The Weigand Effect: How a 30 year old science project still influences our security systems
If you utilize your campus card for access control, there is a good chance that you have heard the term Weigand (pronounced wee-gand). Typically, it is used in the context of “Weigand output,” “Weigand standard,” “Weigand encoding,” or “Weigand numbering scheme.” And more than likely, it has made the people on your campus responsible for card orders, security systems, and card issuance systems nervous at some point in time. That is because, while many people have heard the term, few understand its significance.
In the 1970s, a scientist named John Weigand found a unique electromagnetic property of a specially designed wire. His ‘Weigand wires’ produced a measurable energy pulse when brought within the field of magnet. He learned to measure these pulses using a basic sensor. The key to the effect is in the wire itself. A Weigand wire actually consists of two wires–one wrapped inside the other. The wires are made of different alloys that reverse magnetic polarities at different levels of magnetic force. It is the reversing of one wire’s polarity prior to that of the other that causes the Weigand pulse to occur.
How did this discovery
change the access control world?
It was discovered that placing small lengths of Weigand wire in a specific pattern could generate a binary code, much like the zeros and ones that form the building blocks of all digital systems. This binary code could be used to store a number. Taking these bits of wire and embedding them in a plastic card creates an ID number that can be read by passing the card along a magnetic sensor. Weigand cards were born. This technology became extremely popular for access control applications because of its durability and extreme weather resistant qualities.
Weigand cards align the wires in two rows. A wire in the top row signifying a one and a wire in the bottom row signifying a zero. Each column–either a zero or a one–is a single bit. Remember, that the bits are just zeros or ones–they are not actual numbers but building blocks of numbers. Consider this example: if you have a 2-bit system, there are only four possible patterns: 0-0, 0-1, 1-0, and 1-1. Thus, four characters could be represented by the data. In a 3-bit system, 8 possible patterns exist and thus 8 characters could be represented. Using a 4-bit system, 16 patterns emerge.
It became commonplace in the access control industry to utilize 26-bits in Weigand cards and many of the cards that followed. Proximity card provider HID and others began to utilize 24 bits for card data and the remaining bits as check digits or parity digits (used to verify read accuracy). With the 24 bits, more than 16 billion unique ID numbers could be generated (2 to the 24th power = 16,777,216). It was determined, however, that site codes would enable better control by allowing card issuers to ensure that all cards accepted in their facility had the same 3-digit start code. Any card with a different 3-digit site code could be rejected without querying the database. So, rather than allow all 24 bits to be used to create a single mammoth number, the 24 bits were broken into two parts: an 8-bit site code and a 16-bit ID number.
From 8 bits, 256 different patterns can be created (2x2x2x2x2x2x2x2 = 256). Thus, the available range of site codes is 000-255. All of these 26-bit systems use one of these 256 possible site codes. From the 16 bits used for the ID number, 65,536 unique patterns can be created (2 to the 16th power = 65536). Theoretically, if you took a card from a 26-bit system and visited 256 other sites, odds suggest that you would find one that used the same site code as your card. If a card number between 000000 and 65536 had been issued at that site and it matched your card number, your card would be recognized as a valid card. While this may seem like a security flaw, the practical nature of this impacting a site’s security is minimal.
Because this Weigand wire technology became a de facto standard for access control, system hardware and software was geared around the acceptance of this data structure. As other card technologies came to be used for access control, they were designed around the Weigand data format in an attempt to minimize the impact on deployed infrastructure. Proximity cards, contactless chip cards, magnetic stripes, and barcodes have all been encoded to accommodate this original data structure.
Over the years, variations on the Weigand format have emerged (e.g. 32-bit). Today, true Weigand wire cards are not common on college campuses. However, the legacy of this technology is still at work in the industry standard Weigand output–the 26 bit data string that is used by the majority of the access control readers and systems on the market.