A Guide to Access Control Card Technologies
28 May 2020
Access control cards play a critical role within an access control system and are the most popular way to store credentials and present this information to a card reader. Within any organisation each employee may have their own access card, in addition to visitors and sub-contractors on site, each with their own permissions. Therefore, the type of card used and its encryption is of vital importance to the overall security of a building.
What is Wiegand?
Some of the earliest electronic identity cards used miniature strips of ferromagnetic alloy wire embedded into a plastic molded card in a pattern, rather like a metallic bar-code. The pattern gave the card its binary encoded number and this could be read by swiping the card past a magnetic reader head through a slot in the card reader. This produced a series of electric pulses representing the pattern which were amplified and connected to the host controller.
The special magnetic properties of the alloy wires were named the “Wiegand Effect” after John Wiegand who developed them. He took out US patents in 1974 and 1981.
Confusingly the word Wiegand has variously been used to indicate a standard for each of the stages in the original process including the wires, the pattern, the card, the electric signal interface, and the number format.
These processes have been replaced and improved over the years and today there are hundreds of standards governing each aspect of ID card technology.
One aspect which is still described by the term Wiegand is the electric signal interface between a card reader and a door controller. This “Wiegand Interface” comprises three wires, two signals D0 and D1 and a common ground. A pulse is sent on the D1 wire to indicate a binary 1 digit and a pulse is sent on D0 to indicate a binary 0. Pulses are never sent on both wires at the same time.
Contactless RF ID Cards
Instead of metallic wires, today’s cards use a miniature radio transmitter and receiver embedded into the plastic along with a microprocessor and memory chips. The radio frequencies allocated for this purpose are governed by international broadcasting authorities. Available frequencies include 125kHz, 13.65MHz, 433MHz and 860-960MHz. These each present a different combination of read range, data rate and overall cost to choose from to match specific applications.
The early pattern of wires represented just 26 “bits” of binary data – limited by the number of wires that could be accurately embedded into the space of a card. Nowadays cards can hold not just one number but multiple items of data arranged in a secure file system. The greater the number of bits used for an ID number then the larger the population of cards before duplicate numbers are encountered.
Often, long card numbers are split into a fixed site code plus a unique ID number. This is like using area or country codes in telephone numbers. Card readers for a particular site can be set to ignore cards whose site codes don’t match.
As card technology has progressed so too, inevitably, has the ingenuity of criminals intent on duplicating cards or otherwise defeating the technology. To counter this the information sent between cards and readers is encrypted using sophisticated algorithms. This prevents any “eavesdropping” of the radio signals being able to gain the secure details.
All present day cards have a unique serial number which is un-encrypted (Card Serial Number or CSN) and is typically 56 bits long and most cards then have additional memory which is organised into sectors. The size of memory available varies from 1k to 8k bits and this can be used for ID numbers, finance, travel, or biometric data. Multiple sectors can be assigned to different systems, so a single card can be used, for example, for access control and cashless vending.
The additional data is locked using encryption keys which need to be also programmed into the card readers. Depending on the level of secrecy required the encryption keys can be set and held by the card and reader manufacturer, the distributor or the end-user.
Entro Access Control System
The Entro access control system comprises of the EntroStar and EntroNet access door controllers (2 and 8 doors respectively) and will operate with any Card Reader that has a “standard” Wiegand output of between 16 and 200 bits. The system is managed using EntroWatch software which has the flexibility to use card number formats from 16 to 200 bits, is pre-programmed to recognise the most commonly used formats and also has the option to add a custom format for each supported bit length. The EntroPad card reader operates with 13.56MHz cards and will read either the CSN or, with Remsdaq EntroPass cards, the encrypted credential number. Remsdaq’s EntroPass Secure card is a MIFARE 1k plus card with an encrypted sector which can only be read with an EntroPad reader.