An appraisal of the contactless access control system and its future in the commercial and private sectors
Published on: 03/09/2020
By: Wing Chan
Contactless access control is a staple of the security industry and is used in institutions of all levels, from the education sector in areas such as libraries, firms that require personnel identification for entry, all the way to the military sector. A complex, secure system combined with simplicity of use and integration give contactless access control extensive leverage in the market. Contactless security access systems excel primarily in two areas when compared to other systems that require physical contact: convenience and efficiency. It can act as a multivariable key to open any door it has clearance to access without the user having to carry multiple keys or remember and input different codes. The second advantage is ease of use since merely placing the card (tag) near the reader (terminal) will generate a response with practically zero response time.
Current Usage of Radio-Frequency Identification
The contactless access control system is not a new mode of technology. Hong Kong has long since integrated it into their transportation infrastructure in the form of the Octopus smart card, which utilizes passive radio frequency identification (RFID). There are two parts to this system: a tag and a terminal. Embedded within the tag is a coil of wire (antenna), an energy receiving capacitator, and an integrated circuit (IC) chip which acts as verification between the tag and the terminal. When passing through a transportation gate, the tag interacts with a powered gate terminal via radio-frequency identification (RFID). The antenna coil receives the radio-frequency waves emitted by the terminal and resonates a matching frequency, while the energy stored in the capacitator is redirected to the IC chip, which sends information through the coil back to the terminal. If the information matches and is recognized by the terminal, the gate will open.
These systems also perform well in a security capacity. Each IC chip can be programmed with a unique identification number so a duplicate card cannot be easily fabricated. Modern renditions of the proximity card such as contactless smart cards also often possess additional layers of encryption to prevent hacking or tampering, minimizing the possibility of a security breach. Because of this, contactless access systems are branching out to provide digital access instead of just physical. Many credit card companies are using these systems as a form of payment for small value sales due to the security and ease of use they provide.
The Future of Contactless Access Control – Long Distance RFID
Current technology places heavy emphasis on convenience, which leads experts to look for breakthroughs to make contactless access control even more convenient for users. The end goal is to eliminate the manual card tapping process entirely through long distance verification, allowing authorized users to gain entry to a premises without having to engage in any further action. This prevents congestion and allows for fast and convenient access to areas that see large amounts of activity, such as buildings in the commercial sector. Developments are already being seen in multiple fields, but the technologies that will gain dominance in the security sector remain unclear. We examine a list of these technologies below.
High Frequency (HF) and Active RFID
If RFID is to engage in long distance contactless access control, the read range of the card with the terminal has to be increased. To do so, the coil must also be able to receive enough energy to reflect a signal back to the terminal. This is difficult to accomplish with smart cards such as Octopus or credit cards that use high frequency (HF) technology. The simple fact is that these cards are built for proximity in mind. Currently, smart cards use 13.56 MHz radio-frequency technology that only has a maximum range of 4 centimeters. Technical constraints exist insofar that the transmission reflection distance of the coil antenna scales directly with size. With HF, if the transmission range between the card and the terminal were to be one meter, the diameter of the card’s coil would have to be approximately half a meter, far too large to be practical in everyday use. Terminal energy emissions are also constrained by government regulation in concern for possible health issues for civilians[i].
Another method is to utilize an active RFID system, which makes use of an internal battery within the card to return a signal without having to rely on the terminal’s power source. Currently, the technology is already being used for applications such as the Hong Kong Autotoll system[ii]. However, its uses for personnel access are constrained because the internal battery makes the card too bulky to be stored and carried easily. Battery replacement is also an issue.
The above technologies are hindered by technological constraints that prevent it from being a convenient method of long distance building access control. However, there is another technology that has the potential for fulfilling this demand – ultra-high frequency.
