By /

Back to: Advanced Physical Security Integration (APSI)

0

Lesson 4.5: Advanced Logic & Configuration

Module: 4 – Access Control Systems (ACS)

Prerequisites: Lesson 4.3 (Locking Hardware)

Estimated Time: 45–60 Minutes

1. Learning Objectives

By the end of this lesson, you will be able to:

  • Configure Interlocks (Man-Traps) to secure high-sensitivity areas like data centers and clean rooms.
  • Differentiate between Hard, Soft, and Timed Anti-Passback (APB) to prevent credential sharing.
  • Apply “First-Person-In” rules to automate unlocking schedules based on occupancy.
  • Design “Double Swipe” or “Triple Swipe” triggers for special system commands without using a PC.

2. Interlocks (The “Man-Trap”)

An interlock is a logic rule that states: “Door B cannot open unless Door A is physically closed.”

Use Cases:

  • Data Centers: To control airflow and prevent tailgating.
  • Clean Rooms: To maintain positive air pressure.
  • Cash Counting Rooms: High security.

The Logic (How to program/wire it):

This relies heavily on the Door Position Switch (DPS).

  1. Input: The controller monitors the DPS of Door A.
  2. Logic: If DPS A = Open, then Relay B = Disabled (Cut power to Door B reader or Lock).
  3. Result: If someone props Door A open, swiping a badge at Door B does nothing (Access Denied: Interlock).

The Emergency Override:

  • Crucial Safety Rule: In the event of a Fire Alarm, the interlock logic MUST be suspended. Both doors must unlock to allow rapid egress.

3. Anti-Passback (APB)

The goal of APB is to prevent “Pass-Back”—where User A badges in, walks through the turnstile, and then passes their badge back to User B so they can enter too.

Requirement: You must have a reader on both sides of the door (In and Out). You cannot do APB with a “Push to Exit” button.

A. Hard APB

  • Rule: If you did not badge IN, you cannot badge OUT. (And vice versa).
  • Scenario: User B takes User A’s card. They try to badge In.
  • Result: Access Denied. The system sees that “User A is already inside.”
  • Risk: If a user follows someone in (tailgates) without badging, they are trapped inside. They cannot get out because the system thinks they never entered.

B. Soft APB

  • Rule: If the sequence is broken, Grant Access but generate a “Passback Violation Alarm” in the software.
  • Use Case: Office buildings. You don’t want to trap the CEO inside just because the turnstile didn’t read his card properly, but you want to know if he is breaking the rules.

C. Timed APB (Anti-Passback Timer)

  • Rule: Once used, a card cannot be used at the same reader for X minutes.
  • Use Case: Parking Garage gates. Prevents a user from badging in, driving forward, and immediately handing the card to the car behind them.

4. “First-Person-In” (Snow Day Logic)

Clients often ask: “Unlock the front door automatically at 8:00 AM.”

The Danger: It’s a holiday (or a blizzard), and no one shows up. The door unlocks at 8:00 AM anyway, leaving the empty building wide open.

The Solution: First-Person-In Rule.

  • Configuration: Set the schedule to unlock at 8:00 AM, but add the “First-Person-In” flag.
  • Result:
    • It is 8:00 AM. The door stays Locked.
    • It is 8:15 AM. The Manager (User A) arrives and badges in.
    • NOW the schedule activates and the door unlocks for the public.
  • Benefit: If no one shows up, the building stays secure.

5. Reader Commands (Double/Triple Swipe)

Sometimes you want to control the system without logging into the server. You can program special actions based on card behavior.

  • Double Swipe to Lock/Unlock:
    • Scenario: A teacher wants to lock their classroom door instantly during a threat.
    • Action: Present card twice within 5 seconds -> Toggle door status (Unlock <- Lock).
  • Triple Swipe to Arm Alarm:
    • Scenario: The last manager leaving the building wants to arm the intrusion alarm.
    • Action: Present card three times -> Trigger Output 2 (connected to Alarm Panel).

6. Access Levels (Who, Where, When)

Access control is a 3-dimensional matrix.

  • Who: The Cardholder (User).
  • Where: The Reader Group (Front Door, IT Room).
  • When: The Time Schedule (M-F 9-5, 24/7).

The Integrator’s Job:

Never assign permissions directly to a user (e.g., “Give Steve access to Door 1”).

Instead, create Access Levels (Roles):

  1. “General Staff”: Perimeter Doors (M-F 8-6).
  2. “IT Admin”: Perimeter (24/7) + Server Room (24/7).
  3. “Cleaners”: All Doors (M-F 6pm-10pm).

Assign Steve to the “General Staff” role. This makes managing 1,000 users scalable.