New Technology: Keypads, Card Readers & Scanners

The locksmith has an ever-growing selection of solutions to help his clients achieve their desired level of security. Like all sectors of the security industry, keypads, card readers and scanners have evolved and new and improved options are available. The technology includes:

Standalone self-contained mechanical keypad with integral locking mechanism. This has been the standard for standalones for decades. The biggest drawbacks are they only provide a single user code, and may require a fair amount of mechanical dexterity to change the user code.

Standalone self-contained electronic keypad with integral locking mechanism. What used to be the new breed of access control isn’t so new anymore. Major benefits are individual user codes and easy reprogramming. Some models support programming with PDAs. Database resides on PC or laptop. Some end-users do not like the fact that these devices typically are battery powered. Many models may be hard-wired for power.

Standalone self-contained electronic keypad with cardreader with integral locking mechanism. Similar to the keypad only, this type of standalone offers features formerly available to networked (on-line) access control. Some permit automatic unlocking controlled by an internal schedule. Some products allow user codes and credentials to be placed in time zones, to restrict access. Some units allow the criteria for access to be changed according to a schedule. For example, during the day, only a code would be required, while after hours, a credential and a memorized code are required for entry.

Mechanical key switch which controls an external locking device. High security cylinders and proprietary keyways, along with interchangeable cores, have revived the key as a viable access control credential. Combined with cameras and a perimeter security system, they can provide tailor made security for many situations.

Locking mechanism with integral manual and/or electronic control/override. Included in this category are specialized gate locks, deadbolts, electrified levers, and similar devices.

Standalone electronic keypad which controls an external locking device: These devices store the valid codes internally, but produce an output to control external equipment.

Standalone with network connection: These units have the ability to operate with or without an on-line network connection. Some offer the option to remotely unlock the door. The network connection allows managing (adding and deleting) valid users and obtaining activity reports. Some provide real-time reporting of access and or exceptions (propped doors, forced doors, or invalid credentials).
Editor’s Note: The term “network” can refer to a dedicated hard-wired circuit which interconnects all elements of the access control system. RS-485 is a communications standard often used for security applications. “Network” can also refer to the ubiquitous Ethernet or Wi-Fi topology. Other wireless topologies include protocols such as Zigbee and Bluetooth all of which are entering the security marketplace. Stay tuned to The Locksmith Ledger for updates on new products employing these various network topologies and protocols 

Reader keypad that interfaces with controller. These are classic cardreaders and keypads. They do not store any data; just provide the user interface to the access controller.  Cardreader and keypads interface with the controller using protocols such as Wiegand or Clock & Data. 

KEYPADS GO BIOMETRIC
Scanners are devices used in biometrics to measure the biometric trait of an individual and process it for access control purposes. Finger scanners are gaining popularity because they provide a convenient and secure means of controlling an opening at a relatively low price point, as compared to other biometric technologies. The biometric trait (for example the user’s fingerprint) is scanned into memory and is used as a template to which individuals requesting access are validated.
Biometric access controls may store the templates locally at the door, or in a database somewhere on the network. Templates can also be kept on a smart card or an adhesive patch attached to something carried by a user. The user must present both the credential and his or her finger at an entry point when attempting access.
Storing the template at the door offers the advantage of being able to continue to operate if connection to the network is interrupted.
When biometrics are combined with a credential, or the finger scan is indexed with an individual user ID, the biometric comparison is described as one to one (1:1). When a fingerscan is compared to a larger number of stored templates, the process is referred to one too many (1:N). Processing time and reliability may be affected by which method is employed. Comparing a fingerscan to a large database of templates may take longer to process than a one to one comparison. The criteria of the comparison (algorithm used to perform the comparison) may be tuned to the topology of the system, yielding less desirable ratios of False Positives (granting someone who is not authorized access, or false negatives (denying access to someone who is authorized).
Using PINs in conjunction with credentials or biometric templates is referred to as multiple factor authentication, and doing so enhances security dramatically. While it is true that nothing is more secure than an individual’s biometric template, variables such as the algorithm used, hardware issues and user acceptance may affect the success of a biometric deployment.
Accuracy is vital to the acceptance of the biometric type chosen.
The two issues associated with biometrics are false positives, False Accept Rate (FAR), and false negatives, False Rejection Rate (FRR). These occur as the biometric system inputs the biometric signature of the user and attempts to compare it to a template which is either stored in the terminal or resides in a network connected database. These numbers represent a statistical probability that one of these will occur, and the ratio is parameter set by the designer of the algorithm.
FAR ranges from .0001% to 0.1%. FRRs vary from .00066% to 1.0%.
Setting the system to produce a very low rate of false accepts usually causes a higher rate of false rejects. The application determines the acceptable levels of false accepts and false rejects. Since it is virtually impossible to individually verify these stats, it is best to stick to reliable known manufacturers who adhere to recognized industry standards.

