). The legacy panel or other power supply provided enough power to operate the reader, sensors, and door or gate operator. If the new control panel does not provide this power, then a suitable power supply must be installed at the panel location or at the door or gate. The OSDP-1000 only requires about 50ma and accepts a wide range of voltage (7 to 24Vdc). The reader, door strike, and any powered end-of-line device typically dictate what voltage to use (12 or 24Vdc).


All Devices - As mentioned earlier, converting all devices at the door or gate is recommended since this adds supervision of all signals. It also sets up the site for migration to an OSDP Control Panel in the future. Since the OSDP-1000 is mounted in a secure enclosure not vulnerable to tamper from the un-secure side of the door or gate, all signals can be terminated to it and supervised. The OSDP Reader has it's own polling address as does the second OSDP-1000 module configured for "Remote Interface Mode".
There still are many Weigand-base legacy systems in place and due to limited resources, it may take time to replace them all, but the migration is underway. Many organizations are taking a step-by-step approach replacing perimeter readers first and moving to interior readers as funding and time allow.


Future-proof your access control strategy today. Meet Signo, the signature line of access control readers from HID Global. This new reader line provides performance, versatility and security meet in a sleek, modern design. HID Signo™ Readers deliver mobile access capabilities, ensure easy migration from Wiegand to OSDP and support the widest range of credential technology so organizations can to upgrade at their own pace.

GROW YOUR BUSINESS
Integrators can differentiate from the competition by promoting open standard protocols, which can help build new customer relationships and win more projects by providing new found PACS features. With OSDP only four conductors are ever needed, two for power and two for all communication.
Wiegand does not allow for remote configuration or upgrade of a reader. OSDP enables a customer to remotely change the configuration of a reader (i.e. security keys or LED color) from any network-connected location.

BENEFITS OF OSDP
Compared to common low-security legacy protocols, the emerging OSDP standard offers:
Higher Security
·  OSDP is more secure than the most common access control communications protocol.
·     OSDP Secure Channel supports high-end AES-128 encryption (required in federal government applications).
·     OSDP constantly monitors wiring to protect against attack threats.
Advanced Functionality
·         Supports advance smartcard technology applications, including PKI/FICAM and biometrics.
·         Supports bi-directional communications among devices.
·         OSDP supports advanced user interface, including welcome messages and text prompts.
·         OSDP’s use of 2 wires instead of 12+ allows for multi-drop installation, supervised connections to indicate reader malfunctions, and scalability to connect more field devices.
Ease of Use
·         Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.
·         Guesswork is eliminated since encryption and authentication are predefined.
·         Low cost of implementation on an embedded device.
More Interoperability
·         Using OSDP enables communication among different manufacturers' devices and solutions.
·         The standard applies to peripheral devices (PDs) such as card readers and other devices at secured access doors/gates and their control panels (CPs).
·         SIA promotes the standard at regular “plugfests” among manufacturers and at InteropFest – an annual interoperability event held at ISC West tradeshow every spring in Las Vegas, Nevada.
·         The OSDP specification is currently recommended when TCP/IP, USB, or other common protocols do not lend themselves to the application.
·         The OSDP specification is extensible to IP environments and the OSDP WG is working on deploying OSDP over IP soon.

Ref:
https://ipvm.com/reports/osdp-access




Saturday, September 22, 2018

Role of IT in Access Control System

Role of IT in Access Control System


It is a fact that IT is becoming more involved in the physical security world. In a small minority of companies, these two departments are actually merging, although this is a mammoth task fraught with problems, not only in terms of technology, but primarily in terms of culture.

In the access control world, one could say it’s normal for IT to be involved in networking (assuming the access systems make use of the corporate network and/or the IP protocol), but the scope of IT has slowly been creeping into more of the access control functions. In smaller companies, for example, it’s not unusual for the service provider responsible for the company’s IT to also take the responsibilities of physical security.
So how far has IT made inroads into the access control world in general? HID Global broadcast arrange a webinar in October 2018 in which it revealed some new research into the increasing role IT departments and personnel are playing in the physical access control world. The webinar was hosted by HID Global’s Brandon Arcement and Matt Winn. After discussing the findings of the research, they went on to advise physical security operators as to how they can embrace their IT colleagues further, with the goal of improving the holistic security posture of their organisations.

