Access control is the mechanism in the fields of physical security and information security, to restrict anonymous access/entry to the resources of an organization or an geographical area. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.
Geographical access control may be enforced by personnel (e.g., border guard,bouncer, ticket checker), or with a device such as a turnstile(baffle gate). An access control in the strict sense (physically controlling access itself) is a system of checking authorized presence, see e.g. Ticket controller (transportation). Another example is exit control, e.g. of a shop (checkout) or a country.. The term access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons.
Electronic access control uses computers to solve the limitations of mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys. The electronic access control system grants access based on the credential presented. When access is granted, the door is unlocked for a predetermined time and the transaction is recorded. When access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and alarm if the door is forced open or held open too long after being unlocked.
Operations in Access control
When a credential is presented to a reader(device), the reader sends the credential’s information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked. If there is a match between the credential and the access control list, the control panel operates a relay that in turn unlocks the door. The control panel also ignores a door open signal to prevent an alarm. Often the reader provides feedback, such as a flashing red LED for an access denied and a flashing green LED for an access granted.
Factors of authenticating information:
- something the user knows, e.g. a password, pass-phrase or PIN
- something the user has, such as smart card or a key fob
- something the user is, such as fingerprint, verified by bio-metric measurement.
A credential is a physical/tangible object, a piece of knowledge, or a facet of a person's physical being, that enables an individual access to a given physical facility or computer-based information system. Typically, credentials can be something a person knows (such as a number or PIN), something they have (such as an access badge), something they are (such as a bio-metric feature) or some combination of these items. This is known as multi-factor authentication. The typical credential is an access card or key-fob, and newer software can also turn users' smartphones into access devices.
Including magnetic stripe, bar code, Wiegand, 125 kHz proximity, 26-bit card-swipe, contact smart cards, and contact less smart cards. Also available are key-fobs, which are more compact than ID cards, and attach to a key ring. Bio-metric technologies include fingerprint, facial recognition, iris recognition, retinal scan, voice, and hand geometry. The built-in bio-metric technologies found on newer smartphones can also be used as credentials in conjunction with access software running on mobile devices. In addition to older more traditional card access technologies, newer technologies such as Near field communication (NFC) and Bluetooth low energy also have potential to communicate user credentials to readers for system or building access.
Various control system components are:-
- An access control point can be a door, turnstile, parking gate, elevator, or other physical barrier, where granting access can be electronically controlled.
- Typically, the access point is a door.
- An electronic access control door can contain several elements. At its most basic, there is a stand-alone electric lock. The lock is unlocked by an operator with a switch.
- To automate this, operator intervention is replaced by a reader. The reader could be a keypad where a code is entered, it could be a card reader, or it could be a bio metric reader.
The predominant topology circa 2009 is hub and spoke with a control panel as the hub, and the readers as the spokes. The look-up and control functions are by the control panel. The spokes communicate through a serial connection; usually RS-485. Some manufactures are pushing the decision making to the edge by placing a controller at the door. The controllers are IP- enabled, and connect to a host and database using standard networks.
Types of RDID readers:
- Basic (non-intelligent) readers: simply read card number or PIN, and forward it to a control panel. In case of biometric identification, such readers output the ID number of a user. Typically, Wiegand protocol is used for transmitting data to the control panel, but other options such as RS-232, RS-485 and Clock/Data are not uncommon. This is the most popular type of access control readers. Examples of such readers are RF Tiny by RFLOGICS, ProxPoint by HID, and P300 by Farpointe Data.
- Semi-intelligent readers: have all inputs and outputs necessary to control door hardware (lock, door contact, exit button), but do not make any access decisions. When a user presents a card or enters a PIN, the reader sends information to the main controller, and waits for its response. If the connection to the main controller is interrupted, such readers stop working, or function in a degraded mode. Usually semi-intelligent readers are connected to a control panel via an RS-485 bus. Examples of such readers are InfoProx Lite IPL200 by CEM Systems, and AP-510 by Apollo.
- Intelligent readers: have all inputs and outputs necessary to control door hardware; they also have memory and processing power necessary to make access decisions independently. Like semi-intelligent readers, they are connected to a control panel via an RS-485 bus. The control panel sends configuration updates, and retrieves events from the readers. Examples of such readers could be InfoProx IPO200 by CEM Systems, and AP-500 by Apollo. There is also a new generation of intelligent readers referred to as "IP readers". Systems with IP readers usually do not have traditional control panels, and readers communicate directly to a PC that acts as a host.
The most common security risk of intrusion through an access control system is by simply following a legitimate user through a door, and this is referred to as "tailgating". Often the legitimate user will hold the door for the intruder. This risk can be minimized through security awareness training of the user population.
Main categories of access control are:
- Mandatory access control
- Discretionary access control
- Role-based access control
- Rule-based access control.
Step 1: RFID Technology
Def: Radio-frequency identification (RFID) is the wireless use of electromagnetic fields to transfer data, for the purposes of automatically identifying and tracking tags attached to objects. The tags contain electronically stored information.
RFID is a technology that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency (RF) portion of the electromagnetic spectrum to uniquely identify an object, animal, or person.
A radio frequency identification reader (RFID reader) is a device used to gather information from an RFID tag, which is used to track individual objects. Radio waves are used to transfer data from the tag to a reader.
Applications of RFID:
- Animal tracking tags, inserted beneath the skin, can be rice-sized.
- Tags can be screw-shaped to identify trees or wooden items.
- Credit-card shaped for use in access applications.
- The anti-theft hard plastic tags attached to merchandise in stores are also RFID tags.
- Heavy-duty 120 by 100 by 50 millimeter rectangular transponders are used to track shipping containers, or heavy machinery, trucks, and railroad cars.
- In secure laboratories, company entrances, and public buildings, access rights must be controlled.