Ultra-High Frequency (UHF)
UHF is a relatively new development in the security industry, operating within the 300 MHz to 3GHz range, with UHF Passive RFID typically operating between 860-958 MHz. It is conventionally used for radio communications or inventory management. In the security industry, UHF identification is mainly confined to vehicle identification when parking. What sets ultra-high frequency apart from low frequency and high frequency technology is that it can operate at high read ranges of 1 – 2 meters without compromising on antenna size. The short wave lengths emitted in UHF allows the antenna to be conveniently small. Despite these advantages, UHF RFID is not without its flaws. Because UHF is an emerging technology in the security sector, security protocols are not yet sufficient in preventing hacking and tampering. Despite this weakness, the significance of UHF cannot be understated. It is important to note that encryption is slowly being rolled out by several companies, and additional protocols may be introduced as it gains prevalence within the industry. UHF RFID remains a strong contender for achieving convenient and secure long distance contactless access control.
Video Analysis Recognition
CCTV facial recognition is another solution to improve convenience and efficiency, where access is given to authorized individuals whose facial characteristics match that of an internal database. The main concern is that of accuracy. Video analytics software is an undergoing development that is susceptible to false positives (verification of unauthorized trespassers) or false negatives (failure to recognize authorized personnel). Video analytics is quickly becoming more adept at correctly identifying and recognizing facial characteristics, but a single false positive would be enough to allow intruders into a premises - an unacceptable risk for institutions that cannot afford to compromise on security, although it may have a place in commercial institutions where these systems are seen more as a formality for registration purposes rather than strict security. Another issue is that of privacy, where personnel may be reluctant to have their facial characteristics recorded and stored in a database.
Bluetooth 5.0 and Beyond
Bluetooth is another candidate for the commercial use of long distance access control.
It operates at two frequencies – between 2.402 and 2.480 GHz, and 2.400 and 2.4835 GHz, which is categorized into the short range frequency spectrum. Since the technology is already supported in modern cellphones, it is an effective way of utilizing the existing network infrastructure without having to develop one from scratch. Bluetooth 5.0 for access control is seeing use in recent building developments, where users with authorized cellphones in proximity to the building’s network are granted access. This also means that users will not have to carry an additional card, as is the case with RFID. One negative setback to this is that access becomes reliant on cellphones, which are in turn limited by its battery. If a user’s phone does not function, access will not be granted.
It is important to note that contactless access control systems using RFID may be secure in a technical capacity, but they are not impenetrable. Human error is one weakness that can be exploited, and cards are susceptible to being lost or stolen. Tailgating is another, where trespassers exploit a still exposed perimeter by trailing behind authorized personnel[iii].
Tailgating is the most common mode of penetrating RFID security systems, where intruders take advantage of an exposed perimeter by following behind authenticated personnel. One solution for this is the placement of security guards at these access points to deter and detect potential tailgaters. Another solution may be to integrate CCTV facial analytics to act as recognition, and record, detect, and deny incidents from taking place. It is important to note that long distance RFID has two major disadvantages when compared to proximity systems like smart cards. First, long distance RFID is susceptible to hacking, since the reader has a longer response range, making remote hacking possible. Lack of encryption would make this system an easy target for hackers. The second disadvantage is that it would increase the risk of tailgating, simply because the access point will be exposed from a distance, making it harder for guards to identify authorized personnel from tailgaters. In situations where a large number of people pass through the access point, it would be nearly impossible to tell authorized personnel from unauthorized personnel. The implementation of two-factor authentication may be critical to mitigating this risk, with the first stage comprising a long distance authorization scan, followed by a second short distance intrusion system such as RFID installed on the barrier to confirm that the users are legitimate. If a potential tailgater follows personnel and obtains access to the perimeter gate but the second scan does not recognize a verified tag when they pass through the gate, an alarm will be generated and security personnel will be able to identify the trespasser.
Implementation into upscale infrastructure
Many architectural firms are expanding on the capabilities of the contactless access system to add sophistication and value to their properties. In Hong Kong, an increasing trend can be seen where contactless access control is used in tandem with other systems within the building. Some contemporary buildings are integrating the contactless access system from the entrance gates with elevator floor access so that the RFID identification process activates both the gate and the elevator simultaneously. The elevator is preprogrammed to travel directly to the corresponding floor the user is allowed access, limiting potential breaches to companies located on other floors. In the face of the current COVID-19 pandemic[iv], a contactless control system offers a simple but innovative solution to the question of hygiene. Since physical contact is unnecessary, people do not have to worry about contamination through direct contact with doors or elevator buttons.