The survey was conducted by The 05 Group, sponsored by HID and was completed in March 2018. As the title of this article notes, the research found that IT departments are now more involved than ever in organisations’ physical access control decisions and implementation, and that trend is set to increase.

The 05 Group surveyed 1 576 individuals from more than a dozen industries, including education (19%), information (16%), government (11%), manufacturing (8%), health services (8%), and security, professional and business services (8%). Of the respondents, 35% were IT managers, 26% were IT directors, 13% were IT staff, 8% were CIO/CTO, and 3% were VPs of technology. The survey also spanned companies of different sizes, with 24% having less than 100 employees, 22% 101-500 employees, 11% have 501-1000 employees, 17% have 1001-5000, 6% have 5001-9999, and 6% have 10 000-24 999 employees. The results therefore cover a broad spectrum of companies and industries.
 The numbers tell a story
The research offers a significant amount of data about the role of IT in access control, however the webinar brought out a few pertinent facts (a link to the white paper written by HID from the research is at the end of this article). When asking the organisations being surveyed “Who is primarily responsible for physical access control in your organisation”, the responses were as follows:
• 29% said both IT and physical security.
• 26% said IT only.
• 25% said facility management handles the job.
• 12% said physical security only.
• 8% said the property management company was tasked with access control.
With a quarter of the respondents already saying IT is responsible for access control, and a further 29% saying it is shared between the two departments, it’s clear that the divide between IT and physical security is rapidly vanishing – and in some cases, altogether gone. And this is a trend that will continue; in organisations where IT is not involved in access control, 36% of the respondents said it will be within the next five years.

For those organisations where access control responsibilities are shared, 47% of the respondents report it had been shared within the past five years. Similarly, where IT owns the responsibility, 42% of the companies say they were given this task within the last five years. Once again we see that IT/physical security convergence in the access world is an expanding reality.

We mentioned IT’s influence in access control above in terms of the networking of access systems, however, this is an old function. The webinar showed that both IT professionals as well as physical security professionals see IT being involved in all areas of access control. When it comes to physical security professionals:
• 66% of physical security professionals see IT involved in influencing the decision-making process.
• 48% see IT’s involvement in integrating access and other systems.
• 37% see IT involved in implementation.
• 22% see IT involved in managing the systems.
From the other side of the table, IT professionals have a similar view:
• 76% expect to influence decision making.
• 72% will be involved in integration.
• 59% will be involved in implementation.
• 39% expect to be involved in managing systems.

Not all wine and roses
Of course, as these different cultures work together, there are bound to be some issues. It is in the field of integration where IT sees problems. Half of the IT people surveyed have issues with the lack of integration of access systems with other IT systems. This is an area in which the access control industry could make significant changes in the short-term to ensure their software and hardware can be more easily integrated with existing business management and security systems.

When it comes to new access control systems, the IT school has a few things it wants to see on the vendors’ to-do list. They want improved ease of use (71%), the ability to support or add new technologies (68%), mobile access (59%), and integration with existing security platforms (54%).

It’s also clear from the survey that IT is not all that comfortable with access control technology. Areas such as credential management, decision making with respect to access control systems, how system components work and also individual features within access systems can cause a bit of nervousness among the IT folk. These are areas in which physical security professionals can make their mark, as they are more skilled in dealing with these issues as well as others unique to their industry. 

Helping IT in access
The driver behind this convergence is not a technical issue, but is itself a convergence of a number of separate drivers. HID notes the primary drivers are:
• Converged threats that impact both physical and logical infrastructure. If you have a physical vulnerability it puts your logical systems at risk, and vice versa.
• Proliferation of networked devices in the age of IoT (the Internet of Things) which all require both physical and logical security. Interestingly, the webinar held its own real-time survey of the attendees and this topic was selected as having the biggest impact on access control’s shift to IT with half of the audience selecting it.
• Compliance to new regulations, which again rely on both sides of the table.
• Budget consolidation, which we are all suffering through.
• A shift in reporting structures as executives try to get a handle on the seemingly endless threats companies face on all fronts.

