Innovations in Comfort, Efficiency, and Safety Solutions.
| Tomorrow’s IP-Based Access Control System
on Today’s Serial Network Infrastructure using PCN IP-485® Technology
|S. Venkat Shastri
PCN Technology, Inc.
Article Abstract: The physical access control industry is going through
a transformation motivated by a need to deliver services from the web
and thereby reduce operating costs. In government and other facilities
where certain areas may have restricted access, new regulatory
requirements have necessitated an upgrade of closed, legacy access
control systems to secure, Cloud connected solutions. All this is
calling for extensions and upgrades to the networking infrastructure
currently in-place, and a move from proprietary narrowband
communication to standardized and secure broadband communication. In
this paper, we propose the application of a new technology called
IP-485® to access control network upgrades, and describe how it could
be utilized to transform closed legacy infrastructure for access
control into open, Cloud connected IP LANs. The proposed solution
enables a phased approach to the migration and ultimate transformation
of access control systems.
Traditionally, physical access control has referred to the ability to control the ingress and egress of people to and from a campus, facility or room. Simplest example of physical access control is the use of mechanical locks on doors to rooms. Although simple and relatively inexpensive to install, they do not offer the ability to gather even simple information such as when a person with the key to the lock entered a room. Electronic locks have the ability to monitor and control access, and are currently most prevalent in commercial and industrial facilities. They come with keyless entry cards or fobs each of which has a personal identification number which can be used to monitor a person’s access to facilities. The primary challenge faced by facilities managers is how to upgrade access control systems so that (i) they are Cloud connected for the delivery of web-enabled services, and (ii) they can be accessed by the fire & life safety system to enable automation in emergency response applications.
In a world where CapEx budgets are large, facilities managers would be
able to overcome these challenges with simply a “rip and replace” plan
to a new, open-standard IP infrastructure for both access control and
fire and life safety systems, so that they may both be integrated with
the corporate IT network. But practically speaking what they need is a
migration strategy from their legacy infrastructure to one that
satisfies their current and emerging bandwidth, security and service
demands. In this article, we show that IP-485® enables structured and
phased strategies for network upgrades, and future proofs the
communication infrastructure to emerging needs.
Challenges in Access Control
Most traditional access control systems are built on closed low bandwidth communications infrastructure. They run proprietary serial protocol of one form or another at data rates as low as 2400 Baud in older installations. They need little in the way of error correction in communication or bandwidth/ latency management in the network. As a result, Quality of Service (QoS) in these installations resulted more from careful system design, and upgrades required end-to-end testing in the field to re-affirm QoS. More recent installations have leveraged the BACNet standards developed for Building Automation in an attempt to develop an integrated approach towards all aspects of building management. This has brought about improvements in bandwidth within access control systems and interoperability between various vendor offerings and across applications.
Several important changes are underway in the access control market and it is quite likely that the incremental improvements implemented in the past decade will be inadequate in addressing emerging requirements and trends in the industry. Key among them are:
Traditionally, facilities managers have relied on the experience of
system integrators to design and deploy vertically integrated systems
consisting of products from a variety of vendors. In an industry trying
to find ways to get to an IP-based access control system
infrastructure, a new approach will be needed by system integrators to
meet the emerging needs in the industry due to a variety of reasons.
Most important among them is that any IP upgrade will by definition
need either a change-out of the wiring infrastructure, or the
deployment of a secondary infrastructure using an appropriate set of
wireless products. Neither is likely to be an effective solution for a
system upgrade. While wireless is becoming the technology of choice for
cost-effective connectivity at the edge between the access panel and
electronic locks, it lacks the reliability or robustness required to
serve as an infrastructure solution for access control systems. A “rip
and replace” of wires definitely delivers the reliability and
functionality desired by facilities managers, but is not cost effective
and requires substantial capital expense budgets. Further, neither
approach presents a migration path for a phased transformation of the
legacy infrastructure into an IP-enabled one.
