Access Control, Access Badges, and Biometrics Characteristics for Schools*
Joseph Nelson, CPP Vice president of global security, State Street Corporation
Abstract
This chapter discusses access control, access badges, and biometric characteristics for schools. It is meant to be a general overview of how to keep the perimeter secure, both from outside physical intrusions and by taking preventative measures. When staff or students leave your school, it’s important to remove their access because you may never get the keys back.
Introduction
More and more schools today are getting involved with access control and biometrics. In this chapter, I will be discussing the concepts of access control, badges, photo identification badges, and visitor and vendor badges.
Access Control
Perimeter barriers, intrusion detection devices, and protective lighting provide physical security safeguards; however, they alone are not enough. An access control system must be established and maintained to preclude unauthorized entry. Effective access control procedures also prevent the introduction of harmful devices, materials, and components. They minimize the misappropriation, pilferage, or the compromise of material or recorded information by controlling packages, material, and property movement. Access control rosters, personal recognition, ID cards, badge exchange procedures, and personal escorts all contribute to an effective access control system.
Designated Restricted Areas
The school principal or school district is responsible for designating and establishing restricted areas. A restricted area is any area that is subject to special restrictions or controls for security reasons. Restricted areas may be established for the following reasons:
• The enforcement of security measures and the exclusion of unauthorized personnel,
• Intensified controls in areas requiring special protection, and
• The protection of classified information or critical equipment or materials.
Degree of Security for Your School
The degree of security and control required depends upon the nature, sensitivity, or importance of the confidential information. Restricted areas are classified as controlled, limited, or exclusion areas as follows:
• A controlled area is that portion of a restricted area usually near or surrounding a limited or exclusion area. Entry to the controlled area is restricted to personnel with a need for access. Movement of authorized personnel within this area is not necessarily controlled since mere entry to the area does not provide access to the security interest. The controlled area is provided for administrative control, for safety, or as a buffer zone for in-depth security for the limited or exclusion area. The commander establishes the control of movement.
• A limited area is a restricted area within close proximity of a security interest. Uncontrolled movement may permit access to the item. Escorts and other internal restrictions may prevent access within limited areas.
• An exclusion area is a restricted area containing a security interest. A restricted area must be designated in writing by the school principal or school district and must be posted with warning signs. In areas where English is one of two or more languages commonly spoken, warning signs will be posted in English and in the local language. Different areas of the school may have varying degrees of security. It may be designated in its entirety as a restricted area, with no further restrictions, or it may be subdivided into controlled, limited, or exclusion areas with restrictions of movement and specific clear zones, depicting a simplified restricted area and the degrees of security.
Considerations
There are other important considerations concerning restricted areas and their lines of division. These considerations include the following:
• A survey and analysis of the school and its security interests. This can determine immediate and anticipated needs that require protection. Anticipated needs are determined from plans for the future.
• The size and nature of the school being protected. Safes may provide adequate protection for classified documents and small items; however, large items may have to be placed within a secure enclosure.
• Some security interests are more sensitive to compromise than others. Brief observation or a simple act by an untrained person may constitute a compromise in some cases. In others, detailed study and planned action by an expert may be required.
• All security interests should be evaluated according to their importance. This may be indicated by a security classification such as confidential.
Perimeter Access Control
Parking areas for the privately owned vehicles (POVs) of faculty, staff, visitors, and students should be established. Vehicle entrances must be kept to a minimum for safe and efficient control. Consider physical protective measures (such as fences, gates, and window bars).
Employee Screening
Screening faculty, staff, contractors, and volunteers to eliminate the potential for crime and other security risks is important. Personnel screenings must be incorporated into standard personnel policies. An applicant should be required to complete a personnel security questionnaire, which is then screened for completeness and used to eliminate undesirable applicants. A careful investigation should be conducted to ensure that the applicant’s character, associations, and suitability for employment are satisfactory.
