September 2021

Access Control Models

Access Control Models

Access Control Models

Access control plays an essential role in the security of many businesses by allowing personnel to restrict or grant access to specified locations or resources. Currently, there are four primary types of access control models: mandatory access control (MAC), role-based access control (RBAC), discretionary access control (DAC), and role-based access control (RBAC). Each model outlines different levels of permissions and how they are assigned. To learn more about the four main types of access control for businesses and determine which ones best suit your company’s needs, continue reading.

Background

Consider one of the most crucial assets in a company, and access control systems hold significant value. The term ‘access control’ refers to “the control of access to system resources after a user’s account credentials and identity has been authenticated, and access to the system has been granted.” Access control is used to identify a subject (user/human) and authorize the issue to access an object (data/resource) based on the required task. These controls are used to protect resources from unauthorized access. Three main types of access control systems are Discretionary Access Control (DAC), Role-Based Access Control (RBAC), and Mandatory Access Control (MAC).

Discretionary Access Control (DAC)

Discretionary access control is the least restrictive type of access control. Under this system, individuals are granted complete control over any objects they own and any programs associated with such entities. The individuals can then determine who has access to their things by programming security level settings for other users.

DAC is a type of access control system that assigns access rights based on rules specified by users. The principle behind DAC is that subjects can determine who has access to their objects. The DAC model takes advantage of using access control lists (ACLs) and capability tables. Capability tables contain rows with ‘subject’ and columns containing ‘object.’ The security kernel within the operating system checks the tables to determine if access is allowed. Sometimes a subject/program may only have access to read a file; the security kernel makes sure no unauthorized changes occur.

Implementation 

This popular model is utilized by some of the most popular operating systems, like Microsoft Windows file systems.

Role-Based Access Control (RBAC)

RBAC, also known as non-discretionary access control, is used when system administrators assign rights based on organizational roles. It presents an opportunity for the organization to address the principle of ‘least privilege.’ That gives individuals the access needed to do their job since the key connects to their job.

In these systems, predefined roles are associated with specific permissions. Because of its simplicity, this type of access control system is one of the most popular forms used in businesses. However, RBAC does have some drawbacks. For example, RBAC can’t grant one-time permissions when an exception to the standardized licenses is necessary.

Implementation

Windows and Linux environments use something similar by creating ‘Groups.’ Each group has individual file permissions. Each user is assigned to groups based on their work role. RBAC sets access based on roles. That is different from groups since users can belong to multiple groups but only be assigned one role. Example roles are accountants, developers, among others. An accountant would only gain access to resources that an accountant would need on the system. That requires the organization to constantly review the role definitions and have a process to modify roles to segregate duties. If not, role creep can occur. Role creep is when an individual is transferring to another job/group, and their access from their previous job stays with them.

Mandatory Access Control (MAC)

Mandatory access control is widely considered the most restrictive access control model in existence. This type of access control allows only the system’s owner to control and manage access based on the settings laid out by the system’s programmed parameters. Such parameters can’t be altered or bypassed. The end-user doesn’t have control over any of the permissions or privileges. They can only access points that the system owners allow them to access. Because of its high level of restriction, MAC is usually used for facilities or organizations that require maximum security, such as government facilities.

Considered the strictest of all levels of access control systems, the government commonly uses the design and implementation of MAC. It uses a hierarchical approach to control access to files/resources. Under a MAC environment, access to resource objects is held by the settings defined by a system administrator. That means access to resource objects is governed by the operating system based on what the system administrator configured in the settings. Users can’t change access control of a resource. MAC uses “security labels” to assign resource objects to a system. There are two pieces of information connected to these security labels: classification (high, medium, low) and category (specific department or project – provides “need to know”). Each user account is also assigned classification and category properties. This system provides users access to an object if both properties match. Suppose a user has high classification but is not part of the category of the thing. In that case, the user cannot access the object. MAC is the most secure access control system but requires considerable planning and high system management due to constantly updating things and account labels.

Implementation

Other than the government’s implementation of MAC, Windows Vista-8 used a variant of MAC with what they called, Mandatory Integrity Control (MIC). This MAC system added integrity levels (IL) to process/files running in the login session. The IL represented the level of trust the object would have. Subjects were assigned an IL level, which was set to their access token. IL levels in MIC were: low, medium, high, and system. In that system, access to an object was prohibited unless the user had the same level of trust. Windows limited the user not to being able to write or delete files with a higher IL. This system took advantage of the Windows DAC system ACLs. It first compared IL levels, then checked the ACLs to ensure the correct permissions were in place. It combined it with integrity levels to create a MAC environment.