Access Control Network Infrastructure Upgrade Needs
In general, facilities managers look for two types of network upgrades. These are:
IP-485® for Access Control Network Transformation has demonstrated the
ability to implement the changes needed in access control network
infrastructure without any “rip and replace” of the existing wiring. It
is a broadband solution that has reliability comparable to wired
systems, but with cost points that are typical in wireless deployments.
At the heart of the proposed IP-485® solution for BMS upgrade challenges is in the fact that it enables the simultaneous transport of IP data and serial data over the same wiring infrastructure (active twisted or untwisted pair) and even in the presence of significant conducted and radiated noise in the medium. The foundation of this technology lies in an algorithm called Dynamic Adaptive Channeling which decides in real-time how to encode data payloads into communication frequency channels, so that Quality of Service (QoS) can be maintained at all times subject to channel constraints. The algorithm starts with a full spectral sweep and a determination of the Signal-to-Noise Ratio (SnR) properties across the entire channel. To make the problem computationally elegant, the algorithm divides the overall communication channel into Orthogonal Divisional Frequency Multiplexing (OFDM) sub-channels and conducts the SnR analysis at the baseband associated with each sub-channel (shown in Figure 2). This helps determine available sub-channels at a given Quality of Service (QoS), which in turn maximizes the utilization of usable channel capacity.
Adaptive Channeling permits the deployment of robust communication
networks in harsh environments. The algorithm is robust to white noise
in the channels which degrade the communication bandwidth, and colored
noise in the channels arising from factors such as EM interference from
nearby operating equipment. In addition, it automatically discovers
usable communication channels regardless of the type, gauge or topology
of wiring used. As examples, IP-485® would operate successfully on
18-gauge, twisted pair, multi-drop wiring, coax cables or 26-gauge
untwisted pair, simple daisy-chained wiring. Communication is robust to
collisions arising from other applications currently using the channel,
which are seen as interferences in channel analysis. This enables the
technology to implement multiplexed channel access across applications
at the physical level. In addition, if more than one OFDM sub-channel
is available for communication, the technology enables the
implementation of a Bus consisting of sub-channels that run
concurrently, each of which may be multiplexed between applications.
Figure 2: IP-485® Network Architecture
The second set of properties manifest in PCN’s IP-485® relates to
real-time network management at the application level. Concurrent with
the adaptive channeling algorithm, we also implement a real-time
communication engine that enables the delivery of serial data (that is
multiplexed with IP date) with negligible latency, encoded in jitter
free, almost copy-exact waveforms, regardless of wiring type, noise,
interference of other considerations that affect signal integrity.
Further, we also implement a network engine that enables network
configuration and management in real-time. For example, in a
Master-Slave configuration, the concept of a Floating Master may be
implemented using the engine. Further, data payloads with high priority
may be queued and delivered with very low latency across the network.
Figure 2 shows a typical network established using IP-485® network
products. It consists of a Router that is connected to the Cloud via an
ISP line (T1, Fiber or Satellite) using a standard CAT 5/6 connection.
It may also be connected to serial network(s) on its Low Frequency (LF)
Bus(es). The PCN Single Channel Router (SCR) accepts a single serial
network connection (shown in Figure 2), while the Multi-Channel (MCR)
version permits the integration of up to 4 serial networks. The Router
then transports both IP data and serial data on the same output
channel, called the Broadband (BB) Bus. The SCR has a single BB Bus,
while MCR would have as many separate BB Buses as serial network inputs
on the LF Bus. In this architecture, the Shared Wire multi-channel,
multiplexed access bus is implemented on the BB Bus wiring.
Figure 3: Typical Access Control System Architecture
Each Router is connected to one or more PCN Switches on the BB Bus. A SCR would be capable of driving up to 4 switches, while a MCR has the capacity to drive up to 16. Each PCN Switch has as input the BB Bus wiring from its Router. Serial network outputs are connected to its LF Bus, while its 3 IP ports enable the establishment of a redundant management IP network between the Router and the Switch. Network established with MCRs and Switches have the ability to integrate up to 48 IP Edge devices, and 4 separate serial networks, each potentially having a different protocol. SCRs, on the other hand, will be able to handle 12 IP Edge devices and a single serial network. In each case, the IP network would co-exist with the serial network without any impact on the performance of one network from the other. In our current product implementation the BB Bus as well as the LF Bus consists of standard twisted pair (TP) or untwisted pair (UTP). In addition, the technology has been validated on a variety of analog and digital wiring.