The signal is necessary to wake or activate the tag and is transmitted through the antenna. The signal itself is a form of energy that can be used to power the tag. The transponder is the part of the RFID tag that converts that radio frequency into usable power, as well as sends and receives messages. RFID applications for personnel access typically uses low frequency, 135 KHz, systems for the badge detection.
Requirements for RFID:
- A reader, that is connected to (or integrated with)
- An antenna, that sends out a radio signal
- A tag (or transponder) that returns the signal with information added.
The RFID-reader usually is connected to a computer/third party system that is accepting (and storing) RFID related events and uses these events to trigger actions. In the security industry that system might be a building access control system, in the parking industry it is most likely a parking management or vehicular access control system. In libraries it might be a library management system.
Common Problems with RFID:
- Reader collision:
- Tag collision.
Reader collision occurs when the signals from two or more readers overlap. The tag is unable to respond to simultaneous queries. Systems must be carefully set up to avoid this problem. Systems must be carefully set up to avoid this problem; many systems use an anti-collision protocol (singulation protocol). Anti-collision protocols enable the tags to take turns in transmitting to a reader.
Tag collision occurs when many tags are present in a small area; but since the read time is very fast, it is easier for vendors to develop systems that ensure that tags respond one at a time.
Step 2: SPI With Circuit Diagram
Atmega328 has inbuilt SPI used to communicate with SPI enabled devices such as ADC, EEPROM etc.
The Serial Peripheral Interface (SPI) is a bus interface connection protocol originally started by Motorola Corp. It uses four pins for communication.
- SDI (Serial Data Input)
- SDO (Serial Data Output),
- SCLK (Serial Clock)
- CS (Chip Select)
It has two pins for data transfer called as SDI (Serial Data Input) and SDO (Serial Data Output). SCLK (Serial Clock) pin is used to synchronize data transfer and Master provides this clock. CS (Chip Select) pin is used by master to select slave device.
SPI devices have 8-bit shift registers to send and receive data. Whenever master need to send data, it places data on shift register and generate required clock. Whenever master want to read data, slave places data on shift register and master generate required clock. Note that SPI is full duplex communication protocol i.e. data on master and slave shift registers get interchanged at a same time.
ATmega32 has inbuilt SPI module. It can act as master and slave SPI device.
SPI communication pins in AVR ATmega are:
- MISO (Master In Slave Out) = Master receives data and slave transmits data through this pin.
- MOSI (Master Out Slave In) = Master transmits data and slave receives data through this pin.
- SCK (Shift Clock) = Master generates this clock for the communication, which is used by slave device. Only master can initiate serial clock.
- SS (Slave Select) = Master can select slave through this pin.
ATmega32 Rgisters used to configure SPI communication:
- SPI Control Register,
- SPI Status Register and
- SPI Data Register.
SPCR: SPI Control Register
<p>Bit 7 – SPIE: SPI Interrupt Enable bit </p><p> 1 = Enable SPI interrupt.<br> 0 = Disable SPI interrupt. Bit 6 – SPE: SPI Enable bit 1 = Enable SPI. 0 = Disable SPI. Bit 5 – DORD: Data Order bit 1 = LSB transmitted first. 0 = MSB transmitted first. Bit 4 – MSTR: Master/Slave Select bit 1 = Master mode. 0 = Slave Mode. Bit 3 – CPOL: Clock Polarity Select bit 1 = Clock start from logical one. 0 = Clock start from logical zero. Bit 2 – CPHA: Clock Phase Select bit 1 = Data sample on trailing clock edge. 0 = Data sample on leading clock edge. Bit 1:0 – SPR1: SPR0 SPI Clock Rate Select bits</p>
SPSR: SPI Status Register
<p>Bit 7 – SPIF: SPI interrupt flag bit<br> This flag gets set when serial transfer is complete.Also get set when SS pin is driven low in master mode.It can generate interrupt when SPIE bit in SPCR and global interrupt is enabled.</p><p>Bit 6 – WCOL: Write Collision Flag bit This bit gets set when SPI data register write occur during previous data transfer.</p><p>Bit 5:1 – Reserved Bits Bit 0 – SPI2X: Double SPI Speed bit When set, SPI speed (SCK frequency) get doubled.</p>
SPDR: SPI Data Register
<strong><u><br></u></strong><p>Bit 7:0- SPI Data register used to transfer data between Register file and SPI Shift Register.</p><p> Writing to the SPDR initiates data transmission.</p>
Master writes data byte in SPDR, writing to SPDR start the data transmission.8-bit data starts shifting out towards slave and after the complete byte shift, SPI clock generator stops and SPIF bit get set.
Slave SPI interface remains sleep as long as SS pin held high by master.It activates only when SS pin drives to low, and start requested data shifted out with incoming SCK clock from master.And set SPIF after completely shifting of a byte.
Step 3: Coding and Implementations
Codes are tested in my PC. All these codes are extracted from internet. It is worse to find a correct code for your module and of course, I had the same problems with it. After 2 weeks of testing many set of programs I found this set of codes is Correct (Arduino Nano 3.0) module with CH340G USB-Serial-TTL. & driver is (CH341SER.zip) attached with this project.These are perfect set of programs to implement this project.
SPI.h is from Arduino's(software) default library.
Results are shown in Arduino's Serial-Monitor which is capable of read-write serial data (to-from PC). Even you can use Putty/Hyperterminal etc also by seting boud rates, start and stop bits.
Step 4: Results and Conclusions
- Arduino 1.0.5-r2
- CH341SER.zip for FTDI (CH340G chip)
- Putty/Hyperterminal can also be used for serial communication via PC
- MFRC522 module+ SmartTag+KeyChain - from "ebay.in"
- ARduino Nano 3.0 - from "ebay.in"