When it comes to the role of physical security professionals and how they can assist in the convergence between the two sides and help improve organisational security, 80% of the respondents said they play a role in establishing best practices, while 50% see physical security having a role in preventing unauthorised access in general, and 49% say they can help in achieving compliance. In order to streamline collaboration, the HID webinar suggests, among other issues, that both sides need to work on aligning project priorities and determining responsibilities, and balancing the technical acumen of IT when it comes to access products and management. 

A converged example
The webinar went on to provide an example of how the two divisions could work together in an access control installation. When it comes to the physical access control host, HID advises organisations to integrate physical access control systems (PACS) with an IT source of identity such as LDAP. Furthermore, administrators should ensure there is a set policy around regular software updates and patches, while they should also take advantage of IT’s experience (and equipment) to ensure high availability.


When it comes to the controller, HID advises organisations to settle some of the issues raised above by requiring an open controller platform that can be integrated with other technologies and other vendors’ products. Preventing vendor lock-in is a costly lesson IT departments have learned. It also suggests considering an ‘IP-at-the-door’ topology, keeping controller firmware updated to the latest versions, using strong passwords and encrypting communication between controllers and hosts (and using OSDP – Open Supervised Device Protocol – for encrypted reader communications).

Another strong warning was to take care when selecting access credentials as many of the card and fob technologies available are easy to replicate, making it simple for the wrong people to easily gain access. There are secure card technologies out there and these should be used as a standard. A business benefit of these more advanced credentials is that they can also be used for additional business functions, such as secure printing, vending machines and network logon.
The webinar presenters also touched on the benefits of using users’ mobile devices as credential holders. These can offer higher levels of authentication, easier administration and more user convenience that does not come at the expense of the company’s security.

Whether you are on the IT or physical security side, the most important part of the research (depending on your biases) can be seen in the answer to the question “Do you believe that increased collaboration between physical security and IT can improve the overall security of your organisation?” An overwhelming 95% of all the respondents said “yes”.

While the full convergence of physical and logical security is still some way off, people in the access control sector obviously understand that IT and physical security working together is critical to develop a successful security defence strategy for their organisations. In the access control industry this may be easier to achieve, but as noted in the introduction, it is often a question of culture (or ego, to be blunt) that prevents collaboration and results in organisations being vulnerable to the ever-increasing threats they face from well-organised criminal syndicates, as well as unhappy teenagers with too much time on their hands.

End of the article thanks to Mr. Andrew Seldon, for valuable time to us & security sa team.

Sunday, November 1, 2015

Anti-Passback in Access Control Systems

Anti-Passback in Access Control Systems

The anti-passback (APB) feature is designed to prevent misuse of the access control system. The anti-passback feature establishes a specific sequence in which access cards must be used in order for the system to grant access.

The anti-passback (APB) feature is most commonly used at parking gates, where there is both an “in” reader at the entry gate and an “out” reader at the exit gate. The anti-passback feature requires that for every use of a card at the “in” reader, there be a corresponding use at the “out” reader before the card can be used at the “in” reader again. For the typical user of the parking lot, this works fine, because the user would normally swipe their card at the “in” reader to get into the lot in the morning, and swipe it at the “out” reader to get out of the lot in the evening. So long as the sequence is “in – out – in – out – in – out”, everything works fine. However, if a user swipes his card at the “in” reader to get in, and then passes his card back to a friend, the card would not work the second time when it was swiped by the friend. The attempt to use the card a second time would create an “in – in” sequence that is a violation of the anti-passback rules, and this is why access would be denied.

Picture Left: (1.) First the cardholder enters into the area and then the system will allow them to (*2.) exit.

