By Chris Corum, Executive Editor
Most physical access control systems protect a building’s main entrances but neglect interior doors. Cambridge, Mass.-based CoreStreet Ltd. is looking to change that with a different twist on physical access control.
“95% of doors don’t have electronic access control,” says Chris Broderick, CEO of CoreStreet. “Systems typically secure public areas and the hallways, rather than the offices and private areas where sensitive, valuable assets exist.”
CoreStreet has designed a card-connected system to change that, and secure the 95% of doors that aren’t secured. The system enables offline readers to function in ways typically reserved for online devices.
Online access readers communicate with field panels and security systems via a wire. There are benefits to this architecture when compared to their offline counterparts. Online readers rely on the backend for intelligence and decision-making, receive software updates directly from the system in real time, and they do not need to store credential or transaction information locally.
But there is a significant drawback to online devices. Wiring and installation is costly, disruptive, and time consuming. “It can cost between $5000 and $7000 per door to deploy online readers,” says Broderick.
An alternative to an online access control reader is the offline door controller. Most will recognize a version of this device as the card-accepting lock on the majority of hotel room doors. The device reads a credential stored in the card and makes a local decision on access permissions. Broderick says these devices cost far less than online readers at just $700 to $800 per door.
Offline door controllers have been around for years. CoreStreet’s offering is different because it uses the physical IDs carried by cardholders as the transport mechanism for information between the security system and the network of offline readers. In other words, each card receives updates from the system at online access points and delivers them to offline access points during the normal course of operation.
These updates could include system configurations, ‘hotlists’ of expired or revoked credentials or software changes.
In traditional offline reader networks, a lost card is cancelled in the access control system but the offline readers don’t know of the cancellation until a ‘hotlist’ is updated in the reader. This can only be done when an employee with a handheld computer physically visits each reader. Until this happens, the cancelled card is still active as far as the reader is concerned and the cardholder can continue to access the protected area.
Digital certificates on the card ensure the authenticity of the credential and manage revoked privileges, even within the offline reader network. By setting a short life span for each certificate, such as 24 or 48 hours, lost, stolen or revoked cards can be expired quickly. “Underpinning everything we do is cryptography,” says Broderick.
Even if the reader has not received the cancellation update, the card will cease to be valid when the certificate expires. The certificate is updated each time a card is presented to an online reader in the system. Since online readers control access to the main entrances and exits of the building while the offline readers are on interior doors, this update process is virtually seamless.
Broderick explains that the technology will go to market via an OEM licensing model. Security leader Lenel has the first commercially available offering of the card-connected solution.
“Security integrators love the ROI for offline readers,” concludes Broderick. “Security is often a fixed cost alternative, so this lets them do more doors.” And as he suggested, the ultimate goal of the card-connected technology is to make electronic access control feasible for the other 95% of the world’s doors.
Watch CoreStreet’s Guy Vancollie talk about Card-Conected access control bridging online and offline locks
The latest version of Adobe Flash Player is required to view this video.