The following sources may be helpful in securing employment investigative data:
• State and local police (including national and local police in overseas areas)
• Former employers
• Public records
• Credit agencies
• Schools attended (all levels)
• Information and data protection (records, examinations, etc.)
• References (These references should include those names not furnished by the applicant. These are known as throw-offs, and they are obtained during interviews of references furnished by applicants.)
Once an applicant has been identified for employment, he/she is placed on an access control roster.
Identification System
An ID system is established at each school to provide a method of identifying personnel. The system provides for personal recognition and the use of security ID cards or badges to aid in the control and movement of personnel activities.
Standard ID cards are generally acceptable for access into areas that are unrestricted. Personnel requiring access to restricted areas should be issued a security ID card or badge. The design of the card/badge must be simple and provide for adequate control of personnel.
ID Methods
Four of the most common access control ID methods are the personal recognition system, the single card/badge system, the card or badge exchange system, and the multiple card/badge system.
Personal Recognition System
The personal recognition system is the simplest of all systems. A SRO, security officer, or receptionist responsible for providing access control visually checks the person requesting entry. Entry is granted based on:
1. The individual being recognized;
2. The need to enter being established; and
3. The presence of the person on an access control roster.
Single Card/Badge System
This system reflects permission to enter specific areas by the badge depicting specific letters, numbers, or particular colors. Because the ID cards/badges frequently remain in the employee’s possession while not at school, it affords the opportunity for alteration or duplication.
Card/Badge Exchange System
In this system, two cards/badges contain identical photographs. Each card/badge has a different background color, or one card/badge has an overprint. One card/badge is presented at the entrance to a specific area and exchanged for the second card/badge, which is worn or carried while in that area. Individual possession of the second card/badge occurs only while the employee is in the area for which it was issued. When leaving the area, the second card/badge is returned and maintained in the access control area. This method provides a greater degree of security and decreases the possibility of forgery, alteration, or duplication of the card/badge. This level of protection requires multiple access control elements as the levels of protection increase. In the case of badge exchange, this system counts as two access control elements.
Multiple Card/Badge System
This system provides the greatest degree of security. Instead of having specific markings on the cards/badges denoting permission to enter various restricted areas, the multiple card/badge system makes an exchange at the entrance to each security area. The card/badge information is identical and allows for comparisons. Exchange cards/badges are maintained at each area only for individuals who have access to the specific area.
Mechanized/Automated Systems
An alternative to using security officers to visually check cards/badges and access rosters is to use building card access systems or biometric access readers. These systems can control the flow of personnel entering and exiting a school. Included in these systems are:
• Coded devices such as mechanical or electronic keypads or combination locks,
• Credential devices such as magnetic stripe or proximity card readers, and
• Biometric devices such as fingerprint readers or retina scanners.
Access control and ID systems base their judgment factor on a remote capability through a routine discriminating device for positive ID. These systems do not require security officers or a receptionist at entry points; they identify an individual in the following manner:
• The system receives physical ID data from an individual.
• The data are encoded and compared to stored information.
• The system determines whether access is authorized.
• The information is translated into readable results.
Specialized mechanical systems are ideal for highly sensitive situations because they use a controlled process in a controlled environment to establish the required database and accuracy. One innovative technique applied to ID and admittance procedures involves dimension comparisons. The dimension of a person’s full hand is compared to previously stored data to determine entry authorization. Other specialized machine readers can scan a single fingerprint or an eye retina and provide positive ID of anyone attempting entry.
An all-inclusive automated ID and access control system reinforces the security in-depth ring through its easy and rapid change capability. The computer is able to do this through its memory. Changes can be made quickly by the system’s administrator.
The commercial security market has a wide range of mechanized and automated hardware and software systems. Automated equipment is chosen only after considering the security needs and the school environment in which it operates. These considerations include whether the equipment is outdoors or indoors, the temperature range, and weather conditions. Assessment of security needs and the use of planning, programming, and budgeting procedures greatly assist a security director in improving the security posture.
