November 2012

BTL Mark: Resolve interoperability issues & increase buyer confidence
BACnet Testing Laboratories

(Click Message to Learn More)

Tomorrow’s IP-Based Access Control System

on Today’s Serial Network Infrastructure using PCN IP-485 Technology
S. Venkat Shastri
PCN Technology, Inc.

New Products
Secured by Cimetrics
Site Search
Control Solutions, Inc
Past Issues
Securing Buildings News

Article Abstract: The physical access control industry is going through a transformation motivated by a need to deliver services from the web and thereby reduce operating costs. In government and other facilities where certain areas may have restricted access, new regulatory requirements have necessitated an upgrade of closed, legacy access control systems to secure, Cloud connected solutions. All this is calling for extensions and upgrades to the networking infrastructure currently in-place, and a move from proprietary narrowband communication to standardized and secure broadband communication. In this paper, we propose the application of a new technology called IP-485 to access control network upgrades, and describe how it could be utilized to transform closed legacy infrastructure for access control into open, Cloud connected IP LANs. The proposed solution enables a phased approach to the migration and ultimate transformation of access control systems.


Traditionally, physical access control has referred to the ability to control the ingress and egress of people to and from a campus, facility or room. Simplest example of physical access control is the use of mechanical locks on doors to rooms. Although simple and relatively inexpensive to install, they do not offer the ability to gather even simple information such as when a person with the key to the lock entered a room. Electronic locks have the ability to monitor and control access, and are currently most prevalent in commercial and industrial facilities. They come with keyless entry cards or fobs each of which has a personal identification number which can be used to monitor a person’s access to facilities. The primary challenge faced by facilities managers is how to upgrade access control systems so that (i) they are Cloud connected for the delivery of web-enabled services, and (ii) they can be accessed by the fire & life safety system to enable automation in emergency response applications.

In a world where CapEx budgets are large, facilities managers would be able to overcome these challenges with simply a “rip and replace” plan to a new, open-standard IP infrastructure for both access control and fire and life safety systems, so that they may both be integrated with the corporate IT network. But practically speaking what they need is a migration strategy from their legacy infrastructure to one that satisfies their current and emerging bandwidth, security and service demands. In this article, we show that IP-485 enables structured and phased strategies for network upgrades, and future proofs the communication infrastructure to emerging needs.

Challenges in Access Control

Most traditional access control systems are built on closed low bandwidth communications infrastructure. They run proprietary serial protocol of one form or another at data rates as low as 2400 Baud in older installations. They need little in the way of error correction in communication or bandwidth/ latency management in the network. As a result, Quality of Service (QoS) in these installations resulted more from careful system design, and upgrades required end-to-end testing in the field to re-affirm QoS. More recent installations have leveraged the BACNet standards developed for Building Automation in an attempt to develop an integrated approach towards all aspects of building management. This has brought about improvements in bandwidth within access control systems and interoperability between various vendor offerings and across applications.

Several important changes are underway in the access control market and it is quite likely that the incremental improvements implemented in the past decade will be inadequate in addressing emerging requirements and trends in the industry. Key among them are:

Traditionally, facilities managers have relied on the experience of system integrators to design and deploy vertically integrated systems consisting of products from a variety of vendors. In an industry trying to find ways to get to an IP-based access control system infrastructure, a new approach will be needed by system integrators to meet the emerging needs in the industry due to a variety of reasons. Most important among them is that any IP upgrade will by definition need either a change-out of the wiring infrastructure, or the deployment of a secondary infrastructure using an appropriate set of wireless products. Neither is likely to be an effective solution for a system upgrade. While wireless is becoming the technology of choice for cost-effective connectivity at the edge between the access panel and electronic locks, it lacks the reliability or robustness required to serve as an infrastructure solution for access control systems. A “rip and replace” of wires definitely delivers the reliability and functionality desired by facilities managers, but is not cost effective and requires substantial capital expense budgets. Further, neither approach presents a migration path for a phased transformation of the legacy infrastructure into an IP-enabled one.

