Wednesday, November 20, 2013

Access Control Glossary



Many of our customers have asked for a glossary of terms related to access control. I have combined several glossaries to make this cover a broad range of terms. If you need a definition that is not listed here, let us know and we will make every effort to add it to the list below. This glossary will also be posted on our website in the “Education and Resource” section.



Access Control Glossary

125kHz
Radio transmission operating at 125 thousand cycles per second. This technology has historically been the standard for proximity cards/readers
128 Bit AES
A specification for the encryption of electronic data using a 128 bit symmetric key algorithm
13.56MHz
Radio transmission operating at 13.56 million cycles per second. This technology has historically been the standard for smart cards/readers
26 Bit Format
The most common data format for RFID badges. It consists of 4 components. Even Parity (1 Bit), Facility Code (8 Bits), Card # (16 Bits) and Odd Parity (1 Bit)
3DES (TDEA)
Triple DES is a specification for the encryption of electronic data which applies the data encryption standard three times to each block.
access control
Controlling entry of people into buildings, rooms, and racks, and controlling the use of keyboards and equipment, by the use of automated devices that either read information stored on an object such a card (what you have), receive a code or password (what you know), or recognize a physical trait by biometric analysis (what you are).
access credential
A medium that contains encoded information, such as ID cards, key fobs, & smart chips
access level
A logical group of doors paired with a time schedule used to determine when and where a card is granted access.
access point
A place along the perimeter of a secure area where there is a door/gate/portal and some type of access control method to screen users attempting entry to the area.
ADA
Americans with Disabilities Act
AHJ
Authorities having Jurisdiction
alarm input
A monitoring point on a panel that checks the status of a device, typically digital (open/closed). Thru the use of resistors, they may also monitor a normal/alarm/short/open.
alternating current
An electric current that reverses its direction regularly and continually. The voltage alternates its polarity and direction of current flow negative to positive. AC current increases to a peak, decreases through zero and peaks in the opposite
direction. AC current flows back and forth in the conductor and is expressed in cycles per second or Hertz (Hz).
ambient temperature
The temperature of the air in the immediately surrounding environment.
ampere (A, amp)
The unit of measurement for the rate of electrical current flow, characterized by the symbols ' I ' (in Ohm's law formulas) or 'A.' One ampere is the current flowing through one ohm of resistance at one volt potential.
ampere/hour (AH)
A measurement of a battery's capacity. One ampere of current flowing for one hour equals one ampere/hour.
annunciator
An audible and/or visual signaling device.
ANSI
The American National Standards Institute (ANSI) is a private, non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system.
anti-collision
The process built into an RFID system that protects multiple cards from being read at the same time when within the readers RF field.
anti-passback
refers to a systems ability to track an individuals in/out status at a facility, typically through entrance and exit card readers. Once a person has entered, they cannot enter again until they have exited.
API
Application Programming Interface is a source code interface that is provided in order to support requests to be made by other computer programs and/or allow data to be exchanged.
audit trail
A record of transactions that can be used by an interested party to trace an access control activities during a specific time period.
availability percentage
A calculated prediction of a system’s percentage of “uptime.” For mission-critical facilities, the goal is “five
"nines” or 99.999% – less than 5 minutes of downtime per year.
bandwidth
The amount of data a network can transport in a given time period.
bar-code card
A type of access control card that uses an array of machine readable bars and spaces to represent the encoded information such as card number.
barium ferrite card
A type of access control card that uses a pattern of magnetic spots to store information; read by laying flat on a
reader. Also called a “magnetic spot card.”
biometric lock
A lock that is controlled by a biometric scanner, such as fingerprint, hand geometry, retina identification, etc.
biometrics
Establishing personal identity verification using technology to measure a physical or behavioral trait – for example, a fingerprint.
BOCA
Building Officials and Code Administration international
card reader
A device which interprets coding resident on or in a credential.
cipher lock
A lock that is opened by pressing its buttons in a specific sequence. It differs from a coded lock in that it typically has only 4-5 buttons, and each button can only be pressed once. The cipher lock was the mechanical precursor of today’s electronic coded lock with a telephone-like keypad.
coded lock
A lock that is opened by typing a code on a keypad.
contact smart card
A smart card that must make contact with the reader. Compare with contactless smart card.
contact
Electrically conductive points, or sets of points, used to make or break an electrical circuit mechanically.
contact rating
Maximum load rating of a switch, stated in voltage and/or current.
contactless smart card
A smart card that uses RFID technology to enable its use without physical contact with the reader. Maximum distance from the reader is either the proximity range (10 cm. / 4 inches) or the vicinity range (one meter / 3 feet) depending upon which of two RFID standards is used.
