Selecting Access Control Readers 2013By: Brian Rhodes, Published on Jan 01, 2013
Given the variety of types available, specifying access control readers can be a daunting process. However, focusing on a few key elements will help you arrive at the right product no matter which system you are using. These include:
- Credential Type
- Mounting Surface
- Read Range
- Infrastructure Requirements
- Protocol Support (Wiegand vs. OSDP)
In this note, we address these attributes, explain how they are different, and help users understand which reader is the ideal choice for their application.
The first attribute that defines card readers are which credentials they are designed to read. For existing access control applications, the credential type has already been established and in use. Systems in service for more than 20 years may use non-standard credential types and may require specific readers from the original manufacturer as a result. More modern systems are equipped to read several credential types, so taking an accurate inventory of the various formats in use is a critical step.
Credentials often double as picture IDs, and frequently take the form of cards. However, credentials can take several forms - see our Access Credential Form Factor Tutorial for more details. The following list details the major types of credentials used in modern access control systems:
- Standard Proximity: The most common credential types in use require the holder to wave the credential near the reader, but not make contact with it. These credentials can be read through wallets, pockets, and glass - and they are commonly used in ID cards, keyfobs, and windshield stickers.
- Smartcard: The newest type of card includes an onboard circuit chip (ICC) that offers higher encryption, more storage, and data rewriting capabilities. Facilities using this advanced credential often use one card for multiple systems, including logical access and payment cards.
- Barcode/Magstripe: While quickly becoming obsolete in the face of standards like FIPS-201, older access systems may still use these credentials. While convenient to program and inexpensive to issue, magstripe/barcode based credentials lack the security of other options and can be copied or spoofed easily. In addition, the durability of these credentials is not well suited for commercial use, as even mild degaussing or cosmetic scratches can impact reliability.
- Multiple Technology: These types of credential blend two or more of the listed types in a single credential. While more expensive, these types are the most flexible since they can be used with several different systems and can be provisioned from one database.
Identifying the specific mounting location for the reader is the next step - while many readers are 'multipurpose', more advanced types (especially biometric combo units) are not suited for every location. In the following section, we address the most common mounting locations, and identify the variables for specify the correct readers:
Outdoors/Indoors: Like most electronic devices, the units intended for mounting outdoors must be sealed against moisture and protected against freezing. Readers are commonly available in 'potted' varieties, where the internal electrical components are sealed in resin to prevent contact with moisture. Confirming a reader is suitable for outdoor use is frequently noted as 'potted' on datasheets, which departs from industry standard IP ratings. Furthermore, the actual appearance of the reader may not change between potted/nonpotted varieties.
Wall Mount: The most basic orientation for mounting readers is on the wall nearby the controlled opening. While smaller readers may be designed to mount directly to drywall or masonry with simple screws, heavier readers may require additional brackets. Wiring harnesses can be directly pulled through bored holes in walls, or otherwise may be terminated in single-gang junction boxes - in this case, the reader is frequently mounted directly onto a junction box cover plate.
Mullion Mount: Where glass is adjacent to openings, or where control cabling cannot be fished through wall construction, a common solution is mounting readers onto hollow door frames. Because the mounting surface is typically metallic, insulating gaskets and shielded cabling may be required. These readers are identifiable by their thin profile, often only a few inches wide. Even through these readers are narrower than typical wall-mount types, they are available in the same read-ranges and offer the same multi-factor (eg: biometrics, keypad) options.
Bollard Mount: Readers used for gate/parking lot applications are frequently mounted on metal or concrete posts outdoors. These devices typically need longer read ranges than door mounted types, since the credential can be feet away within an automobile or windshield mounted. While these readers are typically connected to access controllers the same as other readers, they may require extra power supplies and cable shielding/grounding. These type of readers may also require the use of media converters or other expander modules to increase their communicating distance to controllers.
Turnstile Mount: One of the most challenging mounting locations for a reader is on a turnstile - not only are these units typically outdoors, they are frequently exposed to thermal shock, UV exposure, and impact force. Standard outdoor readers may require frequent replacement. As a result, ruggedized / vandal resistant readers [link no longer available] are recommended for turnstile applications.
Determining the distance a card reader is needed to detect a credential is the next step. Understanding the space between the reader and the controlled opening is critical - not only does it take time to physically travel from a reader to open a door (especially with wheelchair accessible openings), the standoff distance between a gate reader and an automobile may require special consideration.