Rule-based access control

The last of the four main types of access control for businesses is rule-based access control. This system assigns or denies user access based on dynamic rules and limitations defined by the owner or system administrator. Such rules may limit access based on several unique situations, such as the individual’s location, the time of day, or the device being used. The ability to customize rules and permissions makes RBAC an ideal form of access control for businesses that require a dynamic security solution.

What is Web based access?

What is Web based access?

What is Web based access?

First, what is web-based access control? Web-based access systems connect all security devices via an internet connection and allow users to manage the system using a web-based interface. That eliminates the complex software installations on an onsite server necessary for a traditional, “client-based” access control system.

Moreover, implementing web-based access control solutions is significantly more straightforward because there is no need to install complex server equipment onsite.

That means that all web-based access control solutions share several immediate benefits compared with traditional client-based systems:

  • High initial costs for servers and related infrastructure spending are eliminated.
  • Installing web-based systems takes less time and is easier to scale to include further sites
  • Browser-based software is upgraded automatically by the vendor, so end users don’t need to worry about updates
  • Systems are less complex to maintain on the front end, so end users require less intensive systems training to manage web-based systems effectively

Type 1: For single or temporary sites

That is the most straightforward variation of a web-based access control solution and is most suited for single sites with few access control doors.

This type of solution makes electronic access control system accessible to small sites without incurring significant capital investment. Specific solutions on the market today offer support for up to 30 doors and 5000 user credentials.

One-off sporting and music event venues may also make effective temporary use of this kind of system.

Type 2: For more significant high-security sites

Even though this solution also uses the internet to connect the system, all system data is kept on a dedicated onsite server on one of the client’s sites.

This solution is ideal for larger organizations with strict security standards for data storage. It allows data from multiple sites to connect to a single server while allowing users to manage all data onsite.

Typical solutions on the market allow users to manage 1000 doors through their web browser and add up to 500 000 users per control panel.

Type 3: Data hosted on the "Cloud"

In the last type of web-based access control system, all data is hosted externally on dispersed data centers provided by the solution vendor. That eliminates geographical constraints on expanding companies’ security systems and provides users with comprehensive data redundancy measures.

This type of solution allows multiple users to share the same data management infrastructures in the same way as an electric power utility. That enables end-users to share costs and pay according to how much they use the vendor’s facilities, bringing considerable cost-saving opportunities.

Potential disadvantages

While web-based access control systems often represent a superior value-proposition to traditional systems, there are several potential disadvantages to bear in mind. First, all web-based solutions are too dependent on network stability. That means that systems in specific geographic locations may share the same vulnerabilities as the regional network infrastructure required to use. Data security is also a significant issue for web-based access control, even for users that manage security system data onsite. Therefore, users must take precautions to implement firewalls, VPNs, and other measures to protect their web-based systems.

Many internet-based access control solutions on the market today still need to expand their integration capabilities with other systems such as building management, fire security, and mapping systems before becoming a viable addition to a company’s facility management systems.

Lastly, many companies may find that strict global corporate security standards. It will limit their scope for deploying relatively new technologies like internet-based access control systems. Though this will no doubt change as the technology becomes more established and widely adopted.

So is internet-based access control the same as "cloud-based" security?

Many security professionals will no doubt be aware of another security technology buzzword: “cloud-based security” or “security as a service (SaaS).” In comparison, cloud-based security solutions are indeed all IP-based. It is important not to assume that internet-based access control solutions are all cloud based access control. Some solutions sell internet-based hardware, including dedicated server devices specific to the individual client. On the other hand, accurate cloud-based access control security solutions make their data management infrastructures available as continuous service. Host their data on an indeterminate number of servers shared by multiple users. We will explore the range of cloud-based security services currently available in a future article.

Introduction to Cloud Based Access Systems

Introduction to Cloud-Based Access Systems

New technology is modernizing and improving access control system as the security industry expands to keep up with modern businesses’ needs. While access control solutions are still satisfactory for many companies, cloud based access control systems are growing steadily. Many access control experts predict a sharp increase in the number of customers who will request cloud based systems in the next few years, but why? Isn’t all access control designed the same way?

While they may seem small, the differences will have enormous implications for the security industry in the future. Learning about them now can help businesses transition to these new systems and make the switch even easier for access control companies. Some of the most prominent features to look out for in these new cloud based systems include:

CONVENIENCE FOR USERS

One of the main benefits of cloud based access control is how quick and easy it is to set up. Overall, these systems are more streamlined, which helps speed up installation, and intuitive, which helps companies adjust and learn them quickly. They also make access control more accessible; if a system is easy enough to use, anyone in the office can interact with it daily. No training sessions are necessary. In addition, many companies that offer cloud based access control also provide free remote tech support. So, managers and employees can troubleshoot and update their systems without needing technicians to be physically present. Finally, customers can use their mobile phones to access a system instead of a physical key card. Meaning no more lost or stolen cards that need replacing –yet another added convenience.