Access Control Network Infrastructure Upgrade Needs

Control Solutions, Inc In general, facilities managers look for two types of network upgrades. These are:

  1. Network Expansions: Many legacy systems operate close to or at their bandwidth. So, a request to integrate additional edge devices (e.g., additional readers) may not be possible on the existing network infrastructure. In these cases, facilities may require an actual “expansion” of the bandwidth prior to the addition of new devices. We refer to this as Network Expansion.
  2. Network Transformations: All legacy systems would (eventually) need to move to a open broadband IP LAN infrastructure. If achieved, this would immediately enable not only the total integration of the access network with the corporate IT network and the delivery of hosted services, it would also permit rapid and easy integration of access control products from a wide range of third-party vendors, and deliver high levels of security in a cost effective manner.

IP-485 for Access Control Network Transformation has demonstrated the ability to implement the changes needed in access control network infrastructure without any “rip and replace” of the existing wiring. It is a broadband solution that has reliability comparable to wired systems, but with cost points that are typical in wireless deployments.

IP-485 Technology

At the heart of the proposed IP-485 solution for BMS upgrade challenges is in the fact that it enables the simultaneous transport of IP data and serial data over the same wiring infrastructure (active twisted or untwisted pair) and even in the presence of significant conducted and radiated noise in the medium. The foundation of this technology lies in an algorithm called Dynamic Adaptive Channeling which decides in real-time how to encode data payloads into communication frequency channels, so that Quality of Service (QoS) can be maintained at all times subject to channel constraints. The algorithm starts with a full spectral sweep and a determination of the Signal-to-Noise Ratio (SnR) properties across the entire channel. To make the problem computationally elegant, the algorithm divides the overall communication channel into Orthogonal Divisional Frequency Multiplexing (OFDM) sub-channels and conducts the SnR analysis at the baseband associated with each sub-channel (shown in Figure 2). This helps determine available sub-channels at a given Quality of Service (QoS), which in turn maximizes the utilization of usable channel capacity.

Figure 1: Dynamic Adaptive Channeling

Figure 1: Dynamic Adaptive Channeling

Adaptive Channeling permits the deployment of robust communication networks in harsh environments. The algorithm is robust to white noise in the channels which degrade the communication bandwidth, and colored noise in the channels arising from factors such as EM interference from nearby operating equipment. In addition, it automatically discovers usable communication channels regardless of the type, gauge or topology of wiring used. As examples, IP-485 would operate successfully on 18-gauge, twisted pair, multi-drop wiring, coax cables or 26-gauge untwisted pair, simple daisy-chained wiring. Communication is robust to collisions arising from other applications currently using the channel, which are seen as interferences in channel analysis. This enables the technology to implement multiplexed channel access across applications at the physical level. In addition, if more than one OFDM sub-channel is available for communication, the technology enables the implementation of a Bus consisting of sub-channels that run concurrently, each of which may be multiplexed between applications.

Figure 2: IP-485 Network Architecture

Figure 2: IP-485 Network Architecture

The second set of properties manifest in PCN’s IP-485 relates to real-time network management at the application level. Concurrent with the adaptive channeling algorithm, we also implement a real-time communication engine that enables the delivery of serial data (that is multiplexed with IP date) with negligible latency, encoded in jitter free, almost copy-exact waveforms, regardless of wiring type, noise, interference of other considerations that affect signal integrity. Further, we also implement a network engine that enables network configuration and management in real-time. For example, in a Master-Slave configuration, the concept of a Floating Master may be implemented using the engine. Further, data payloads with high priority may be queued and delivered with very low latency across the network.

IP-485 Networks

Figure 2 shows a typical network established using IP-485 network products. It consists of a Router that is connected to the Cloud via an ISP line (T1, Fiber or Satellite) using a standard CAT 5/6 connection. It may also be connected to serial network(s) on its Low Frequency (LF) Bus(es). The PCN Single Channel Router (SCR) accepts a single serial network connection (shown in Figure 2), while the Multi-Channel (MCR) version permits the integration of up to 4 serial networks. The Router then transports both IP data and serial data on the same output channel, called the Broadband (BB) Bus. The SCR has a single BB Bus, while MCR would have as many separate BB Buses as serial network inputs on the LF Bus. In this architecture, the Shared Wire multi-channel, multiplexed access bus is implemented on the BB Bus wiring. 

