Many of our customers have asked for a glossary of
terms related to access control. I have combined several glossaries to make
this cover a broad range of terms. If you need a definition that is not listed
here, let us know and we will make every effort to add it to the list below.
This glossary will also be posted on our website in the “Education and
Resource” section.
Access Control Glossary
125kHz
Radio transmission
operating at 125 thousand cycles per second. This technology has historically
been the standard for proximity cards/readers
128 Bit AES
A specification for the
encryption of electronic data using a 128 bit symmetric key algorithm
13.56MHz
Radio transmission
operating at 13.56 million cycles per second. This technology has historically
been the standard for smart cards/readers
26 Bit Format
The most common data
format for RFID badges. It consists of 4 components. Even Parity (1 Bit),
Facility Code (8 Bits), Card # (16 Bits) and Odd Parity (1 Bit)
3DES (TDEA)
Triple DES is a
specification for the encryption of electronic data which applies the data
encryption standard three times to each block.
access control
Controlling entry of
people into buildings, rooms, and racks, and controlling the use of keyboards
and equipment, by the use of automated devices that either read information
stored on an object such a card (what you have),
receive a code or password (what you know), or recognize a physical trait
by biometric analysis (what
you are).
access credential
A medium that contains
encoded information, such as ID cards, key fobs, & smart chips
access level
A logical group of doors
paired with a time schedule used to determine when and where a card is granted
access.
access point
A place along the
perimeter of a secure area where there is a door/gate/portal and some type of access control method to screen users
attempting entry to the area.
ADA
Americans with
Disabilities Act
AHJ
Authorities having
Jurisdiction
alarm input
A monitoring point on a
panel that checks the status of a device, typically digital (open/closed). Thru
the use of resistors, they may also monitor a normal/alarm/short/open.
alternating current
An electric current that reverses its
direction regularly and continually. The voltage alternates its polarity and
direction of current flow negative to positive. AC current increases to a peak,
decreases through zero and peaks in the opposite
direction. AC current flows back and
forth in the conductor and is expressed in cycles per second or Hertz (Hz).
ambient temperature
The temperature of the air in the
immediately surrounding environment.
ampere (A, amp)
The unit of measurement for the rate
of electrical current flow, characterized by the symbols ' I ' (in Ohm's law
formulas) or 'A.' One ampere is the current flowing through one ohm of
resistance at one volt potential.
ampere/hour (AH)
A measurement of a battery's capacity.
One ampere of current flowing for one hour equals one ampere/hour.
annunciator
An audible and/or visual signaling
device.
ANSI
The American National Standards
Institute (ANSI) is a private, non-profit organization that administers and
coordinates the U.S. voluntary standardization and conformity assessment
system.
anti-collision
The process built into an
RFID system that protects multiple cards from being read at the same time when
within the readers RF field.
anti-passback
refers to a systems
ability to track an individuals in/out status at a facility, typically through
entrance and exit card readers. Once a person has entered, they cannot enter
again until they have exited.
API
Application Programming
Interface is a source code interface that is provided in order to support
requests to be made by other computer programs and/or allow data to be
exchanged.
audit trail
A record of transactions that can be
used by an interested party to trace an access control activities during a
specific time period.
availability percentage
A calculated prediction of
a system’s percentage of “uptime.” For mission-critical facilities, the goal is
“five
"nines” or 99.999% –
less than 5 minutes of downtime per year.
bandwidth
The amount of data a
network can transport in a given time period.
bar-code card
A type of access control card that uses an array of
machine readable bars and spaces to represent the encoded information such as
card number.
barium ferrite card
A type of access control card that uses a pattern
of magnetic spots to store information; read by laying flat on a
reader. Also called a
“magnetic spot card.”
biometric lock
A lock that is controlled
by a biometric scanner, such as fingerprint, hand geometry, retina
identification, etc.
biometrics
Establishing personal
identity verification using technology to measure a physical or behavioral
trait – for example, a fingerprint.
BOCA
Building Officials and
Code Administration international
card reader
A device which interprets
coding resident on or in a credential.
cipher lock
A lock that is opened by
pressing its buttons in a specific sequence. It differs from a coded lock in that
it typically has only 4-5 buttons, and each button can only be pressed once.