COST-EFFECTIVENESS

Over time, cloud based access control systems have proven to be cheaper for the customer. Many of the features listed above already contribute to lower costs (for example, not having to buy new vital cards every so often). The cloud based system can automatically update itself every time the access control security company releases new software at no extra cost. There are no routine maintenance appointments to schedule and pay for. There is also no need to redesign a cloud access control, even if a company triples in size. These systems are scalable and can be easily adjusted to handle any number of employees without rewiring an entire setup. Not only is this good news for customers, but it’s also great news for integrators. These extra services are no longer necessary, proving that the features in a cloud based system aren’t just cost-effective – they’re time-effective, too. 

ADDED SECURITY

At first glance, a cloud based system may not seem more secure than current access control systems. Who guards the data up there? Isn’t it easier to hack? These questions are valid, but cloud based systems have been proven to store data safely and securely. Instead of on a local server, a company’s data is stored on a secure remote server up in the cloud. Managers and employees can access the database from anywhere via their mobile phones. The information itself is backing up, meaning that if the cloud server were ever to crash, the data would remain safe. This extra layer of security can provide both customers and installers with peace of mind in times of emergency or a power outage. Additionally, if a security breach does happen, having data in the cloud makes it easier to retrieve. The company can access analytics faster than ever to identify where the infringement occurred and fix it.

OPPORTUNITIES FOR CUSTOMIZATION

Cloud based access control makes customizing your system more accessible than ever. A business with more than one location can monitor every site from one device using one infrastructure. There’s no need to set up servers in each building or spend time installing more costly hardware. Customers can also personalize their security reports. Many cloud based systems offer the option to send texts or other alerts when systems detect suspicious activity, such as increased traffic through a particular door. When setting up their plans, companies can install products that mesh well with their specific security goals. For example, suppose the business prioritizes activity logs and grants or denies individuals access to particular rooms. In that case, the design of their security system can reflect those goals. Companies can also integrate many software solutions they already use into their systems, which helps further smooth the transition into using cloud-based technology. Many systems also offer the ability to designate different levels of control to other people within an organization. All these options make cloud based access control easy to customize and simple to use in the workplace.

ASSISTANCE IN COMPLYING WITH REGULATIONS

cloud based access control ability to regularly update itself means a business’s security is always modern and state-of-the-art. Suppose a company needs to submit access logs or other data periodically. In that case, a cloud based system makes that information easy to find and transmit. Also, automating security processes, like granting or denying access, can help with onboarding and terminating employees. Streamlining the onboarding process means businesses stay compliant. By ensuring the termination process goes smoothly, companies prevent potential human resource disasters from occurring.

INCREASED POPULARITY

Slowly but surely, customers are gravitating toward access control system companies that offer these new features in their systems. Cloud based systems solve problems in the workplace and the security industry – they can increase collaboration between employees and make it easier for customers to communicate with integrators. Installing and maintaining a cloud based system requires fewer person-hours. That means access control security companies can raise their prices, makes the access control market more competitive, and create job security. While the transition can seem awkward at times, shifting to cloud based systems is proving to be a better idea for businesses and access control companies alike.

PROVIDES STRATEGIC VALUE

Since cloud based systems are growing in popularity, businesses can use them as selling points to attract more customers. In addition, the added benefits of storing data in the cloud mean companies can devote more time and energy to other issues, which can give them a competitive edge. It is increasing collaboration, saving money, and reducing the number of headaches in a day. It can help businesses stay ahead of the curve and modernize their approach to customers as cloud based technologies become more mainstream. It will be easier for integrators to install and fix newer systems because most clients will already be on the same page.

9 Best Cloud-Based Access Control Systems

  1. Prodatakey
  2. Kisi
  3. Brivo

4. Openpath                                                  5. SALTO KS                                                  6. Genetec

7. STANLEY Security                                      8. S2                                                                9. Millennium

PROXIMITY CARD READERS

PROXIMITY CARD READERS

Types of proximity card readers

While many proximity readers may look the same, they can function very differently depending on their power supply and connecting back to the access control system. There are four common types of proximity card readers available for access control. When installing proximity card readers, it’s essential to know which class provides the best security for your space.

Wired proximity card readers

The most common type of proximity card reader used in commercial HID access control applications, wired prox card readers include Weigand readers and RS-485 readers. Because they communicate using the Wiegand protocol, they are compatible with almost every type of access control system. However, the Wiegand protocol has been around since the 1970s, which means it’s more prone to hacking. To ensure proximity card readers using a Wiegand protocol are secure, choose readers with advanced end-to-end encryption and additional protections against tampering, such as the RS-485 readers from Openpath. These standard prox card readers sometimes include different options and usually support some combination of RFID, Bluetooth (BLE), or NFC formats. 