continuous duty
Refers to a device or a control that can operate continuously with no off or rest periods.
credential
A medium that contains encoded information, such as ID cards, key fobs, & smart chips
data0 (DO)
One of two data lines in Wiegand communications. Data0 (D0) represents the binary”0”.
data1 (D1)
One of two data lines in Wiegand communications. Data1 (D1) represents the binary”1”.
decibel (db)
An increment of measurement used to compare measured levels of sound energy (intensity) to the apparent level detected by the human ear. A sound that has 10 times the energy of another sound is said to be 10 decibels louder; 100 times the energy is 20 decibels louder; 1,000 times the energy is 30 decibels louder and so on. Decibel levels are correctly expressed as the number of
decibels at a measured distance from the sourse of sound (for example, 125dB at 10 feet).
delay on break
A term used to describe a mode of operation relative to timing devices. The delay begins when the initiate switch is opened (delay on break of initiate switch)
delayed egress
An irreversible time delay built in the locking device of an opening preventing immediate egress.
DIP switch
A miniature switch typically used to program, set, or change circuit functions. DIP is an abbreviation for the dual-in-line package which houses the switch.
depth of security
Concentric perimeters of security having different or increasingly stringent access methods. An inner area is protected both by its own access methods and by those of the areas that enclose it and must therefore be entered first.
DIP switch
A device consisting of miniature toggle switches in rows and numbered. It is intended to allow electronic equipment users to change characteristics of the equipment.
double pole/double throw
A term used to describe a switch or relay output contact form (2 form C) in which two separate switches are operating simultaneously, each with a normally open and normally closed contact and a common connection. This form is used to make and break two separate circuits.
dry contact
metallic points making (shorting) or breaking (opening) a circuit.
egress
The act of going out.
encryption
The reversible transformation of data from its original form to a format which is difficult to interpret. This is a mechanism to protect the confidentiality and integrity of the data and insure integrity. Encryption requires use of an algorithm and one or more encryption keys.
electric strike
An electric door locking device (usually solenoid-operated) that will unlock the door when electrical power is applied to it. A fail-safe configuration will operate in the reverse condition (i.e., normally locked when power is applied and unlocked when power is interrupted.)
electromagnet
A coil of wire, usually wound on an iron core, that produces a strong magnetic field when current is sent through the coil.
end of line resistor (EOL)
Resistance in a supervised circuit, usually at the farthest point from the alarm control unit, restricting the flow of current to a known value which is monitored. Shorting the circuit in an attempt to bypass protective devices in the loop (i.e., door contacts) will create increased flow of current and cause an alarm. Opening (breaking) the circuit also triggers an alarm if the system is armed, or a supervisory signal, if the system is disarmed.
facial geometry
One of the physical traits that can be measured by biometric technology – the relative position of eyes, nose, and mouth on the face.
false acceptance
In biometric identification, the erroneous result of identifying someone who isn’t in the database of known people. It is one of two ways biometric identification can fail; the other is false rejection.
false rejection
In biometric identification, the erroneous result of failure to recognize a known person. It is one of two ways biometric identification can fail; the other is false acceptance.
FAR
False Acceptance Rate. For a biometric device, the percentage of readings that are a false acceptance.
fail-secure
A term used to describe an electric lock that has a mechanical state of being locked and requires power to unlock it. Also known as electrically unlocked.
fail-safe
A term used to describe an electric lock that has a mechanical state of being unlocked and requires power to lock it. Also known as electrically locked
FIPS
Federal information processing standard
FIPS201
Federal information processing standard for personal identification verification (PIV)
form C relay
A switch mechanism which contains three terminal points: Open, Closed, Common.
format
The way that the information (parity bits, facility code and card #) is organized on the credential.
FRR
False Rejection Rate. For a biometric device, the percentage of readings that are a false rejection.
gateway
A device for providing isolation and control of the flow of information between a computer and authenticated devices on the network.
ground wire
An electrical conductor that leads from a device to an earth ground connection.
hand scan
A technique for biometric identification that measures three-dimensional hand geometry – the shape of the fingers and the thickness of the hand.
hertz (Hz)
The international unit of frequency equal to one cycle per second; named after the German physicist Heinrich Rudolph Hertz (1857-94).
homerun
A wiring method in which each device has a separate wiring run to the control panel.
host computer
A computer that primarily provides services such as computation, data base access, or special programs and/or services.