Card/Badge Specifications
Security cards/badges should be designed and constructed to meet the necessary requirements. Upon issuing a card/badge, security personnel must explain to the employee that they must wear the badge and about the authorizations that are allowed with the card/badge. This includes:
• Designation of the areas where an ID card/badge is required
• A description of the type of card/badge in use and the authorizations and limitations placed on the individual
• The required presentation of the card/badge when entering or leaving each area during all hours of the day
• Details of when, where, and how the card/badge should be worn, displayed, or carried
• Procedures to follow in case of loss or damage of the card
• The disposition of the card/badge upon termination of employment, investigations, or personnel actions
• Prerequisites for reissuing the card/badge
Visitor Identification and Lobby Control in Your School
Procedures must be implemented to properly identify and control personnel. This includes visitors and vendors presenting their cards/badges to receptionist, security officer, or SRO at entrances of restricted areas. Visitors are required to stay with their assigned escort. Receptionists, security officers, or SROs must ensure that visitors stay in areas relating to their visit; an uncontrolled visitor, although conspicuously identified, could acquire information for which he is not authorized.
Approval for visitors should be obtained at least 24 hours in advance (if possible). Where appropriate, the school should prepare an agenda for the visitor and designate an escort individual. Measures must be in place to recover visitor cards/badges on the visit’s expiration or when they are no longer required.
Physical security precautions against pilferage and other crimes require the screening, ID, and control of visitors. Further information about visiting requirements and procedures should be in your school policy and procedures.
Visitors or vendors are generally classed in the following categories:
• Persons with whom every school in the district has business (such as a supplier or vendor).
• Individuals or groups who desire to visit a school for personal or educational reasons. Such visits may be approved by the principal, faculty, or staff.
• Guided tours to selected areas of the school in the interest of public relations. The ID and control mechanisms for visitors must be in place. They may include the following:
• Methods of establishing the authority for admitting visitors and any limitations relative to access should be used.
• Positive ID of visitors by personal recognition, visitor permit, or other identifying credentials. Contact the principal, faculty, or a staff member to validate the visit.
• The use of visitor registration forms. These forms provide a record of the visitor and the time, location, and duration of his visit.
• The use of visitor ID cards/badges. The cards/badges bear serial numbers, the area or areas to which access is authorized, the individual’s name, and escort requirements.
Individual groups entering the school must meet specific prerequisites before being granted access. The following guidance is for group access into a school:
Visitors
Before allowing visitors into a school, contact the person or activity being visited. After verifying the visitor’s identity, issue a badge, complete the registration forms, and assign an escort (if required). Visitors may include public utility and commercial service representatives.
Cleaning Teams
Schools using contractors for cleaning services must seek advice from the principal or school district. This may include providing escorts.
Students, Faculty, and Staff in the School After Normal Operating Hours
The principal must establish internal controls based on coordination with the SRP or security officer. They also must notify security personnel about the date when an activity or event will be held and for what duration.
Enforcement Measures
The most vulnerable link in any ID system is its enforcement. Security officers must be proactive in performing their duties. Positive enforcement measures must be prescribed to enhance security. Some of these measures may include the following:
Access control
• Designate alert and tactful SROs, security officers, or receptionists at entry control points.
• Ensure that access control personnel possess quick perception and good judgment.
• Require entry control personnel to conduct frequent irregular checks of their assigned areas.
• Formalize standard procedures for posting and relieving security personnel. These measures will prevent posting of unqualified personnel and a routine performance of duty.
• Prescribe a uniform method of handling or wearing security ID cards/badges. If carried on person, the card must be removed from the wallet (or other holder) and handed to security personnel. When worn, the badge will be worn in a conspicuous position to expedite inspection and recognition from a distance.
• Designate entry and exit control points of the school to force individuals to pass in a single file in front of security personnel. In some instances, the use of turnstiles may be advisable to assist in maintaining positive control.
• Provide lighting at control points. The lighting must illuminate the area to enable access control personnel to compare the individual with the ID card/badge.