The cipher lock was the mechanical precursor of today’s electronic coded lock
with a telephone-like keypad.
coded lock
A lock that is opened by
typing a code on a keypad.
contact smart card
A smart card that
must make contact with the reader. Compare with contactless smart card.
contact
Electrically conductive points, or
sets of points, used to make or break an electrical circuit mechanically.
contact rating
Maximum load rating of a switch,
stated in voltage and/or current.
contactless smart card
A smart card that uses
RFID technology
to enable its use without physical contact with the reader. Maximum distance
from the reader is either the proximity range (10 cm. / 4 inches) or the vicinity range
(one meter / 3 feet) depending upon which of two RFID standards is used.
continuous duty
Refers to a device or a control that
can operate continuously with no off or rest periods.
credential
A medium that contains
encoded information, such as ID cards, key fobs, & smart chips
data0 (DO)
One of two data lines in
Wiegand communications. Data0 (D0) represents the binary”0”.
data1 (D1)
One of two data lines in
Wiegand communications. Data1 (D1) represents the binary”1”.
decibel (db)
An increment of measurement used to
compare measured levels of sound energy (intensity) to the apparent level
detected by the human ear. A sound that has 10 times the energy of another
sound is said to be 10 decibels louder; 100 times the energy is 20 decibels
louder; 1,000 times the energy is 30 decibels louder and so on. Decibel levels
are correctly expressed as the number of
decibels at a measured distance from
the sourse of sound (for example, 125dB at 10 feet).
delay on break
A term used to describe a mode of
operation relative to timing devices. The delay begins when the initiate switch
is opened (delay on break of initiate switch)
delayed egress
An irreversible time delay built in
the locking device of an opening preventing immediate egress.
DIP switch
A miniature switch typically used to
program, set, or change circuit functions. DIP is an abbreviation for the
dual-in-line package which houses the switch.
depth of security
Concentric perimeters of
security having different or increasingly stringent access methods. An inner
area is protected both by its own access methods and by those of the areas that
enclose it and must therefore be entered first.
DIP switch
A device consisting of
miniature toggle switches in rows and numbered. It is intended to allow
electronic equipment users to change characteristics of the equipment.
double pole/double throw
A term used to describe a switch or
relay output contact form (2 form C) in which two separate switches are
operating simultaneously, each with a normally open and normally closed contact
and a common connection. This form is used to make and break two separate
circuits.
dry contact
metallic points making
(shorting) or breaking (opening) a circuit.
egress
The act of going out.
encryption
The reversible
transformation of data from its original form to a format which is difficult to
interpret. This is a mechanism to protect the confidentiality and integrity of
the data and insure integrity. Encryption requires use of an algorithm and one
or more encryption keys.
electric strike
An electric door locking device
(usually solenoid-operated) that will unlock the door when electrical power is
applied to it. A fail-safe configuration will operate in the reverse condition
(i.e., normally locked when power is applied and unlocked when power is
interrupted.)
electromagnet
A coil of wire, usually wound on an
iron core, that produces a strong magnetic field when current is sent through
the coil.
end of line resistor (EOL)
Resistance in a supervised circuit,
usually at the farthest point from the alarm control unit, restricting the flow
of current to a known value which is monitored. Shorting the circuit in an
attempt to bypass protective devices in the loop (i.e., door contacts) will
create increased flow of current and cause an alarm. Opening (breaking) the
circuit also triggers an alarm if the system is armed, or a supervisory signal,
if the system is disarmed.
facial geometry
One of the physical traits
that can be measured by biometric technology – the relative position of eyes,
nose, and mouth on the face.
false acceptance
In biometric
identification, the erroneous result of identifying someone who isn’t in the
database of known people. It is one of two ways biometric identification can
fail; the other is false
rejection.
false rejection
In biometric
identification, the erroneous result of failure to recognize a known person. It
is one of two ways biometric identification can fail; the other is false acceptance.
FAR
False Acceptance Rate. For a
biometric device, the percentage of readings that are a false acceptance.
fail-secure
A
term used to describe an electric lock that has a mechanical state of being
locked and requires power to unlock it. Also known as electrically unlocked.
fail-safe
A
term used to describe an electric lock that has a mechanical state of being
unlocked and requires power to lock it. Also known as electrically locked
FIPS
Federal information
processing standard
FIPS201
Federal information
processing standard for personal identification verification (PIV)
form C relay
A switch mechanism which
contains three terminal points: Open, Closed, Common.
format
The way that the
information (parity bits, facility code and card #) is organized on the
credential.
FRR
False Rejection Rate. For a
biometric device, the percentage of readings that are a false rejection.
gateway
A device for providing
isolation and control of the flow of information between a computer and
authenticated devices on the network.
ground wire
An electrical conductor
that leads from a device to an earth ground connection.
hand scan
A technique for biometric
identification that measures three-dimensional hand geometry – the shape of the
fingers and the thickness of the hand.
hertz (Hz)
The international unit of frequency
equal to one cycle per second; named after the German physicist Heinrich
Rudolph Hertz (1857-94).
homerun
A wiring method in which
each device has a separate wiring run to the control panel.
host computer
A computer that primarily
provides services such as computation, data base access, or special programs
and/or services.
