This article is a resource for clients, consultants and specialist installers when specifying an online network access control system. The specification below is based on the IPassan online system which has been developed for medium to large commercial and residential applications.
Copy and paste this article into your own specification or download the PDF version at the bottom of this article.
This article will cover: -
- Controllers and Input Output modules
- Management software
- Thresholds (counting)
- Lift management
- CCTV integration
- Third party integration
- Door entry interface
The systems main purpose is to permit authorised access to residents and restrict unauthorised access. The system has been based around Secured by Design certified Urmet FDI IPassan system products.
The access control system shall be a cloud based IP online solution allowing the use of a dedicated, shared or existing IT infrastructure. If there is no IP network available, the system shall be capable of using a RS485 bus to expand the network of smart controllers. The access control system shall be set-up via the management software which can be installed on a PC or via the IPassan cloud server to enable remote and multiple access. The management software shall be a real client server, offering the best possible flexibility.
In the event of disconnection between a smart controller and the cloud server, internet or network failure, the access control system shall continue to operate using the last access profiles configured. Once the connection has been re-established the events shall be synchronised automatically.
The access control system shall support the following installation types: -
- Standalone – for applications where the site is set up on a laptop for example and then left to run standalone i.e. without a PC or laptop permanently connected. All information from the site (events etc.) can be interrogated later when a PC or laptop is reconnected
- Server – for applications where a PC will be permanently left connected to the site. The software will be permanently running
- Client – for applications where the software is permanently running on a Server PC (over a network) and this PC will be used to connect to the site or to administer the site, for example to add keys
- Custom – for complex applications i.e. multiple PCs across a network for example where the system database can be managed from one PC and the communications from another PC
Controllers and Input Output modules
The access control system shall be available with two options for the connection to the first door controller to the cloud server/PC, on which the management software is installed or by USB or Ethernet allowing remote management.
The access control system shall be available with two communication technology options, a RS485 encrypted bus or full TCP/IP which enables high transfer speeds and makes the communication with third party systems (lifts, HVAC, etc.) easier, offering more interconnectivity (optical fibre, internet, etc.)
Data and configuration shall be stored locally in case of a remote server crash or network failure. The access control system shall have embedded intelligence allowing the data to be updated in the smart door controllers and saved events sent to the server upon network reconnection.
The access control system shall be scalable and modular in design allowing expansion for 2/4 or 6 door controllers. It shall be possible to add I/O (input output) modules directly to door controller. I/O base modules shall also be available and are connected via RS485 to the door controller. These I/O base modules shall be for 10 Inputs or 10 Outputs. It shall also be possible for expansion modules to be plugged on top to increase the I/O capacity (22 possible Inputs or Outputs or 220 Inputs or Outputs in total). Door controllers and I/O modules shall be locally powered and a provision for a 6 hour battery backup shall be provided.
The access control system shall use 2 wire technology offering unique end to end security i.e. security of the data at the controller and reader. The access control system shall be capable of using Mifare Classic/Plus. The 2-wire technology shall allow onsite updates to readers via the door controller.
Reader only doors shall be from the ‘P series’ range of wall mounted readers using 2 wire technology. The reader shall have LED signalling and audible tone to indicate valid or non-valid credentials.
Where the access control system is used in conjunction with a door entry system the entry panel shall be fitted with a 2-wire panel mount reader. The reader shall have LED signalling and audible tone to indicate valid or non-valid credentials.
Where required a reader keypad combing a reader and a coded access keypad can be programmed to validate credential and code or credential or code.
RF readers shall use 868Mhz frequency and shall be used where required for carpark barriers/shutters for entry/exit. Separate standalone systems supplied with the carpark barrier/shutter will not be acceptable. Its preferable that when using the RF readers for vehicle access that and induction loop be installed for ingress and egress so that a vehicle has to be on the induction loop for the remote activation to work, therefore maintaining security of the building/car park.
The system shall be capable of managing key ring type tokens, combined RF remote tokens, cards and Bluetooth (virtual) credentials.
Tokens shall be key ring type and shall be IP68 and impact resistant to IK08, they shall have a robust metal key ring holder and have a unique engraved ID number. Token credentials shall be compatible with 13.56Mhz Mifare Classic and Mifare Plus 128 bit with AES encryption.