Picture Right: If a cardholder has already (1.) entered and then before they exit they try (or someone else with their card tries) to enter again, the will be (3.) denied because there is an anti-passback violation because it is impossible to Enter and area when the system thinks you are already Inside.


Anti-passback can also be used at employee entrance doors. This requires that a card reader be installed on both the inside and the outside of the door. Employees are required to both "card-in" when they enter the building and "card-out" when they leave the building. The anti-passback feature is also commonly used with turnstiles.

There is an expanded version of the anti-passback feature called “regional anti-passback”. This establishes an additional set of rules for card readers inside of the building itself. Basically, this rule says that unless a card is first used at an “in” reader at the building exterior, it cannot be used at any reader within the interior of the building. The theory is that, if a person did not enter through an approved building entrance, he or she should not be permitted to use any of the readers within the building.

Depending on the access control system manufacturer, there may be additional anti-passback features in the system. Some of these features could include "timed anti-passback", which requires that a designated amount time pass before an access card can be used at the same reader again, and "nested anti-passback" which requires that readers be used in only designated sequence to enter or leave a highly-secured area.

Denying access when a user attempts to use a card out of sequence is sometimes called "hard" anti-passback. Hard anti-passback means that when a violation of the anti-passback rules occurs, the user will be denied access. Some access control systems also offer a feature known as "soft" anti-passback. When a system is using this option, users who violate anti-passback rules are permitted access, but the incident is reported to the person managing the access control system so that corrective action can be taken - most often notifying the offending employee that the access card should be used in the proper sequence in the future.

The anti-passback feature can also be integrated with the corporate computer system, preventing users from logging on to the network at their desktop computer unless they have properly entered the building using their access card. This feature can also temporarily disable the users remote log-on privileges while the user is in the building - the theory being that if the user is at work, there is no reason for someone from off-site to be logging on to the network using his or her user name and password. When the user leaves the building at the end of the day, his or her remote log-on privileges are turned back on.

Some Typical Situations

A. When someone enters the entry gate following others without his own authentication, he or she cannot get through the exit gate through his own authentication even his authentication is a valid one. It’s the same when someone gets through the entry gatefollowing others without his own authentication, he or she cannot get through the entry gate through his own authentication.

B. When someone gets through the gate, and then he or she “passes back” that card, say through a window or another door, to an unauthorized user, who then uses the same card to access the building, he or she cannot get through. The password authentication is the same.
C. When someone get through the Fingerprint/Card/Password authentication, he or she doesn't access, then he or she cannot get through the gate even the authentication is a valid one.

Set up an Anti-passback SYRiS Controller Exp:-


Set up an Anti-passback Suprema BioStar V1.62 Software Exp:-


Anti-passbackis a security mechanism that prevents a person from passing back her access card to the next person. It is designed to prevent the next person from verifying herself with another person's access card. When using BioStar, you can set up an Anti-pass back zone, which requires users who've already entered an area to leave the zone first before entering the area again. For instance, if the zone consists of two devices (let's call them Device A and Device B here), the user who's been already verified on Device A must verify herself on Device B before verifying herself on Device A again.
You can set up an anti-passback zone by performing the following steps:
1. On the Doors page, click Add New Zone.

2. Enter a name for the Anti-passback zone and choose Anti-passback Zone from the Type drop-down list.
3. Configure the settings of the Anti-passback zone and add devices to the zone by clicking Add Device.
·  APB Type
§  Soft - A user who has broken the Anti-passback rule can enter the area without the administrator explicitly releasing the alarm.
§  Hard– A user who has broken the Anti-passback rule can't enter the area without the administrator explicitly releasing the alarm.
·  In case of Disconnected
§  Door Open– Doors in the zone will get opened when the communication between the master and member devices is disconnected.
§  Door Close – Doors in the zone will get closed when the communication between the master and member devices is disconnected.
4. Choose the devices you want to add to the zone as In Device and click the right arrow button. Perform the same for Out Device.
5. Click Apply to transfer the settings to the devices.