Wireless proximity readers

Wireless proximity readers are battery-powered to eliminate the need to wire back to a control panel. They are most often used for large deployments in hotels and apartment complexes where it would be cost-prohibitive to wire each door. They usually require localized access points throughout the building to communicate with an Internet-connected central control panel. One of the downsides of this type of proximity card reader is checking and replacing batteries to ensure proper functionality.

Standalone proximity card readers

 These decentralized card readers are limited in functionality as they do not connect back to a control panel. Because they have no data connection, they cannot be managed or programmed remotely, which is why they often include a PIN pad. When installed on the unsecured side of the door, they’re also prone to tampering and hacking, as they store sensitive user and credential access control data locally. These proximity card readers are best-suited for small internal deployments that won’t need added security features, such as a supply closet.

IP-connected proximity readers

This more advanced reader has no direct connection between the reader and controller. The Ethernet connection allows them to integrate into IT systems for a more automated, flexible security system. However, it’s important to note that this type of system should meet high-level encryption and cybersecurity standards to ensure your space is secure. If your IP is compromised, your building security is also at risk.

Benefits of proximity card readers for access control

There’s a good reason why proximity card readers are so familiar with offices and commercial spaces worldwide. First, they are reasonably simple to implement. Proximity card reader technology has been around for decades. People are familiar with using them, so they require little training or ramp-up time once installed.

Proximity cards can also provide a contactless access experience. Unlike swipe cards, prox cards don’t need to be inserted into or swiped through a reader to work. The proximity card has a metallic antenna coil embedded inside that holds encoded data. The proximity card readers use an electromagnetic field to detect nearby cards and transmit data through the reader to the HID access control panel. The control panel sends a signal back to the reader to trigger a door unlock if the card is authorized. You can also use proximity technology in critical fobs, clamshell cards, or stickers. That is great for implementing touchless technology to create healthier spaces.

Proximity card systems can provide businesses with trackable entry activity and data analytics for their space depending on the access control software. A cloud-based access control platform like Openpath will give the most flexibility, giving administrators and facilities teams remote access to manage their HID access control system from anywhere.

Security concerns and pitfalls of proximity card readers

As with any good physical security measure, your proximity card reader needs to be secure and reliable. A well-known legacy access control system may seem like an intelligent choice. Still, because this technology has been around for many decades, there are some security vulnerabilities to be aware of. When looking at how someone would compromise a proximity reader, there are a surprising number of exposures. For example, almost anyone could hack an HID proximity card reader with a device purchased online. If your proximity card reader has any of the following vulnerabilities, it’s time to upgrade.

  • Short read range — The read range is the distance the reader can detect a nearby credential. The read range will vary by device. Distance is an important consideration when installing a security system. For example, a turnstile or front door should have a shorter read range so that people need to be close to the reader to request an unlock. That will help prevent tailgating incidents. However, for parking garage deployments, the read range needs to be farther to account for vehicle size and users’ credentials to communicate with the reader from inside the vehicle. 
  • Hackable backend hardware  Door access readers are unfortunately a popular target for criminals who want to steal data and vandalize businesses. One thing to keep in mind when installing new readers is backward compatibility. Suppose you’re running your security system on outdated legacy backend hardware. In that case, even the most advanced prox card readers could be exposed to security vulnerabilities. One way to combat this on a hybrid access control system model is to use a system with end-to-end encryption at every level of communication, with extra protection against hardware hacking.
  • Data stored locally — Some proximity readers store data at the local level, making it easy for potential criminals to gain access to it. This often-overlooked security pitfall could compromise your entire system. Openpath’s card readers are setting up as a blind proxy between the credential and control unit, so they offer no value to hackers looking for a way in. They also have built-in alerts against tampering. 
  • No backups or fail-safes — In the case of a power or Internet outage, a backup power source is essential to keeping your system up and running. Without a backup option or a failsafe protocol, people could be locking out of the building, or the doors could remain unlocked without you even knowing. Make sure your system offers offline functionality so you don’t get locked out in an emergency and a way to connect to an alternative power source or backup battery. 
  • Key cards are quickly coping — Key cards are one of the most widely used access methods for businesses worldwide. However, some key fobs and cards pose a serious security risk. Like those with low-frequency HID proximity card readers, they can easily copy many standard vital cards with a $10 device. Instead, look for systems that offer more secure prox cards. Openpath uses DESFire EV1 128-bit AES cryptographic cards with digitally signed identifiers. They provide the most robust encryption and security available, with no publicly known vulnerabilities.

Planning, costs, and installation for proximity card readers

There are a surprising amount of factors that go into choosing the right access control system for your space. When it comes to finding a proximity card reader that works for your building, an HID access control installer will look at the locks on your doors. The wiring needed for the system, the amount of space you have, and other desired security features before installing new readers.