Combined RF remote tokens shall have 4 buttons and combine 13.36Mhz for proximity and 868Mhz for remote activation they shall have a robust metal key ring holder and have a unique engraved ID number. Its preferable that when using the RF remote token for vehicle access that and induction loop be installed for ingress and egress so that a vehicle has to be on the induction loop for the remote activation to work, therefore maintaining security of the building/car park.
Bluetooth credentials shall offer three levels and be managed by the access control system.
- Proximity access for one day (visitor for example)
- Permanent proximity access
- Permanent long range & proximity access
- Client / Server architecture
- Automatic controller discovery
- Intuitive management software
- Up to 100,000 credentials per site
- Unlimited number of doors per site / 384 doors per network
- Lift management up to 110 floors
- Multiple reader and credential possibilities
- 20,000 events per controller
- Email or SMS alert messages
- Firmware upgrade of the controllers over the network
- Operator authorisation
- Data importation
The access control system shall not rely on software installed locally on the operators PC. The software shall be capable of being installed on a server allowing system updates to software, smart controllers, expanders and readers.
The access control management software shall use a web browser and be intuitive and easy to use.
Using the management software, it shall be possible to: -
- Manage access rights and doors
- IP Search to find all smart controllers on the network
- Access levels shall include administrators, managers, users and guest rights
- It shall be possible for an extra level of security to be achieved via a specific fob on the encoder. In this case, the login and password shall not be sufficient to log on to the system and make modifications. Only the owner of the fob has the access rights to open the software and its associated sites
The access control management software shall have operator authorisation to: -
- Assign access rights to credential holders
- Create groups
- Associate doors
- Calendar to schedule days, times and holidays
- Anti-passback preventing a credential holder from passing his credential back to a second person to enter the same controller area, for example a car park
- Live events automatically keeping an event log, producing management reports (track card usage and door activity)
- Check the status of the controllers, readers or any other hardware
- Control doors, floors or inputs manually
- Lift management grants residents’ access to designated floors. If the resident has access to the lift, then they also present a credential to the reader inside the lift before any of the restricted floor buttons are available
- Interface with Urmet door entry / intercom system to record and log resident/visitor events i.e. time and date of visitor call from entry panel, lock release from apartment station etc.
The access control system shall be capable of managing thresholds for activations or events. Thresholds shall be definable for access control, door entry integrations and other devices such as self-resetting emergency exit systems e.g. if a button is pressed >20 times during a 24hr period an email is sent to the building management company.
The access control system shall be capable of interfacing with the lift manufacturer either via I/O (input output) modules or software (COP or DOP). For software integration the access control system shall offer an API for integration. The access control system shall be capable of interfacing with an Urmet door entry / intercom system.
Dependent on the logic capability of the lift, the lift control via I/O (input output modules / software / interfaces shall provide the following: -
- Resident presents credentials to reader to call lift
- Resident presents credentials to reader to call lift, allowing access rights to all or pre-defined floors
- For applications where a combined reader/keypad is used, unique codes can be used to allow access rights to all or pre-defined floors
- Management software can call lift or send lift to any floor
- Resident calls lift to their floor using the apartment station
- Resident can send lift to egress floor using the apartment station
Visitor (when interfaced with Urmet door entry systems)
- Visitor calls resident, resident releases door lock via the apartment station, lift called to ingress floor, lift provides access to residents’ floor
In the event of disconnection between a smart controller and the cloud server or internet failure, the lift access control shall continue to operate using the last access profiles configured. Once the connection has been re-established the events shall be synchronised automatically.
Using the management software, it shall be possible to add an NVR, link a door with a camera and provide access to video recording from an event. The management software shall be compatible with ONVIF. The management software will be compatible with third party ANPR cameras.
Third party integration
The access control system shall have an API available to allow for third party integrations.
Door entry interface
The access control system shall be capable of being fully integrated with the door entry system either by using an interface (hardware) or high-level interface (software).
Hardware interface (2 wire) using the management software, it shall be possible to add a door entry interface or door entry panel (compatible door entry systems are Urmet 2Voice). The Interface is an advanced interface designed to collect data travelling between an Urmet 2Voice entry panel and the called apartments. This device enables extensive monitoring of the door entry system such as event logging and lift management.
Software interface (IP) using the management software, it shall be possible to fully integrate the door entry system (compatible with Urmet IPerCom door IP door entry system). Standard integration - designed to collect data travelling between an Urmet IPerCom entry panel and the called apartments allowing event logging of the door entry system. Advanced integration - lift management shall be offered via an IPassan activation code.
Below you can download the IPassan W40 specification.