ZODIAC-LITE
The Zodiac-Lite is Cansec’s basic biometric product, meaning that it supports the fewest number of templates (90) and does not support some of the higher network functions, of other Zodiac models.
Cansec’s access control solutions range from single door, stand-alone card access systems to fully-featured and integrated solutions for controlling access to multiple facilities with complex requirements.
Zodiac-Lite can operate in many different configurations. It can connect to a Cansec SmartLock Controller, be used with a Cansec Door Control Module to operate an external electric lock, or serve as a smart Biometric Reader with Wiegand output to an access controller of your choice. Features include:
Use with a door control module to create a completely stand-alone door access control system
Stand-alone system eliminates need for cabling or PC
Enroll and manage up to 90 users right at the reader using the hand-held programmer
Stores up to 90 user templates (both primary and back-up fingers)
No credentials required
No PIN means easier access for users
Offers the rigorous security of biometrics
Ideal for retrofit – upgrade proximity to biometrics in as little as 5 minutes
I recently had a retrofit application for a computer room door. The rest of the facility used networked controllers and traditional credentials. The IT manager decided he wanted biometrics for the Computer Room. He said it would be preferred if no credential or PIN would be required at the door in order to gain access, and only his IT staff would have access to the room.
Programming and enrollment functions are performed at the Zodiac Reader using the ZODIAC Hand-Held Programmer. The system is provided with five i-Button type bypass credentials which can be used for individuals whose fingerprints are not suitable, or just as a means to override the biometrics. Whether you use a finger or a fob, the ZODIAC produces a unique string of HEX data to your access control system, for logging, adding or deleting the individual, just as you would any other credential.
The Zodiac scanner continuously looks for fingers to authenticate. This produces a red stroboscopic light to emit from the finger scanner. The user simply places their finger on the scanner for quick access to the door or device being controlled.
Information: www.cansec.com.

ESSEX  PPH-PRO-103
I retrofitted two HID Edge Solo ES400 controllers to existing readers and electric strikes for a client last year, and they recently called and asked if I could upgrade one of the doors to use a keypad in conjunction with the HID reader.
The Essex PPH-PRO-103 Reader Keypad combines an Essex keypad with a specially designed HID reader to create a keypad/ reader that Essex offers separately or with a HID Edge.
The HID Edge is a pint sized access controller that provides network manageable access control which can be located right at the door being controlled. Some of the versions of the Edge are supplied with an integral HID Prox reader. So far I’ve used the ES400 Edge Solo, which is just the controller which can be paired up with your choice of reader.
With the HID Edge ES400, you add a reader, a power supply, and an electric locking device, and you’ve got an access control system. The HID Edge connects directly to a computer or a network. You connect to the Edge, configure and program it, then either leave it connected to the network and open the application to manage the system, or leave it on to view access activity in real-time.
You can also program in the credentials and then take you laptop with you when you go; and charge the client for a service call or service contract to return when a credential needs to be added or deleted. The clients for whom I have provided HID Edge are quite content to manage their own systems, and simply call when they need additional prox FOBs, or as was the case here, a system upgrade. I fabricated a custom backbox for the reader/keypad, and wired up the new reader/keypad same as the old reader.
We powered up, and the existing credentials still worked as anticipated. I told my client to pick out a PIN, enter it into the keypad and then press the # button. (Pressing the ‘#’ button sends the data string to the Edge. On the Edge Solo Activity Screen, the corresponding raw hexadecimal for that particular PIN is displayed. The customer then simply creates a user and applies that raw HEX as the credential and you’re done. The only constraint is the range of possible PINs.
PINs can be any length up to five digits and they cannot represent over 65,350. (So 6-5-3-4-9 is allowed, but 6-5-3-5-1 isn’t).
Information: www.keyless.com.

ROSSLARE ACQ-44
Another recent project was a retrofit for a keypad controlling the employee entrance for a department store down at the mall. Everything was there: a beat up useless old keypad, low voltage power supply and an electric locking device.
In this economy, some clients are pretty frugal. I wanted to provide an immediate solution at a reasonable cost to the customer without necessarily eliminating the possibilities of a future upgrade to a credential-based solution.
I supplied the Rosslare ACQ-44. The client loved the touch sensitive keypad, and when the economy recovers, I’ll suggest they transition to credentials for their door. Rosslare has been around for as long as I can recall, and they offer great value products at competitive prices.

Information: www.rosslaresecurity.com.
About the Author

Tim O'Leary

Tim O'Leary is a security consultant, trainer and technician who has also been writing articles on all areas of locksmithing & physical security for many years.