HSPD
Homeland Security Presidential Directive
HSPD12
Homeland Security Presidential Directive calling for a mandatory government-wide standard for secure and reliable forms of ID issued by the federal government for access to federally controlled facilities and networks..
iButton®
A microchip similar to those used in smart cards but housed in a round stainless steel button about a half inch in diameter, which can be attached to a key fob or jewelry. iButtons are extremely rugged, but are not available with RFID technology for contactless use.
IC
Integrated circuit
IFPO
International Foundation for Protection Officers. A non-profit organization founded for the purpose of standardized training and certification of protection officers. Its Security Supervisor Training Manual is a reference guide for protection officers and their employers.
I/O
Input/output
infrared shadow card
A type of access control card that has a bar code sandwiched between two layers of plastic. The reader passes infrared light through the card, and the shadow of the bar code is read by sensors on the other side.
induction
An influence exerted by a charged body or by a magnetic field on neighboring bodies without apparent communication; electrifying, magnetizing, or inducing voltage by exposure to a field.
inrush
The initial surge of current through a load when power is first applied. Lamp loads, inductive motors, solenoids and capacitive load types all have inrush or surge currents higher than the normal running or steady state currents. Resistive loads, such as heater elements, have no inrush.
interlock
A system of multiple doors with controlled interaction. Interlocks are also known as lighttraps, airtraps, mantraps and sally-ports. (See safety interlock, security interlock.)
intermittent duty
A solenoid designed to be energized for short periods of time. Continuous operation may damage an intermittent duty solenoid.
iris scan
A technique for biometric identification that maps the pattern of colors in the iris of the eye.
ISO-14443
A series of international vendor independent standards for proximity RFID that establishes guidelines for two types of smart cards (A & B). The most common application requires a read within 4 inches of the reader and includes Classic MIFARE, EV1, DESFire and PIV.
ISO-15693
A series of international vendor independent standards for vicinity RFID that establishes guidelines for smart cards that can read up to 1.5 meters.
Keyfob
specific form factor of credential that generally refers to a hard plastic disk that is carried on a key chain.
LAN
Local area network
levels of security
The range of security protection, low to high, provided at concentric perimeters – the least secure at the outermost perimeter (such as entry to the building) and the most secure at the innermost perimeter (such as access to a rack).
light emitting diode (LED)
A diode, a solid-state device, that gives off virtually heatless colored light when electric current is passed through it. LEDs are very efficient and long-lasting and are often used for digital readouts and annunciators. Common colors include red, green and amber.
line drop
A voltage loss occurring between any two points in a power or transmission line. Such loss, or drop, is due to the resistance, reactance or leakage of the line.
linking
When an input changes the state of an output.
macro
A defined set of actions or commands that will be executed based on a trigger event.
magnetic stripe card or magstripe card
A type of access control card that uses a magnetic strip to store information; read by inserting or swiping through a reader.
manageable device
Able to be monitored and controlled remotely. Manageable access control devices can communicate with a remote management system for monitoring (who’s coming and going and when), control (configuring the device to allow access to certain people at certain times), and alarm (notification of repeated unsuccessful access attempts or device failure).
mantrap
An airlock-style arrangement having secured doors for entry and exit, with room for only one person between the doors. It is a solution to the security loophole called piggybacking or tailgating, in which an unauthorized person freely passes a security checkpoint by following an authorized person through an open door.
masking
Hiding or suppressing alarms which do not need to be viewed.
meantime-between-failure
A prediction of the time interval between system failures. Should be measured in thousands of hours/possibly years.
MIFARE®
A contactless and dual smart card chip technology produced by NXP that is fully compliant with ISO-14443.
mission critical facility
A facility that must operate 24/7/365 regardless of availability of power/water/fuel/etc. Examples would be corporate data center, 911 dispatch, military facilities.
multi-technology credential
A credential that contains two or more technologies (i.e. proximity, smart card, magnetic stripe).
multi-technology reader
A reader with the capability to read two or more card technologies (i.e. proximity, smart card, magnetic stripe).
NCPI
Network-Critical Physical Infrastructure. Elements of a data center’s physical infrastructure (as distinguished from IT infrastructure such as routers and storage managers) that contribute directly to availability by ensuring uninterrupted operation. NCPI includes power, cooling, fire suppression, and physical security.
NEC
National Electrical Code
need to know
A very high level of security, with access restricted to people who have a specific, immediate need to be in the secured area (for access to particular data, for example), with access only allowed for the time period during which that need exists.
NIC
Network interface card
NO/NC
Normally open/normally closed, refers to the normal circuit state of a switch/relay
OHM
Unit of electrical resistance. One OHM is the resistance which allows one ampere of current to flow through a conductor at one volt.