In terms of real-world applications, PCN products have been
successfully applied on legacy access control and BACNet networks
operating at data rates ranging from 9600 Baud to 76.8K Baud. In
addition, PCN products have also functioned on legacy building
automation buses without issue. In both cases, IP data rates in the
range of 1 - 4 Mbps were recorded consistently at the edge. This
implies that while the example shows the integration of a simple device
such as a thermostat, PCN products are capable of supporting the data
needs of any upgrade that may be required in existing BMS. The SCR may
either be connected directly to the Cloud, or integrated with the
corporate IT infrastructure for the delivery of web services.
Access Network Transformation using IP-485® Networks
Consider a typical access control system architecture shown in Figure 3. It has a collection of card readers connected to the access panel, many of which may be connected to the access control server in the data room. In legacy systems, each access panel has the ability to connect to a small number of readers and a corresponding number of electronic locks using simple Weigand wires. When a card is placed near the reader, their information is read and passed on to the access panel, which in turn, communicates with the server, confirms that the person holding the card is allowed access. With this confirmation, the access panel is able to instruct the electronic lock to open. Without the confirmation from the server, the access panel does not send out the “open” instruction to the door lock.
Communication between the reader and the access control panel is simplex, using a proprietary protocol. More recently, this has been implemented to be full duplex using ZigBee. Communication between the access panel and the electronic lock, traditionally, uses Weigand wires, but has also been recently switched over to ZigBee. Communication between the access panels and the server is serial, and managed using a simple polling, Master-Slave, or Token Passing arbitration scheme on a twisted or untwisted pair of wires. Most servers do have the ability to connect to the Internet, but only for remote log-in and update of database associated with who is permitted access to the facility.
Starting from the edge, tomorrow’s access control will ultimately have
IP-enabled card readers. There are two motivations driving this change.
First is that while traditional readers only deal with simple
“mag-stripe” cards, IP-enabled readers have the ability to integrate
the use of “smart cards,” and conduct the initial validation
directly between the reader and the card. Secondly, IP-enabled readers
can be easily made secure with third-party software. Secondly, access
control panels will also be IP-enabled. In addition to the security
advantages already discussed, each IP-enabled access control panel is
capable of driving tens of IP-enabled readers (as an example, many
legacy access control panels can only integrate 2 readers, while
IP-enabled panels can integrate 64 IP-enabled readers). Third, instead
of having the access control server and database in the premises,
tomorrow’s system will be connected to a servers and storage that
reside in the Cloud.
Figure 4 shows the implementation of the access control upgrade using IP-485®. In the figure, we use an SCR or MCR at the head-end depending on the number of access panels that need to be supported. The server resides in the Cloud and is connected to the PCN Router. The Router, in turn, is connected to an appropriate number of switches on the existing wiring in the facility. Each switch can service up to 3 IP-based access panels in its proximity, and modern panels have the ability to communicate both with the reader and the electronic lock using ZigBee. As a result, the entire upgrade, on the infrastructure side of the problem, requires the change-out of locks and card readers, and the replacement of the in-premises servers and databases with their counterparts that reside in the Cloud. The entire wiring infrastructure is maintained. Since PCN routers and switches are broadband, they deliver bandwidths that are adequate for future expansions.
In this article, we have presented a new technology called IP-485® and
described how it may be deployed to transform existing access control
infrastructure into one that can support IP-enabled devices that are
connected to the Cloud. The technology has been applied successfully on
a variety of access control configurations and data protocols, and has
operated on both twisted pair and untwisted pair wiring. Both daisy
chain and multi-drop wiring topologies have been considered in the
testing. At present, the products are beginning to proliferate within
the market leaders in building automation, security and access control
applications, and we anticipate rapid adoption of the technology in a
number of Use Cases in the near-term.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]