China's security prevention business began in the late 1970s of the 20th century. This has been the development for nearly 30 years. The access control management system (hereinafter referred to as the access control system), as a specialized field in the security system, has undergone various stages of conception, research and development, production, sales, use, and service. It has now become diversified, networked, and intelligent. An open system has gradually become one of the indispensable and constantly developing systems in the field of security. In recent years, the scope of use of the owners has not been limited to the word “safety,†and has been more manifested in the combination of man-machine integration, the integrated “intelligent management†of people, and even the subject of energy-saving and environmental protection management. 
Access control card system
The essence of the smart card system is to complete the device control system through smart card authentication. From the initial access control system, the smart card management system has gradually become a widely used one-card system. It involves almost every aspect of the operation and management of the unit. From the perspective of current applications, attendance, visitors, patrols, and meeting attendance have been derived. Many sub-system modules, such as consumer, item circulation, parking lot access, elevator control, etc., and with the expansion of requirements for personnel identity authentication and item certification, the application field of smart card systems is still expanding.
The construction of the card system is first to define the application scope and functions of the system, establish the application subsystem, and then choose a unified authentication medium, namely the selection of smart cards, and erect a unified one-card management platform. In this way, it can be ensured that multiple application subsystems share the same smart card, complete the basic data of all personnel in the system, and operate, store, and share the card reading information of each subsystem in a platform and a database to achieve access control, attendance, and The application functions of subsystem modules such as consumption. Unified with the smart card media, unified system platform is also an important indicator for the construction of the card system.
The card system platform centrally stores the cardholder's basic data information and card system operation data, and concentrates on the operation of the card system. The status in the entire system is extremely important. As an integral part of intelligent system integration, the card system should be an open system. The system platform can be linked and bundled in systems such as IBMS, BAS, and OA through OPC, SOCKET, and other standard interface protocols to achieve corresponding functional integration. Realize the linkage with the monitoring system, fire fighting system and equipment management system, and synchronize with the personnel data of the OA, HR and other unit operation management systems. For example: Through the data integration between systems, the basic data of cardholders in the card system can follow. Changes in relevant data of the human resources department are updated in a timely manner; the ERP system can obtain card attendance attendance information data in the card system in time.
Access control card system development
Access control is the most widely used subsystem in the card system. Since the introduction of the domestic system, the development of the system has expanded with applications. The user's understanding of the access control system has gone through many stages. At present, the requirements of users on access control systems are mainly reflected in the following aspects, such as whether the system is stable, whether it can support multiple types of cards, whether it supports various forms of authentication, compatibility with third-party systems, the speed of communication reaction time, and systems. How the architecture waits for several major aspects.
System stability requirements
When the access control system was first introduced into the market, the stability of the access control system was often not ensured due to various factors such as lack of technology. As a system directly integrated into daily management, frequent failure of the system caused many built-in access control systems to become furnishings. There is no effective role to play in anticipation, so the stability of the access control system is one of the key requirements for system construction.
The intrusion alarm and monitoring system is mainly to monitor the protection area from inside and outside space, and its security function is quite passive. The access control system is different from this. Its purpose is to verify the legality of personnel entering and leaving the protected area. It has considerable proactive defensiveness, and the requirement is to eliminate dangerous sources. This requires that the access control system must operate continuously and continuously for 24 hours a day, 365 days a year. Therefore, any failure point may cause the controlled channel to not be able to control properly, thereby causing loopholes in security. Therefore, one of the characteristics of the access control system is that the system must have extremely high reliability.
Taking a single control point fault as an example, it is also a 1% failure rate. A system with 10 access points will fail once every 10 days. With a 100 point access system, system failures will occur every day; a 1000-point system will Every day, managers face the embarrassment that controlled doors cannot be controlled, let alone thousands of extra large systems.
From the simple calculation of the above failure rate, it can be seen that the stability of the card system is crucial to the daily operation of the user. Moreover, with the ever-increasing scale of the system construction of the card, the complexity of the system and the system to the upper intelligent system, as well as the increasing requirements for the integration of lower-level subsystems, at present, the stability of the access control system and the data security indicators are still system construction. The key points and difficulties that the person must face.
Smart card diversity requirements
With the improvement of the system, the smart card is upgraded from the read-only serial number ID card to a logically encrypted IC card that can read and write the contents of the card sector, to the current CPU card similar to the computer storage information mode, and directly from the mobile phone RF- The SIM card replaces an ordinary smart card; it is upgraded from several centimeters of authentication distance to several meters, or even tens of meters or hundreds of meters. International standards for smart cards have also been introduced one after another. At present, commonly used smart card standards include ISO14443A/B, ISO15693, and ISO18000-6X.
