If you utilize an ID card for access control, there is a good chance that you have heard the term Wiegand (pronounced wee-gand). Typically, it is used in the context of “Wiegand output,” “Wiegand standard,” “Wiegand encoding,” or “Wiegand numbering scheme.” And more than likely, it has made the people at your organization responsible for card orders, security systems, and card issuance systems nervous at some point in time. That is because, while many people have heard the term, few understand its significance.
In the 1970s, a scientist named John Wiegand found a unique electromagnetic property of a specially designed wire. His ‘Wiegand wires’ produced a measurable energy pulse when brought within the field of magnet. He learned to measure these pulses using a basic sensor. The key to the effect is in the wire itself. A Wiegand wire actually consists of two wires–one wrapped inside the other. The wires are made of different alloys that reverse magnetic polarities at different levels of magnetic force. It is the reversing of one wire’s polarity prior to that of the other that causes the Wiegand pulse to occur.
How did Wiegand’s discovery change the access control world?
It was discovered that placing small lengths of Wiegand wire in a specific pattern could generate a binary code, much like the zeros and ones that form the building blocks of all digital systems. This binary code could be used to store a number. Taking these bits of wire and embedding them in a plastic card creates an ID number that can be read by passing the card along a magnetic sensor. Wiegand cards were born. This technology became extremely popular for access control applications because of its durability and extreme weather resistant qualities.
Wiegand cards align the wires in two rows. A wire in the top row signifying a one and a wire in the bottom row signifying a zero. Each column–either a zero or a one–is a single bit.
Remember, bits are just zeros or ones–they are not actual numbers but building blocks of numbers. Consider this example: if you have a 2-bit system, there are only four possible patterns: 0-0, 0-1, 1-0, and 1-1. Thus, four characters could be represented by the data. In a 3-bit system, 8 possible patterns exist and thus 8 characters could be represented. Using a 4-bit system, 16 patterns emerge (See figure 1).
It became commonplace in the access control industry to utilize 26-bits in Wiegand cards–and in many of the cards that have followed. Many proximity cards began to utilize 24 bits for card data and the remaining two bits as check digits or parity digits (used to verify read accuracy). With the 24 bits, more than 16 billion unique ID numbers could be generated (2 to the 24th power = 16,777,216). It was determined, however, that site codes would enable better control by allowing card issuers to ensure that all cards accepted in their facility had the same 3-digit start code. Any card with a different 3-digit site code could be rejected without querying the database. So, rather than allow all 24 bits to be used to create a single mammoth number, the 24 bits were broken into two parts: an 8-bit site code and a 16-bit ID number.
From 8 bits, 256 different patterns can be created (2x2x2x2x2x2x2x2 = 256). Thus, the available range of site codes is 000-255. All of these 26-bit systems use one of these 256 possible site codes. From the 16 bits used for the ID number, 65,536 unique patterns can be created (2 to the 16th power = 65536). Theoretically, if you took a card from a 26-bit system and visited 256 other sites, odds suggest that you would find one that used the same site code as your card. If a card number between 000000 and 65536 had been issued at that site and it matched your card number, your card would be recognized as a valid card. While this may seem like a security flaw, the practical nature of this impacting a site’s security is minimal.
Because this Wiegand wire technology became a de facto standard for access control, system hardware and software was geared around the acceptance of this data structure. As other card technologies came to be used for access control, they were designed around the Wiegand data format in an attempt to minimize the impact on deployed infrastructure. Proximity cards, contactless chip cards, magnetic stripes, and barcodes have all been encoded to accommodate this original data structure.
Over the years, variations on the Wiegand format have emerged (e.g. 32-bit). Today, true Wiegand wire cards are not as common as in the past. However, the legacy of this technology is still at work in the industry standard Wiegand output–the 26-bit data string that is used by the majority of the access control readers and systems on the market.