PAC
Personal Access Code. Another name for PIN (Personal Identification Number) – a code or password that identifies a user at an access point.
PIN
A code or password that identifies a user at an access point.
PIV
Personal identification verification
physical security
Protecting physical facilities from accidents or sabotage caused by the presence of unauthorized or ill-intentioned people. A physical security system includes access control devices for automated screening at entry points, plus a sensor-based alarm system. Additional protection may include camera surveillance and security guards.
piggybacking
The security breach that occurs when an authorized person, having unlocked a door using legitimate credentials, holds the door open for an unauthorized person to follow through the checkpoint with no credentials. (A similar breach is tailgating, where the unauthorized user slips through undetected behind the authorized user.)
proximity credential or prox card
An access control card that has an onboard RFID transmitter/receiver, allowing it to communicate with a reader from a distance of up to one meter (3 feet). Typically 125KHz frequency.
proximity smart card
A smart card that has RFID technology in its chip, so that it can communicate with the reader from a distance of up to 10 cm. (4 inches). Also called a contactless smart card. Typically 13.58MHz frequency.
rectifier
A solid state electrical device that will allow current to flow in one direction. It is designed to convert AC current to DC current.
relay
An electrically controlled device that opens and/or closes electrical contacts.
resistor
An electrical component that provides a defined amount of resistance.
retinal scan
A technique for biometric identification that maps the pattern of blood vessels in the retina of the eye.
REX
A request-to-exit device used as an input on an access control system to signal authorized egress.
RFID
Radio frequency identification. Communication between card and reader without physical contact. RFID technology is what makes proximity cards, vicinity cards, and contactless smart cards work. The RFID chip is powered by an electromagnetic field from the reader.
safety interlock
A multidoor system in which all doors are normally closed and unlocked. Opening any door will lock all other doors
security interlock
A multidoor system in which all doors are normally closed and locked. Opening any door will will disable the door releases of all other doors.
SDK
Software Development kit
Shunt
Length of time that an input will be masked.
single pole/double throw (SPDT)
A term used to describe a switch or relay contact form (1 form C) that has a normally open and a normally closed contact with a common connection.
single pole/single throw (SPST)
A switch with only one moving and one stationary contact, available either normally open (NO) or normally closed (NC).
smart card
A type of access control card that stores information in a microchip. The chip not only stores data, but can perform computation and exchange data with the reader. It is read by touching the card to the reader so that the electrical contacts line up. See also contactless smart card.
smart media
Small objects of any shape that contain the same type of chip used in a smart card. Smart media are typically small objects (tokens) that can be attached to a key ring or worn as jewelry.
social engineering
The use of ordinary guile and deceit to con people into relaxing security procedures – for example, such as revealing passwords, lending keys, or opening doors.
switch, maintained
A switch that, when activated, maintains its activated position until it is
unactivated.
Switch, momentary
A switch that, when activated, automatically returns to its original position
afterwards.
tailgating
The security breach that occurs when an unauthorized person slips past a checkpoint undetected, by following an authorized user through an open door. (A similar breach is piggybacking, where the authorized user is complicit and holds the door open.)
tamper
A digital input which monitors the status of a device, typically the door of an enclosure.
template
In biometrics, a computed transformation of a scan – still unique to the individual but taking up much less storage. It is the template, not the raw scan, that is stored in a database of users or on the chip of a smart card, for comparison to a live scan taken at an access point.
threshold
In biometrics, the user-adjustable parameter that can be used to adjust the two failure rates (false acceptance and false rejection). Since it represents “How close is close enough?” decreasing one of the failure rates automatically increases the other.
time schedules
Consists of time ranges that are associated with days of the week or holidays, and are often used with access levels or as trigger events.
token
A small object with a microchip that carries your personal identifying information. The token is touched to a reader, or simply brought within range if it includes RFID capability.
trigger
An event or manual action that will cause another event or execution of a macro.
vicinity card
An access control card that has an onboard RFID transmitter/receiver, allowing it to communicate with a reader from a distance of up to one meter (3 feet).
voice print
In biometrics, a digital representation of a user’s voice used for comparison with the user’s live speech at an access point.
Voltage drop
Voltage loss experienced by electrical circuits due to two principal factors: (1) wire size and, (2) length of wire runs.
volt/amp (VA) rating
The product of rated input voltage multiplied by the rated current. This establishes the "apparent energy" available to accomplish work.
WAN
Wide area network
watt
The common unit of electrical power. One watt is dissipated by a resistance of one ohm through which one ampere flows.
Wiegand Card
A type of access control card that uses imbedded work-hardened wire (Wiegand wire) to hold information read by swiping it through a reader.