Figure 3: Typical Access Control System Architecture

Figure 3: Typical Access Control System Architecture

Each Router is connected to one or more PCN Switches on the BB Bus. A SCR would be capable of driving up to 4 switches, while a MCR has the capacity to drive up to 16.  Each PCN Switch has as input the BB Bus wiring from its Router. Serial network outputs are connected to its LF Bus, while its 3 IP ports enable the establishment of a redundant management IP network between the Router and the Switch. Network established with MCRs and Switches have the ability to integrate up to 48 IP Edge devices, and 4 separate serial networks, each potentially having a different protocol. SCRs, on the other hand, will be able to handle 12 IP Edge devices and a single serial network. In each case, the IP network would co-exist with the serial network without any impact on the performance of one network from the other. In our current product implementation the BB Bus as well as the LF Bus consists of standard twisted pair (TP) or untwisted pair (UTP). In addition, the technology has been validated on a variety of analog and digital wiring.

In terms of real-world applications, PCN products have been successfully applied on legacy access control and  BACNet networks operating at data rates ranging from 9600 Baud to 76.8K Baud. In addition, PCN products have also functioned on legacy building automation buses without issue. In both cases, IP data rates in the range of 1 - 4 Mbps were recorded consistently at the edge. This implies that while the example shows the integration of a simple device such as a thermostat, PCN products are capable of supporting the data needs of any upgrade that may be required in existing BMS. The SCR may either be connected directly to the Cloud, or integrated with the corporate IT infrastructure for the delivery of web services. 

Access Network Transformation using IP-485 Networks

Consider a typical access control system architecture shown in Figure 3. It has a collection of card readers connected to the access panel, many of which may be connected to the access control server in the data room. In legacy systems, each access panel has the ability to connect to a small number of readers and a corresponding number of electronic locks using simple Weigand wires. When a card is placed near the reader, their information is read and passed on to the access panel, which in turn, communicates with the server, confirms that the person holding the card is allowed access. With this confirmation, the access panel is able to instruct the electronic lock to open. Without the confirmation from the server, the access panel does not send out the “open” instruction to the door lock.

Communication between the reader and the access control panel is simplex, using a proprietary protocol. More recently, this has been implemented to be full duplex using ZigBee. Communication between the access panel and the electronic lock, traditionally, uses Weigand wires, but has also been recently switched over to ZigBee. Communication between the access panels and the server is serial, and managed using a simple polling, Master-Slave, or Token Passing arbitration scheme on a twisted or untwisted pair of wires. Most servers do have the ability to connect to the Internet, but only for remote log-in and update of database associated with who is permitted access to the facility.

Starting from the edge, tomorrow’s access control will ultimately have IP-enabled card readers. There are two motivations driving this change. First is that while traditional readers only deal with simple “mag-stripe” cards, IP-enabled readers have the ability to integrate the use of  “smart cards,” and conduct the initial validation directly between the reader and the card. Secondly, IP-enabled readers can be easily made secure with third-party software. Secondly, access control panels will also be IP-enabled. In addition to the security advantages already discussed, each IP-enabled access control panel is capable of driving tens of IP-enabled readers (as an example, many legacy access control panels can only integrate 2 readers, while IP-enabled panels can integrate 64 IP-enabled readers). Third, instead of having the access control server and database in the premises, tomorrow’s system will be connected to a servers and storage that reside in the Cloud.

Figure 4 shows the implementation of the access control upgrade using IP-485. In the figure, we use an SCR or MCR at the head-end depending on the number of access panels that need to be supported. The server resides in the Cloud and is connected to the PCN Router. The Router, in turn, is connected to an appropriate number of switches on the existing wiring in the facility. Each switch can service up to 3 IP-based access panels in its proximity, and modern panels have the ability to communicate both with the reader and the electronic lock using ZigBee. As a result, the entire upgrade, on the infrastructure side of the problem, requires the change-out of locks and card readers, and the replacement of the in-premises servers and databases with their counterparts that reside in the Cloud. The entire wiring infrastructure is maintained. Since PCN routers and switches are broadband, they deliver bandwidths that are adequate for future expansions.

Figure 4: IP-Enabled Access Control using IP-485
Figure 4: IP-Enabled Access Control using IP-485


In this article, we have presented a new technology called IP-485 and described how it may be deployed to transform existing access control infrastructure into one that can support IP-enabled devices that are connected to the Cloud. The technology has been applied successfully on a variety of access control configurations and data protocols, and has operated on both twisted pair and untwisted pair wiring. Both daisy chain and multi-drop wiring topologies have been considered in the testing. At present, the products are beginning to proliferate within the market leaders in building automation, security and access control applications, and we anticipate rapid adoption of the technology in a number of Use Cases in the near-term.


[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]


Want Ads

Our Sponsors