Credentials, PIN & PIC Codes for Access Controlled Doors
31 October 2022
Building usage continues to evolve to support hybrid working arrangements, hot-desking and multiple building occupancy. With this, comes a need for a more flexible approach to building security and access control. Systems that can support a selection of credentials, PIN and PIC codes and work with the corresponding readers and keypads required. EntroWatch provides the security levels and customisations necessary to optimise the flow of people through access-controlled doorways as securely and efficiently as possible.
What is an Access Control Credential?
Access control credentials provide a means by which an access control system can authenticate that the holder of the credential is allowed entry or exit into an access control area on a given day and at a given time. Credentials can take several forms and are sometimes used in combination to provide multi-factor authentication (MFA).
Secure Card Readers
The majority of access control systems use readers to provide a means to ‘read’ a credential. The reader, such as an EntroPad, is wall-mounted within easy reach of anyone who requires to enter or exit an access-controlled doorway.
The most commonly used reader is a ‘card reader’ designed to read a plastic security card or key fob. The card or key fob is pre-programmed with the credential. When the card or key fob is brought into close proximity with the reader (typically a few millimetres), the card or key fob is energized the reader can read the credential and transmit this to the access control database. The credential is checked and entry through the doorway is granted or denied. The database is also updated for the credential pass, retaining historical records for who, where and when movement and access reports.
The type of card or key fob used should be a MIFARE type. With EntroWatch, we recommend our EntroPass card. This is a a MIFARE Plus SE 1K secure credential, designed for use with EntroPad readers. EntroPass uses 128-bit Advanced Encryption Standard (AES) for authentication, data integrity, and encryption and is a highly secure MIFARE Security Level 3 credential. Each credential is unique and contains a unique 12-digit number, protected by diversified keys to further enhance, secure and protect from credential cloning.
The credential is attached to the relevant EntroWatch access control personnel record via an EntroPad desktop reader. Should the credential be compromised (a lost, stolen or damaged card or key fob) then it can be cancelled within EntroWatch to prevent any further usage and access.
What is Multi-factor Authentication (MFA)
Multi-factor authentication relies on the presentation of two or more pieces of information in order to prove a credential. In an EntroWatch access control system there are several ways to operate with MFA. These include:
Credential and PIN Codes
A PIN is a personal identification number of a fixed length i.e. 4-digits assigned to a credential. Credential and PIN entry may be required to gain entry from the outside of a building.
In this instance an EntroPad Reader/Keypad is required. The credentials database in EntroWatch records the credential and PIN code assigned to an individual user. To gain entry or exit through an access-controlled doorway, the card credential must be read and the PIN entered via the keypad. Approval to enter, relies on both pieces of information being approved i.e. multi-factor authentication.
Once inside a building, the user may only need to present their access control card to readers placed by access controlled internal doorways.
PIC and PIN Codes
A PIC is a personal identification code that is normally entered on a keypad with a starting ‘#’ character. Combined with a PIC provides multi-factor authentication. PIC and PIN codes can be used to provide a way to enter a building or some secure area withing the building.
Whilst not as common as an access control card (with or without a PIN code), PICS provide a way to provide a unique entry code for a short time period. Uses could include to provide time-limited entry to sub-contractors or training course attendees, without the extra cost of providing them with photo printed MIFARE cards.
Other Credential, PIN and PIC Combinations
A complete list of EntroWatch combinations includes:
- Credential only
- Credential and PIN
- PC and PIN
- Credential or PIC
- Credential or PIC
- Credential or PIC or PIN
- PIC only
As discussed, the traditional way of assigning a credential is via an access control card or key fob. Cards add a further lay of use and security as they tend to be printed with a holder’s photo and can be used as ID cards.
For access to a building from the outside or to high-security areas within, multi-factor authentication is the recommend method. PIC alone should only be used for a short time and to a select user group, with limited access to access-controlled doorways. For example, training course attendees who need to gain entry to a building reception for registration and to a ground floor training room but who don’t need access to any other doorways, lifts or floors.
Which is the right approach to access control and whether you need multi-factor authentication is very much specific to each individual building, business and organization. Your access control system should be flexible enough to allow configuration to the security combination you require and even work, as Entrowatch does with other forms of credential including mobile phone and biometric. The starting point is to map out user groups and individuals within them, to identify the door ways and security levels required for them.