Very high security accesses control system
04/06/2009
THE EXIGENCY.
The Slovenian company E-Funds d.o.o. won at the beginning of this year a service contract for the credit cards’ management conform to EMV standard (www.emvco.com) of VISA for Slovenia. The service of credit cards’ management provides smart cards’ initialization with installation of EMV applications for interfacing with inter-bank circuits for payments and PIN and PUK security codes' modification. VISA (www.visa.com) imposes very strict safety rules to its managers. Among these, in the labs where these cards are handled, is required installing an accesses control system, enable to ensure the identification of a certain subject (through fingerprint image verification), plus two people simultaneously must be found always in the secure- protected area, that means they must enter and leave in pairs during access to safe area.
For the safe area’s execution E-Funds has chosen Infordata Sistemi S.r.l. company, because it’s already accredited as a quality provider for DINERS credit cards and because it had previously accomplishments’ references of tailor-made accesses control systems.
THE SOLUTION.
Visa's apparently simple requests led to the creation of a complex system based on RFID and biometric readers.
The Installed solution requires that in order to open the door two people on two different sides of the door must authenticate simultaneously, first with a RFID badge and then with a fingerprint image. To access in the safe area, twice authentication is necessary to open the armoured doors. To exit, both authorised persons must always, authenticate otherwise they remain in safe area, in the vault, with reinforced concrete walls, often more than 1m thick. A camera takes pictures of both persons on each authentication.
Subsequent to characteristics' required analysis, Infordata conducted a project for the accesses control system providing four phases: construction modifications, installation of electrical set of facilities and hardware, installation of a personalised software and ultimately systems' screening.
In project's first phase involving construction modifications, it was decided mainly on specific demands' evaluation and following an area examination, with the intention of realising a double gate to access in the secure protected area. The idea of double-gate was inspired by another system of toll lanes: the exit from double bar parkings, which ensures unique exit of each car.
In the second phase, terminals for accesses control were chosen, evaluating the capabilities and characteristics required for installation. Preference has been given to iGuard devices (www.iguardsystem.it) and, precisely on LM520-FSC model with biometric reader and RFID. These terminals are considered as optimal for various features:
a) identify a person by fingerprint image’s verification, which can also be saved on a proximity card fulfilling in such way the obligations for privacy ); b) command relay’s opening connected to electronic-locks;
c) have a web-based communication interface (patented technology) through a TCP / IP connection to corporate LAN. The sensor used by iGuard is a capacitive one (of Veridicom) and due to its characteristics permits to obtain greater safety in recognition compared to other types of scanners, such as the optical ones. Furthermore, LM520-FSC model reads fingerprint template from Mifare S50 cards, consequently in a "safe" mode.
For security reasons, we have not used normal relays, but codified ones, IG-ER-01, interfaced to 'iGuard through a BUS485. In such modality, electronic locks are not excited by iGuard readers' relay, but by external codified relays, which are installed in a closed box inside of the secure-protected area: after authentication with iGuard, an encoded signal is sent via RS485 to codified relays.
We have also installed magnetic sensors attached to iGuard to ensure compliance of system with the necessary requirements: these detect whether a door is opened or closed. In this way, iGuard can send an alarm signal if a door is opened. Finally, AXIS IP cameras (www.axis.com) are added to the system with two purposes: to introduce a classical video surveillance system and create a photographs' database of all persons entering or leaving the secure- protected zone: In such way, the sector can be safely monitored, preventing unauthorized persons from entering to the safe area. IP chosen cameras were AX207. As the most "economic" in AXIS house, yet they posses characteristics which are sufficient for the project's purpose.
The third stage provides configuration of iGuard devices and the installation of a software on a server. The accesses control system’ management is realised with a software's interface web installed directly on iGuard-s, while the server software is simply used to back up data accesses on a local database and to save videos and pictures provided by AXIS cameras.
THE ADVANTAGE.
Through any Internet browser, it is possible to get all accesses details, time spent in the safe area, unauthorized accesses' attempts and any eventual anomalies, as well as to modify access policies applied to involved operators.
Access modality is realised currently with all necessary requirements through this system. So to open the first door, two people are authenticated through fingerprint image verification in sequence and in a limited time (15 seconds), after the door’s opening they enter in a disengagement or between two doors; to open the second door, accessing the secure area, they must first close the first door and together authenticate again on the second one. Both persons must perform the same procedure when exiting, but reversed, to ensure that no single person has remained in the secure –protected area.
The installed system is tested and certified by VISA as conform to the requirements on facilities' safety for EMV credit cards management, becoming a model used by all bureau services engaged in the same activity.
This case study is published in June edition of Essecome magazine.