HSPD
Homeland Security
Presidential Directive
HSPD12
Homeland Security
Presidential Directive calling for a mandatory government-wide standard for
secure and reliable forms of ID issued by the federal government for access to
federally controlled facilities and networks..
iButton®
A microchip similar to
those used in smart
cards but housed in a round stainless steel button about a half inch in
diameter, which can be attached to a key fob or jewelry. iButtons are extremely
rugged, but are not available with RFID technology for contactless use.
IC
Integrated circuit
IFPO
International Foundation for Protection Officers. A
non-profit organization founded for the purpose of standardized training and
certification of protection officers. Its Security Supervisor Training Manual is a reference
guide for protection officers and their employers.
I/O
Input/output
infrared shadow card
A type of access control card that has a bar code
sandwiched between two layers of plastic. The reader passes infrared light
through the card, and the shadow of the bar code is read by sensors on the
other side.
induction
An influence exerted by a charged body
or by a magnetic field on neighboring bodies without apparent communication; electrifying,
magnetizing, or inducing voltage by exposure to a field.
inrush
The initial surge of current through a
load when power is first applied. Lamp loads, inductive motors, solenoids and
capacitive load types all have inrush or surge currents higher than the normal
running or steady state currents. Resistive loads, such as heater elements,
have no inrush.
interlock
A system of multiple doors with
controlled interaction. Interlocks are also known as lighttraps, airtraps,
mantraps and sally-ports. (See safety
interlock, security interlock.)
intermittent duty
A solenoid designed to be energized
for short periods of time. Continuous operation may damage an intermittent duty
solenoid.
iris scan
A technique for biometric
identification that maps the pattern of colors in the iris of the eye.
ISO-14443
A series of international vendor
independent standards for proximity RFID that establishes guidelines for two
types of smart cards (A & B). The most common application requires a read
within 4 inches of the reader and includes Classic MIFARE, EV1, DESFire and
PIV.
ISO-15693
A series of international vendor
independent standards for vicinity RFID that establishes guidelines for smart
cards that can read up to 1.5 meters.
Keyfob
specific form factor of
credential that generally refers to a hard plastic disk that is carried on a
key chain.
LAN
Local area network
levels of security
The range of security
protection, low to high, provided at concentric perimeters – the least secure
at the outermost perimeter (such as entry to the building) and the most secure
at the innermost perimeter (such as access to a rack).
light emitting diode (LED)
A diode, a solid-state device, that
gives off virtually heatless colored light when electric current is passed
through it. LEDs are very efficient and long-lasting and are often used for
digital readouts and annunciators. Common colors include red, green and amber.
line drop
A voltage loss occurring between any
two points in a power or transmission line. Such loss, or drop, is due to the
resistance, reactance or leakage of the line.
linking
When an input changes the
state of an output.
macro
A defined set of actions
or commands that will be executed based on a trigger event.
magnetic stripe card or magstripe card
A type of access control card that uses a magnetic
strip to store information; read by inserting or swiping through a reader.
manageable device
Able to be monitored and
controlled remotely. Manageable access control devices
can communicate with a remote management system for monitoring (who’s coming and going and
when), control (configuring
the device to allow access to certain people at certain times), and alarm (notification of repeated
unsuccessful access attempts or device failure).
mantrap
An airlock-style
arrangement having secured doors for entry and exit, with room for only one
person between the doors. It is a solution to the security loophole called piggybacking or tailgating, in
which an unauthorized person freely passes a security checkpoint by following
an authorized person through an open door.
masking
Hiding or suppressing
alarms which do not need to be viewed.
meantime-between-failure
A prediction of the time
interval between system failures. Should be measured in thousands of
hours/possibly years.
MIFARE®
A contactless and dual
smart card chip technology produced by NXP that is fully compliant with
ISO-14443.
mission critical facility
A facility that must
operate 24/7/365 regardless of availability of power/water/fuel/etc. Examples
would be corporate data center, 911 dispatch, military facilities.
multi-technology credential
A credential that contains
two or more technologies (i.e. proximity, smart card, magnetic stripe).
multi-technology reader
A reader with the
capability to read two or more card technologies (i.e. proximity, smart card,
magnetic stripe).
NCPI
Network-Critical Physical Infrastructure. Elements
of a data center’s physical infrastructure
(as distinguished from IT infrastructure such as routers and storage managers)
that contribute directly to availability by ensuring uninterrupted
operation. NCPI includes power, cooling, fire suppression, and physical security.
NEC
National Electrical Code
need to know
A very high level of
security, with access restricted to people who have a specific, immediate need
to be in the secured area (for access to particular data, for example), with
access only allowed for the time period during which that need exists.
NIC
Network interface card
NO/NC
Normally open/normally
closed, refers to the normal circuit state of a switch/relay
OHM
Unit of electrical
resistance. One OHM is the resistance which allows one ampere of current to
flow through a conductor at one volt.
