PCB Solutions: Why a Single PCB Standalone Door Access Control System Is Not a Secure Design
Editorial credit: Vasin Lee / Shutterstock.com
While I don’t crave the latest iPhone X—the one where Apple removed the home button—it sure brought me down memory lane to my first mobile phone. I’ll always have a soft spot for that flip phone, but what I won’t miss is carrying my phone, a digital camera, and an MP3 player with me everywhere I went. Smart phones, which brought these key features—and more—into one device, seem like an inevitable evolution.
From the consumer’s perspective, having multiple essential features under one product represents a great convenience. But in certain electronics products—like a door access controller—placing all the functionalities on a single PCB can compromise the device’s security. This is especially problematic when security is one of the main purposes of the product.
The Basic Functionalities of a Door Access Control System
A door access controller is an electronic device that allows administrators to monitor and secure protected spaces. Before opening doors automatically, controllers use various tokens to identify and authenticate individuals. These modes of authentication vary and can include a Personal Identification Number (PIN), a proximity card, or fingerprint or facial recognition.
Door access controllers range from standalone devices to complex systems that link to multiple doors. In a huge building, door access control systems can be used to track the movement of thousands of employees and provide useful data for payroll systems. They can also serve as a visitor management system to sensitive areas, or trigger an alarm when necessary.
The most basic use of a door access control system is to provide secure access to an office space or room. Such applications often only require a simple standalone access controller that controls an electromagnetic lock installed on the door. While these standalone controllers are cheap and easy to install, over-simplification may result in a compromise on the security of the device itself.
The cheapest, simplest door access controller may not be your best security option.
Vulnerability in Standalone Door Access Control Systems
Generally, door access controllers work by reading the token provided by the user and matching it with records stored in a database. Most often in the form of a card reader or proximity card, connected to magnetic door locks. If the criteria are met, then the door controller releases the EM lock and allows the user to enter. When an EM lock is powered, the door is locked and vice versa. Keyless entry door access controllers work on this principle.
In the most basic—and frequently the cheapest—door access controllers, EM locks are directly connected to the controllers. A miniature relay is often used to complete the power connection to the EM lock. However, it’s all too easy to cut or disconnect the wires connecting the EM lock to the controller, thereby breaching the security these door access controllers provide. Within an instant, what’s supposed to be an electronically-guarded door can become a free-for-all access.
Standalone door access control systems with a direct EM lock connection may have their application in logging time, perhaps, but they should never be used solely for the purpose of security. Nonetheless, because they are usually the cheapest, end users who are oblivious to the security concerns they pose continue to do so.
Never forget that the primary function of a door access controller is to provide security.
How to Design a Secure Standalone Door Access Controller
In door access applications, sometimes simplicity is not the wisest decision. During my engineering career, I learned that security and convenience are often in opposition. Fortunately, finding the balance between security and convenience does not have to be difficult when designing door access controllers.
One key design decision is all you need to eliminate the security flaw in a standalone door access controller: instead of placing all the functionality on a single PCB, separate the design into two PCBs. Place the PCB that controls the EM lock in a place that’s unreachable to any would-be vandal.
Using two PCBs means that the EM lock can connect directly to the EM lock controller instead of the door access control system. Then, connect the door access controller to the door lock controller through a communication interface like RS485. Instead of triggering a relay, use the door access controller to send a command through a proprietary protocol to use the EM lock controller to open the door.
In this system, the EM lock will remain powered even if the door access controller is vandalized. For security’s sake, make two additional considerations. First, be sure to power the EM lock controller with a backup battery to keep the door locked and operational. Second, ensure the the door lock controller triggers a local siren should it fail to receive any regular incoming communications from the door access controller.
By splitting the standalone door access controller into two different physical devices, the security of the product is greatly increased. This security enhancement easily justifies the cost of having to produce and design two PCBs. If you have practiced modular design with PCB design software like Altium’s CircuitStudio®, you can develop the EM lock controller by transferring some of the schematic modules you have developed for the standalone door access controller.
Have a question about door access control systems? Talk to the experts at Altium now.