Door locking mechanisms

Not all HID access control providers are compatible with all door locks. However, proximity card readers are designed to work with the electric, wired locking mechanisms common in most commercial spaces. Your access control system installer will tell you what type of security systems are compatible. If you’re starting construction from scratch, consult a security expert to get the best door locks installed in your building.

 

Mounting specs for prox readers

One of the things an HID access control consultant will check before recommending a product is the space required to install your desired prox card reader. Depending on your area, some proximity card readers may not fit, especially if you’re working with a narrow doorway. Aesthetics are also something to consider at this time. The incumbent HID proximity readers can look bulky and dated in a modern office environment. Openpath Smart Readers are award-winning for their sleek, elegant design, which can be mounted flush with the wall to blend right into your space. The Openpath readers come in Standard size and a slimmer Mullion option for space-saving installation.

 

Wiring architecture

One of the top concerns with upgrading an existing system is having to rip and replace all the old wiring for the new hardware when it comes to HID access control. One of the benefits of proximity card readers like Openpath’s Smart Readers is standard wiring architecture. That means installation is quick and straightforward and won’t require tearing out the existing wiring. Not all proximity card readers use standard wiring, so it’s essential to work with an integrator when planning your access control installation to understand the full scope of the project.

 

Proximity card reader cost

It’s essential to have a budget in mind before you start an access control project. The cost of your system will depend on your existing infrastructure, how many readers you need, and the type of credentials you choose. Remember that crucial cards can be costly to maintain, and you’ll need to order replacement cards frequently. Choose a product designed to be future-proof with a more flexible reader that can accommodate different access methods (like mobile credentials) and connect to other building systems. You’re less likely to need to replace the system every few years to keep up with the most recent security developments.

Is a proximity card reader system suitable for your space?

Proximity card readers are an excellent choice for commercial spaces that need convenient, contactless access control. A proximity reader system allows you to secure office spaces, lobby turnstiles, and parking garages with modern access control solutions.

Before deciding on a system, ask yourself what is most important for your building security. If you want a combination of mobile access control credentials and prox cards, ensure the proximity readers you choose can support flexible credential types. Openpath offers encrypted DESFire EV2 access cards, which can be used alongside convenient mobile credentials; plus, Openpath is backward compatible with many legacy access cards. That means that once you install Openpath Smart Readers, you won’t have to re-issue new prox cards to your entire organization.

Additionally, security experts recommend HID access control solutions that run on a cloud platform, which is often more secure and easier to manage remotely. Openpath’s cloud-based access control software ensures a smooth transition, seamlessly integrating with leading directory management platforms to sync users automatically. Plus, the remote platform allows admins to issue or revoke credentials at any time instantly.

Schedule a site walk with a security expert if you’re thinking about installing a proximity card reader with an access control system for your space. They’ll perform a security audit, evaluate your area, and identify where and what type of system is best for you. Contact the security experts at Openpath today to get started with a custom price quote.

Firmware Update

Firmware Update ESCU, Net DCD-n, and EDCD

How to update the ESCU/EDCD firmware with SCU Configuration Utility.

Steps to Update ESCU Firmware

  1. Run SCU Configuration Utility (SCUConfigurationUtility.exe)
  1. log in to the software. The default Password is admin.
  1. Select Device > Upload

4. Select SCU in Hardware Type.
5. Browse for the firmware file (ELF.s19 extension) and select the file

  1. Press the Upload button

For EDCD firmware operator should enter the EDCD board address.

How to Factory Reset the ESCU or Net DCD-n

S5 Factory Reset Method

Use the S5-1 or S5-2 switch and the Tamper switch to reset the ESCU back to the factory shipped state (e.g., IP = 192.168.0.254). The process of resetting the ESCU using the S5 control is the ‘True’ factory reset. S5 and S4 will put the board back to the factory shipped state.

  1. With ESCU powered OFF, set S5-1 to the ON position.
  2. Power up the ESCU. The D3 Watchdog LED will be on.
  3. Press and release the Tamper Switch three times, then set S5-1 OFF.
  4. The Watchdog LED will go off for a few seconds, then flash slow.
  5. Setup screen will revert to the default settings:

 IP address: 192.168.0.254

 Subnet Mask: 0.0.0.0.0

 Gateway: 0.0.0.0.0

 Port: 2200

 No Password

 Speed: 4800

The MAC address is permanent and does not reset.

