Physical access control systems (PACS) have unquestioningly aided with managing the security of assets such as people, materials, and critical processes of commercial organizations in the past few decades. While the most important aspect of access control, granting or denying access, has not changed, the underlying technology of these systems definitely has. Manufacturers today utilize a wide array of new technologies and processes, such as cloud-based database servers in lieu of physical ones, support for the strongest card/cardholder authentication, and the ability to take full advantage of the organization’s IT infrastructure. Despite this, much of the PACS architecture of the past—imposing specific/custom hardware and some technology limitations—still persists. Next generation architecture is needed to reinforce the security so it aligns with IT capabilities.
Before organizations had widespread networks in place, their security systems were completely self-contained, with their functional processing abilities distributed throughout control panel hardware throughout the facility, thanks to limited processing power and speed. While computer power has increased to a level that is thousands of times faster than it was 10-20 years ago, a disconnect still exists between the capabilities that today’s PACS products provide and what current information technology can accomplish. For instance, traditional PACS architecture are piecemeal solutions that consist of costly third party devices and/or middleware rather than providing native support for software-oriented networked systems, strong mobile device authentication/interaction, standards-based role and attribute management, and IT management of endpoint device security.
The trend of “Bring your own device” (BYOD) in the workplace could be a useful resource to consider implementing—after all, if a smartphone can be used as a boarding pass at an airport, surely it could double as an electronic access card. There have been pilot programs established at corporations and universities with large campuses that enable users to securely store access credentials within the NFC (near field communication) chips in their smartphones in order to gain access to certain buildings, departments, and entryways, just like a standard contactless smart card. However, one of its drawbacks is that NFC is generally featured on the latest models of smartphones, requiring users with older technology to use NFC-enabled cases or purchase the latest flagship smartphone outright.
A potential solution takes advantage of a feature that is universal to all smartphones manufactured in the past 5 to 7 years: the camera. The smartphone is able to essentially become the reader rather than the credential; by scanning QR codes placed at each entryway—ideally those without heavy traffic—the smartphone is able to identify which door the user is attempting to enter and verify and authenticate access thanks to integration with network-based real-time presence technology, ultimately reducing much of the door hardware costs normally associated with traditional physical access control interfaces. Furthermore, for ultra-secure spaces, phone-based biometrics (such as a fingerprint reader) or a numeric PIN can provide additional two-factor authentication.
Migrating to next generation PACS architecture achieves a much lower total cost of ownership than what the hardware-centric current architecture provides due to no limits in its interface capabilities or scope of real-time operations. A shift to this software-based approach that leverages existing network hardware technology will provide native support for integration with systems dealing with identity management, cloud computing, secure authentication, and other emerging access technologies that may develop.