PAC
Personal Access Code. Another
name for PIN (Personal Identification Number) – a code or password that identifies
a user at an access
point.
PIN
A code or password that identifies
a user at an access
point.
PIV
Personal identification
verification
physical security
Protecting physical
facilities from accidents or sabotage caused by the presence of unauthorized or
ill-intentioned people. A physical security system includes access control devices
for automated screening at entry points, plus a sensor-based alarm system.
Additional protection may include camera surveillance and security guards.
piggybacking
The security breach that
occurs when an authorized person, having unlocked a door using legitimate
credentials, holds the door open for an unauthorized person to follow through
the checkpoint with no credentials. (A similar breach is tailgating, where
the unauthorized user slips through undetected behind the authorized user.)
proximity credential or prox card
An access control card that
has an onboard RFID transmitter/receiver,
allowing it to communicate with a reader from a distance of up to one meter (3
feet). Typically 125KHz frequency.
proximity smart card
A smart card that has RFID technology
in its chip, so that it can communicate with the reader from a distance of up
to 10 cm. (4 inches). Also called a contactless smart card.
Typically 13.58MHz frequency.
rectifier
A solid state electrical
device that will allow current to flow in one direction. It is designed to
convert AC current to DC current.
relay
An electrically controlled
device that opens and/or closes electrical contacts.
resistor
An electrical component
that provides a defined amount of resistance.
retinal scan
A technique for biometric
identification that maps the pattern of blood vessels in the retina of the eye.
REX
A request-to-exit device
used as an input on an access control system to signal authorized egress.
RFID
Radio frequency identification.
Communication between card and reader without physical contact. RFID technology
is what makes proximity
cards, vicinity
cards, and contactless
smart cards work. The RFID chip is powered by an electromagnetic field from
the reader.
safety interlock
A multidoor system in
which all doors are normally closed and unlocked. Opening any door will lock
all other doors
security interlock
A multidoor system in
which all doors are normally closed and locked. Opening any door will will
disable the door releases of all other doors.
SDK
Software Development kit
Shunt
Length of time that an
input will be masked.
single pole/double throw (SPDT)
A term used to describe a switch or
relay contact form (1 form C) that has a normally open and a normally closed
contact with a common connection.
single pole/single throw (SPST)
A switch with only one moving and one
stationary contact, available either normally open (NO) or normally closed
(NC).
smart card
A type of access control card that
stores information in a microchip. The chip not only stores data, but can perform
computation and exchange data with the reader. It is read by touching the card
to the reader so that the electrical contacts line up. See also contactless smart card.
smart media
Small objects of any shape
that contain the same type of chip used in a smart card. Smart media are
typically small objects (tokens) that
can be attached to a key ring or worn as jewelry.
social engineering
The use of ordinary guile
and deceit to con people into relaxing security procedures – for example, such
as revealing passwords, lending keys, or opening doors.
switch, maintained
A switch that, when activated,
maintains its activated position until it is
unactivated.
Switch, momentary
A switch that, when activated,
automatically returns to its original position
afterwards.
tailgating
The security breach that
occurs when an unauthorized person slips past a checkpoint undetected, by
following an authorized user through an open door. (A similar breach is piggybacking, where
the authorized user is complicit and holds the door open.)
tamper
A digital input which
monitors the status of a device, typically the door of an enclosure.
template
In biometrics, a
computed transformation of a scan – still unique to the individual but taking
up much less storage. It is the template, not the raw scan, that is stored in a
database of users or on the chip of a smart card, for comparison to a live
scan taken at an access
point.
threshold
In biometrics, the
user-adjustable parameter that can be used to adjust the two failure rates (false acceptance and false rejection). Since
it represents “How close is close enough?” decreasing one of the failure rates automatically
increases the other.
time schedules
Consists of time ranges
that are associated with days of the week or holidays, and are often used with
access levels or as trigger events.
token
A small object with a
microchip that carries your personal identifying information. The token is
touched to a reader, or simply brought within range if it includes RFID capability.
trigger
An event or manual action
that will cause another event or execution of a macro.
vicinity card
An access control card that
has an onboard RFID transmitter/receiver,
allowing it to communicate with a reader from a distance of up to one meter (3
feet).
voice print
In biometrics, a
digital representation of a user’s voice used for comparison with the user’s
live speech at an access
point.
Voltage drop
Voltage loss experienced by electrical
circuits due to two principal factors: (1) wire size and, (2) length of wire
runs.
volt/amp (VA) rating
The product of rated input voltage
multiplied by the rated current. This establishes the "apparent energy"
available to accomplish work.
WAN
Wide area network
watt
The common unit of electrical power.
One watt is dissipated by a resistance of one ohm through which one ampere
flows.
Wiegand Card
A
type of access control card
that uses imbedded work-hardened wire (Wiegand wire) to hold information read
by swiping it through a reader.