Alternate Reset Method

C20 Board Reset – Alternate Method

The S5 and C20 resets are somewhat different. Shorting C20 deletes memory from the board (i.e., current configuration and history of transactions) and resets the ESCU’s Owner Name back to the default of Demo. Not for sale. Resetting using C20 retains IP address, Baud rate, Ping setting, and Gateway. The Owner Name is downloading to the ESCU. The ESCU will only communicate to the software if the Site Name in the software = Owner Name. C20 is useful if the ESCU previously spoke with a different Millennium system and the Owner Name needs to be reset to come online with the new system.

Steps to Reset using C20

  1. Turn POWER OFF
  2. Short across capacitor C20 (the small SMT cap between RAM chips U7 and U8 for Ten seconds.
  3. Turn the Power back on.

How to wire Power

How to wire Power, Grounding, EIA-485, and Ethernet

Power and Grounding (ESCU / Net DCD-n and EDCD)

The PS1 Power Supply includes a line conditioner for the EIA-485 (RS-485) chain that is important to get optimal distance and baud rate for the EDCDs.

The ESCU / Net DCD-n and EDCDs must share standard Power GNDs.

If the number of devices connected to the power supply is ten or fewer, may use a smaller cable.

Local electrical codes may require plenum-rated cable or conduit.

Always check local codes before running any cable.

For UL Listed systems, the power supply shall wire through a conduit.

EIA-485 (RS-485) (ESCU and EDCD)

The ESCU and EDCD use Half Duplex EIA-485 (RS-485). Connect to J1, as shown in Figure 3-2. Use shielded twisted pair cable with the shield grounded to chassis ground at one end only. (Recommended to use equivalent to Belden 3106A.

 

The ESCU / Net DCD-n and EDCDs must share common EIA-485 GNDs.

EIA-485 Specifications

The maximum Speed, Cable Length, and Number of EIA-485 nodes are dependent upon each other and

many other factors.

less than 5-10 feet, preferably about 3 feet. More extended stubs will attenuate the signals if the node’s connection point (stub) is excessively long. A long stub causes a significant impedance mismatch and signal reflections. Should keep all stubs as short as possible.

  • The maximum cable length is 4000 feet (1200 M).

 The baud rate is a function of the quality of the EIA-485 (RS-485) wiring:

  • Distance
  • Cable type (twisted pair, shielded)
  • Wire gauge
  • Number of T-taps
  • Number of EDCDs.

 Possible need for termination. A termination resistor of 120 ohms on each end across the Data+ and Data- pins on long cable runs can improve the signal distortion.

Ethernet (ESCU and Net DCD-n Only)

Network Adapter in J13 supports:

  • 10/100 bits/sec. Use minimum CAT 5, CAT 5E preferred.
  • Auto Speed detect
  • Auto Crossover detect
  • Half duplex.
  • Yellow LED indicates Carrier connection. No communication will occur unless the YEL LED is lit.
  • Green LED indicates TCP/IP activity over Ethernet.

ESCU, EDCD, and Net DCD-n Install Guide 3–5

How to Wire Readers, Inputs, Outputs

This section describes how to wire the following supported Reader interfaces:

 Wiegand Signaling (Data 1 and Data 0)

 Magnetic ABA Signaling (Clock and Data)

 MARLOK Signaling (Clock with two Data tracks)

Readers - Wiegand signaling

J6 has the Power, Data One, and Data Zero signals. Power can be either 12VDC or 5VDC. For UL compliance, the recorded range for compatibility on the outputs is 5 – 13VDC.

J1 has Red and Green LED drives. (GND when true)

J7 provides for the REX input if required.

Readers - Magnetic signaling (ABA Track 2)

  • J6 has the Power, Clock, and Data signals. Power can be either 12 VDC or 5 VDC. Reader Power has PTC short circuit protection at 200mA.
  • J1 has Red and Green LED drives. (GND when true)
  • J7 provides for the REX input if required.

Readers - MARLOK Signaling

UL DID NOT EVALUATE the MARLOK wiring setup and shall not be enabled in a UL 294 compliant system.

J6 has the Clock and Data signals.

J5 has Power (MAR VSOL), the VSOL signal and the Green MAR VLED drive.

Connect access control System reader device to Door Control Device (DCD) board.

Use six-conductor Leader Cable, supplied by Millennium access control Group for Keyloks and Keyreaders (unshielded).

May also use the unshielded Millennium access control Group leader cable with specific Wiegand devices and card readers that do not require SHIELDED cable.

Recommended cable length for Keyreaders and Keyloks is 15 feet–maximum.

Length MUST NOT exceed 35 feet. To avoid interference at this higher limit, must run the cable. Separately—not bundled with other wires.

Inputs

  • Inputs 1 through 4 are supervising with 1K ohm resistors, a
  • Inputs 5, 6, and 7 are non-supervised, Normally Closed circuits. Input 7 is used for the Door State Monitor (DSM) and can use inputs 5 or 6 for a UPS battery low signal. There is a particular input for the External Tamper. Use any one of the GND Returns for the External Tamper Return.