Credential readers are typically available in three roughly defined distances. Each manufacturer defines the exact distance differently, and the range is typically influenced by mounting environment, interference sources, and line of sight. The standard breakdowns are:
- Short: these units read anywhere between close contact and 6" - 8", and are found located immediately adjacent to doors on mullions or walls. Power for these readers can be typically drawn directly from the controller without extra power supplies.
- Medium: readers in the class generally reach between close contact and 32" - 48", and are suited for use in parking lots and on bollards or posts adjacent to doors. These units feature different antenna coil configurations, consume more power than short range readers, and typically cost more.
- Long: units falling in this range typically work between 2 feet and up to 30 feet. Because of the extreme distance, readers in this category must be mounted with the same considerations as wireless networking equipment: physical line of sight must be maintained, adjacent wireless systems can be sources of interference, and reader orientation is critical for credential detection.
It is important to note that not all credential types have all range selections available. Less common credential types may not have the selection of 'long range' readers available, and credential formats commonly used in Europe may not be licensed for free use in the US, and vice versa. Consider this NEDAP 'long range' reader - it is one of the only long range MiFARE readers available.
These readers accept more than one credential type, required for high security applications or to offer users credential flexibility. For example, a common multifactor unit combines a proximity card reader with a keypad, so if a user forgets or misplaces a card they are still able to key a code for entry. Combination 'multifactor' units often combine card credentials with biometrics like fingerprints, retinas, or palm prints.
With additional 'factors' come additional credential overhead, including biometric databases that often are independently maintained from the access control system. The speed that multifactor readers process additional credential factors often largely is affected by the total number of records that must be searched, and the degree of confidence a credential must have to be validated.
While most EAC systems integrate readily with basic keypad code readers, compatibility with biometric readers or high security components (eg: Hirsch Identive Scramblepad [link no longer available]) is subject to individual access control systems.
The other factor to consider is what utility or secondary resources are required at the opening. Reader infrastructure aspects to consider include:
- Power: Most readers are designed to operate on 12VDC/24VDC and even PoE, but ruggedized and long range types may require different utilities. In general, readers are low current draw devices, typically pulling only milliamps. Some types of 'stand alone' readers operate from battery packs and require no outside power connection.
- Data: Most readers are connected to controllers with UTP or 18/6 cable, but individual reader types may require non typical wire gauges or special features like drain cables or shielding. Wireless variants, typically using a point to many point transceiver system, are especially popular in low-cost and non-high security applications. Frequently, data cabling is grounded or shielded to prevent interference from corrupting data exchange between reader and controller units.
- Secondary Means of Security: While not a traditional infrastructure component, an often overlooked feature is a backup method of securing the opening. Because most backup power systems have a finite battery life, and some hardware lock components cannot have backup power (eg: maglocks), a mechanical lock and key must be installed. Managing and maintaining this hardware is not expensive, but the only occasional use of these locks require a well organized and managed key control system.
- Intercoms/Cameras: Finally, while not essential, secondary systems like intercoms and video surveillance cameras can help identify those requesting assistance or entry without system credentials. Invariably, a credential holder forgets or loses a credential and does not realize this fact until standing at the controlled opening. Having an intercom available allows security staff to communicate with a someone lacking credentials, without compromising area security by permitting access to secure areas.
Protocol Support (Wiegand vs. OSDP)
A reader's output option must be compatible with the controller. Both devices must support Wiegand or OSDP, or direct reader interface compatibility for proper operations. Readers are only useful when compatible with the larger access system, specifically the door controller. For many years the standard interoperable communication protocol between readers and controller has been
For many years the standard interoperable communication protocol between readers and controller has been Wiegand, an interface that predates modern serial or TCP/IP communication. Since the early 1970's Wiegand was use to standardize reader outputs in a way that controllers could interpret, regardless of manufacturer.
However, Wiegand has some weaknesses that are only amplified in the modern era. Lack of encryption, unidirectional transmission, and the physical limitations on transmitted data size have been far outpaced by modern credential and access system design. As a result, a new standard protocol called OSDP is being promoted my leading access companies. See our
Our Wiegand vs OSDP note has deeper technical details, but the primary advantage of OSDP is better device manageability, status monitoring, and data handling than the old Wiegand protocol. At the current time, adoption of Wiegand is widespread and common, with OSDP much less so. However, this is changing, with most manufacturers offering new product supporting the protocol and plans to expand it in years ahead.