The security and strong performance of the CPU card are recognized by the industry. To date, in the field of smart card applications, the CPU card file read authentication mode is the most secure smart card application mode. Since the disclosure of the Mifare1 card key was cracked at the beginning of 2009, the upgrade of smart cards has been accelerated. If the logical encryption cards such as Mifare1 and Legic are “hard disksâ€, then the current real-world autonomous encryption has card-independent data operations. The ability of the CPU card is a computer.
In addition, the emergence of composite cards allows users to feel more humane and simpler. For example, the combination of a CPU card and a 18000-6B/C card not only takes care of system requirements such as access control and consumption at short distances, but also satisfies the requirements for long-distance smart card authentication in systems such as parking lots and channel management systems.
Certification diversity requirements
With the development of user requirements and various types of smart card applications, the smart card authentication system has also been rapidly developed. Smart card authentication already covers ID, IC, and CPU cards. The mobile phone RF-SIM card certification also serves as a new type of authentication model and is incorporated into the category of access control certification.
There are generally two types of CPU card authentication, one of which is the format of reading the serial number. This is a disguised ID card mode, and cannot fully exert the advantages of the security and expansibility of the CPU card. Another kind of authentication is through reading the mode of the internal file of the CPU card, this way can utilize the powerful characteristic of the CPU card to the maximum extent, the access control system of the Shanghai World Expo adopts the internal file authentication mode of the CPU card.
Biometric authentication as a "portable" and "unique" authentication media, together with smart card media, has also been developed in the application of the one-card system. According to the conventional and high-end applications of the system, fingerprints, palm shapes, face images, irises, etc. Recognition and certification have been widely adopted according to different requirements and applications. However, due to the bottleneck of technological development, the biometric authentication model still has certain problems and difficulty in practical application in terms of stability, application cost, and system construction difficulty.
In addition, multiple authentication modes such as smart card multi-authentication, smart card+password authentication, and biometrics+card authentication are also applied according to different security levels and environmental requirements.
There are also some more special authentication models proposed by users, and gradually formed products, such as: SMS temporary authentication and voicemail authentication.
1. SMS temporary authentication: Internal users enter a specific number on the access control card reader. After the system server confirms, a random code is automatically generated and sent to the user's mobile phone in the form of a short message. The user then uses this temporary card number to implement authentication, open the door, etc. Function, and the temporary card number automatically expires after it is used once.
2. Voicemail authentication: The user dials the special control number of the card control center via the phone and operates according to the voice prompts. The system judges the user's specific code and the input password to achieve the authentication, and records the relevant events in the system for future inquiry.
In addition, the transmission mode of authentication equipment and card readers also changes with the development of system applications. From the initial single Wiegand communications, T2 and RS232 have gradually evolved. The construction of large-scale, super-large access control systems (200 points or more) has raised new requirements for system construction. To facilitate the debugging of large-scale systems and the maintenance of daily operation equipment, users generally require access controllers to be installed centrally. In weak currents, this means that the distance between the reader and the controller in the larger building will exceed 100 meters or even farther. The readers of communication protocols such as Wiegand and T2 with limited transmission distance can only be discouraged. The RS485 card reader with a transmission distance of up to 1200 meters was born.
System compatibility
In the construction of the access control card system, in order to achieve the perfection of the owner, as well as the individualized function and management requirements, it is often necessary to integrate with third-party systems, such as IBMS, BA, CCTV, fire-fighting systems, etc. The integration mode is software and hardware. .
The access control system and the fire protection system are integrated and operate cooperatively. When an emergency occurs, the controlled door should automatically open the electric lock. According to the fire control requirements, this action generally adopts the hardware mode of power-off and unlocking. Taking the system architecture of a certain American brand as an example, it directly connects the DI/DO linkage module to the RS485 bus of the access controller ACUD to complete the hardware linkage function.
The software model mainly uses standard communication protocols to achieve integration between systems. Standard communication interface protocols include ODBC, OPC, SOA, SOCKET, etc. Through these standard interfaces, data information is exchanged between systems to achieve related functional linkage. For example, the one-card system (attendance subsystem) can be used as an auxiliary system for the management system of enterprises and institutions. It needs to be integrated with personnel management and financial management and integrated with MIS and ERP systems. In medical organizations, the card system (consumer subsystem) can be integrated with the visit card system, cases, prescriptions, hospital management, and medical product management systems, and integrated with the HIS system. The demand for such functional integration is numerous.