Relays (Outputs)

J2 and J3 provide the Common (C), Normally Closed (NC), and Normally Open (NO) pins for the two relays.

These Dry relays (Dry = requires external power) are typically used for the Door Latch and possibly an

automatic door opener.

For UL 294compliance, the relays are to be loaded to a maximum of 24VDC, 4 Amps. (Suitable for inductive loads.)

Relays are rated at 10 Amps with PTC thermistor over current protection at 4 Amps.

Use the Suppression Kit supplied with EDCDs to provide strike protection.

Install a diode across the door lock if the power supply is DC to suppress the energy surge. The cathode must be on the positive side of the strike.

If the power supply is AC, install a varistor across the door electric strike.

NetDCD Problems

Greatly improved communication speeds. About 10 times faster than the original DCD, if used with the Enhanced Site Control Unit (ESCU) or NetDCD.

Millennium NetDCD Problems

Quick setup steps:

1) Connect power and the Ethernet connection to the board

2) Connect to the board using the Configuration Utility (admin/password=admin/admin)

3) Change the DHCP mode to no, and assign a pre-determined IP address

4) Assign the correct gateway & subnet mask addresses

5) Ensure remote host is set to 0.0.0.0 (used in 90% of installations) unless using controller to host function – if so, enter the IP address of the server as the remote host; in the software, use “controller to host.”

6) Change the “Owner ID” to what matches the “Controller Owner ID” precisely, or highlight the default “Owner ID,” “Demo. Not for resale”, delete it, then hit save. The board will then connect with any Millennium access control system that tries to communicate with it first.

(The “Controller Owner ID” can be found under Hardware Configuration)

Troubleshooting tips:

“The IP address, subnet mask, and gateway are all set correctly, but the site still isn’t coming online in the software”

A) Check the “Owner ID” and ensure that it is, character for character, the same as the “Controller Owner ID” in the software.

B) Restart all Ultra services from the diagnostics menu.

C) Make sure that the “online” box is enabling for the site controller in the programming.

D) Check that another device hasn’t already taken the IP address on the network.

E) Check that the Mac Address / IP Address isn’t blocked/is allowed on the network.

F) Check the encryption settings, that they are off or matching the software correctly.

G) Check if the remote host is entered correctly in the board configuration.

“The configuration settings will not save after changing them, then clicking the save button.”

A) Instead of using the web interface, use the configuration utility.

B) If this error is happening with using the configuration utility, download the latest version.

“The board does not appear on the list of devices when hitting search in the configuration utility” 

A) Factory default the board by following the complete install/hardware guide, Mgiaccess.com

B) Ensure that the network is not blocking the MAC address.

C) Ensure that the computer firewall trying to connect with the board is turning off.

D) Ensure the computer trying to connect with the board is within the IP range of 192.168.0.XXX as after the panel is factory defaulted. The IP address becomes static @ 192.168.0.254

“The doors or one door is not coming online.”

A) Ensure that the door address programmed in the NetDCD is not conflicting with the physical rotary address of another DCD, if a door, and SCU if a site.

MILLENNIUM MOBILE CONNECT

MILLENNIUM MOBILE CONNECT

MILLENNIUM MOBILE

The Millennium mobile connects access control system credentials offers access to secured buildings, rooms, and common areas with one click from any internet-connected smartphone.

Mobile Connect provides increased security, enables ease of operation, and the flexibility to quickly access contron doors by approved users. All mobiles connect credentials are securely managing through the Millennium software platform. They are efficiently assigning through the administrator to all mobile-enabled employees, students, or assigned personnel.

The Millennium mobile connect is the most versatile mobile access system in the market as they work with any reader. One does not need to replace existing hardware to use the mobile credentials. Unlike the competition, the system is designing to work with any entry hardware linked through the Millennium access control software.

When using the mobile connect app, the system operator must first register mobile credentials within the Millennium software platform system and provide the users with the necessary software permission.

System operators have complete control over issuing and revoking credentials. Revoked credentials can be reassigned, allowing for continued flexibility.

Easy to set up

Easy to use

Flexible features

FEATURES

  1. Digital keys access control any pre-approved doors.
  2. The perfect blend of secure cloud based access control and mobile flexibility
  3. Customize the app to prioritize favorite doors for a simplified experience
  4. A secure system allows you to manage the software from any location.
  5. Available for free download from the Google Play and Apple app stores
  6. The system is online via the Millennium Ultra software platform.
  7. Free updates are available and are applied periodically.
  8. Full administrative access through the cloud-hosted solution or via local installs of access control software
  9. Grant guests’ temporary access through the app
  10. Save money on replacement cards with accessible credentials reassignment.
  11. No hidden costs, with simplistic free downloads
  12. Works with ALL readers. No need to replace existing hardware
  13. Available with client and cloud-hosted applications of Millennium Ultra

Install the app!

