August 2013

ewidlitz's picture

Much is expected of access control systems in order to safeguard passengers and staff at major metropolitan transportation systems. Today’s IP-based, networked access control systems provide a centralized, web-based approach for monitoring all stations and site equipment in real time, while simplifying management and report generation.

IP-based access control meets a variety of important needs for metro rail and other transit operations. For instance, public transport system operators must be able to prevent unauthorized entry and closely manage access to all stations and electrical substations, as well as the parking lots and major facilities at metro line sections. The same systems must also protect equipment and staff at key locations including fixed plants, offices, equipment areas, machine rooms, and automatic fare collection (AFC) system management offices, as well as the central station, communications equipment rooms and many other public areas. It may also be important to centrally monitor all passage areas and key locations where equipment management facilities are housed. Finally, access control systems also must frequently span an extensive network, and accommodate cardholder information from various entry points using a wide range of access control rules that all must be transmitted to the central station.

IP access control provides an effective solution, by offering a centralized, top-to-bottom, web-based access control system with which to monitor all stations and site equipment in real time. Readers can be installed where needed, and connected to a network controller for central access management and report generation. All central management functions can be performed at the metro line control center, which consists of a central server, an access authority management station, a central station, and all associated system software. With this solution, the central station administrator can track and manage door access in all metro stations, improving flexibility and speeding response to network failures.

Meanwhile, controllers enable every metro station office to monitor its own system’s real-time status, entry records and card access information. Both the control center and station offices are connected to the central server via TCP/IP for data transmission. Remote computers can be deployed at high security level zones, with the administrator can manually controlling access. A controller is used for station access management, and if communication with the host is lost, each station control center can independently operate using a reader interface. In this way, metro station offices can work independently when they are offline with the central station.
Today’s IP-based, networked access control solutions fulfill the need for top-to-bottom management capabilities at metropolitan transportation systems. Administrators can track door access in all metro stations, check event logs and remotely control access to entry points. This approach assures maximum flexibility and the fastest possible response to network failures, with all operations protected by multi-layered security and fail-over support.

CSandness's picture

Optimal access card security requires a multi-dimensional approach for identity validation, and a multi-layered approach for the systems that are used to issue them.  The latest advances enable issuers to better protect the integrity of each credential, cardholder, and the overall issuance system.

Most ID card issuance systems rely on two-dimensional identity validation, which compares 1) the person presenting credentials with 2) a variety of identifying data that is displayed on the card.  The industry has evolved beyond a simple photo ID to including sophisticated elements that provide more trustworthy visual authentication while acting as deterrents against tampering and forgery.  These elements include higher-resolution images, holographic card overlaminates, and laser-engraved permanent personalization attributes on the cards that make forgery and alteration virtually impossible. 

Digital components, such as smart card chips or magnetic stripes, add a third security dimension.  In addition, expanded data storage on the card makes it possible to include biometric and other information, which further enhances the validation process.  Even with the most advanced techniques, though, security staff and law enforcement personnel must maintain rigorous diligence and training procedures in order to combat would-be counterfeiters who use advanced tools and materials to circumvent credential requirements.

In addition to protecting cards and cardholders, it is important to optimize the integrity of the overall issuance system through a multi-layered approach.  The first system security layer should limit unauthorized operator access to physical components. Electronic security is a critical second layer. Ideally, operator access to each printer is controlled via personal identification numbers (PINs), and print job data packets should meet or exceed advanced encryption standards to ensure system privacy, integrity and authentication to the final issuance endpoint. The third layer is to ensure automatic elimination of personal data on used print ribbon panels. Some card printers also include integrated sensors so that only authorized printers can use custom print ribbons and holographic card overlaminates.

Together, the combination of multi-dimensional card security with multi-layered issuance system security provides the best available defense against tampering, forgery and other fraudulent acts.  By following these practices, virtually any organization can cost-effectively raise the security of its credentials and issuance systems to the highest standards.