Types of access control

Types of access control

Types of access control solutions

There are many different types of access control systems for commercial buildings and businesses. Still, not all designs will be the right fit, depending on the size of the deployment, the number of users and entries, and the level of security required. For example, a single office inside a commercial building will need different security controls than a hospital or large warehouse facility.

Discretionary access control (DAC)

Discretionary access control security is the least restrictive and recommended type of access control system for commercial and business security.

Mandatory access control (MAC)

This type of access control is best suited for organizations that require high security and confidentiality

Role-based access control (RBAC)

This type of access control security is best suited for organizations that require high security and confidentiality.

Role-based access control (RBAC)

 RBAC is a user-friendly model and allows administrators to group users and adjust permissions from a central database. RBAC systems usually employ the principles of least privilege and separation of honor, where users are categorized and given the minimum level of access required to perform their job.

Types of Access Control Software

Modern security systems are more technologically advanced than a lock and metal key. They also involve software to control access privileges and authenticate users.

Server-based access control

Traditionally used in large organizations and commercial buildings, on-premise access control systems rely on local servers to host and run the software. Server-based Miami access control usually requires the organization to purchase and renew software licenses and a dedicated IT staff to maintain the servers.

Web-based access control

It is also known as embedded access control solution. This type of access control software uses a web browser application to operate and connects to the LAN to be accessed from any device within the network.

Cloud-based access control

Unlike the other two types of access control software, cloud-based software is hosting on a decentralized server. Usually managed by a third party and regularly syncs with local ACUs. Because the system syncs in the cloud, an internet connection is required to support cloud-based access control.

Types of Access Control Door Readers

Another component of access control systems for businesses is reader technology. Organizations should install door readers that offer the security and controls necessary to secure the building to authenticate credentials.

Keypad readers

A keypad door reader requires a user to type in a PIN or passcode to unlock the door. Keypad access control readers offer good security as there is no physical credential that can be passed around or stolen. However, users could still share their PIN with others, compromising building security.

Swipe card readers

This door card reader works with crucial cards or badges with a magnetic strip containing authentication data. Users swipe their cards through the reader to unlock the door. One consideration with this type of access control system is the daily wear and tear on the hardware and key cards access control means they need to service and replaced more frequently.

Biometric door readers

Often the most expensive door security reader, biometric readers use scanners to identify users by a unique physical feature, such as a fingerprint, iris, or facial recognition. Mobile access control systems with smartphone-based credentials can use the biometrics built into the phone as two-factor authentication.

RFID door readers

Radiofrequency identification technology has many uses, including for access control. With an RFID access control system, the credentials contain information tags that send signals to nearby readers. Most RFID access control systems use passive RFID, also referred to as proximity or prox card technology. Proximity-based access control systems most often use key cards or key fobs for access.

Smart lock door readers

The most advanced and versatile door security readers on this list, intelligent readers, often combine multiple types of reader technology into one system. Intelligent readers offer greater flexibility and security with support for mobile credentials, key cards, key fobs, and even touchless unlocking capabilities.

Access Control Methods

Types of Access Control Methods

Types of Access Control Methods

One of the biggest differentiators between access control systems is how authorized users unlock the door. The type of credentials supported by the access control system affects the capabilities and security of design and factors into the system’s cost. Not all access control types can help, every type of credential

Physical Keys

The most basic form of access control requires authorized individuals to carry a metal key for each door they need to unlock.

Pin codes

With access control systems keypad reader, users have to enter a unique PIN code to unlock the door.

Key cards

One of the most common types of commercial access control, critical card door lock systems, use signals or code embedded in a vital card to authenticate users. Depending on the system, key cards can include a magnetic strip for swipe access control systems or use an RFID activated chip for a proximity door lock system.

Key fobs

A more modern credential for proximity and RFID systems, key fobs are small and convenient to use. Depending on the certificate’s type of security and functionality, key fob access control prices can range significantly.

Mobile credentials

With this type of access control, a user’s smartphone is their key. Usually app-based, mobile credentials allow users to unlock the door by tapping a button inside an app and often support additional access control methods such as Apple Watch and tablet apps. Mobile access control systems that use Wi-Fi, Bluetooth, and cellular data also can support touchless and proximity-based unlocking.

Biometrics

Biometric credentials are often using in access control systems in high-security spaces. Technology including fingerprint readers, facial recognition, and iris scanning are typical examples of biometric access control. Biometrics can also use as a form of two-factor authentication. They require users to present a key card, fob, or mobile credential and complete a biometric scan to unlock the door.