• Enforce access control measures by educating students, faculty, staff, vendors, contractors, and visitors. Enforcement of access control systems rests primarily with the SRO, security officer, or receptionist; however, it is essential that they have the full cooperation of everyone. Students, faculty, and staff must be instructed to consider each unidentified or improperly identified individual as a trespasser and report this to the office.
• Position ID card/badge racks or containers at entry control points so they are accessible only to the SRO, security officer, or receptionist.
• Appoint a responsible custodian to accomplish control procedures of cards/badges according to policy manual. The custodian is responsible for the issue, turn in, recovery, and renewal of security ID cards/badges as well as monthly verification of individuals in various areas and the deletion of terminated faculty or staff badges.
The degree of compromise tolerable in the ID system is in direct proportion to the degree of security required. The following control procedures are recommended for preserving the integrity of a card/badge system:
• Maintenance of an accurate written record or log listing (by serial number) all cards and badges and showing those on hand, to whom they are issued, and their disposition (lost, mutilated, or destroyed)
• Authentication of records and logs by the custodian
• A periodic inventory of records by the security manager or principal
• The prompt invalidation of lost cards/badges and the conspicuous posting at security control points of current lists of lost or invalidated cards/badges
• The establishment of controls within the school to enable the SRO, security officer, or receptionist to determine the number of persons in the school
• The establishment of the two-person rule (when required)
• The establishment of procedures to control the movement of visitors. A visitor control record will be maintained and located at entry points.
Duress code
The duress code is a simple word or phrase used during normal conversation to alert other personnel that an authorized person is under duress. A duress code requires planning and rehearsal to ensure an appropriate response. This code is changed frequently to minimize compromise.
Access-control rosters
Admission of personnel to a restricted area is granted to those identified and listed on an access control roster. Pen-and-ink changes may be made to the roster. Changes are published in the same manner as the original roster.
Rosters are maintained at access control points. They are kept current, verified, and accounted for by an individual designated by a manager. This manager or their designated representatives authenticate the rosters. Admission of persons other than those on the rosters is subject to specific approval by the principal or another specific member of the faculty or staff. These personnel may require an escort according to the local SOP.
Methods of control
There are a number of methods available to assist in the movement and control of personnel in schools. The following paragraphs discuss the use of escorts and the two-person rule.
Escorts
Escorts are chosen because of their ability to accomplish tasks effectively and properly. They possess knowledge of the area being visited. Escorts may be an SRO or security officer. The SOPs of the individual school will determine if a visitor requires an escort while in the building. Individuals on the access list may be admitted to restricted areas without an escort.
Two-person rule
The two-person rule is designed to prohibit access to areas where confidential information or high-value equipment are stored. Two authorized persons must be present at all times in these areas. They should be familiar with applicable safety and security requirements of the area. When application of the two-person rule is required, it is enforced consistently by those who make up the team.
The two-person rule is applied in many other aspects of physical security operations, such as the following:
• When uncontrolled access to student records and personal identifying information might provide opportunity for intentional or unintentional damage
• When uncontrolled access to funds could provide opportunity for diversion by falsification of accounts
• When uncontrolled delivery or receipt for materials could provide opportunity for pilferage through “short” deliveries and false receipts
The two-person rule is limited to the creativity of the school district or the principal of the school. They should explore every aspect of physical security operations in which the two-person rule would provide additional security and assurance and include all appropriate recommendations and provisions of the physical security plan. An electronic entry control system may be used to enforce the two-person rule. The system can be programmed to deny access until two authorized people have successfully entered codes or swiped cards.
Security controls of packages, personal property, and vehicles
A good package control system helps prevent or minimize pilferage or theft. The SOP of the school may allow the entry of packages with proper authorization into the school. A package-checking system is used at the access control point. When practical, inspect all outgoing packages except those properly authorized for removal. When a 100% inspection is impractical, conduct frequent unannounced spot checks. A good package control system assists in the movement of authorized packages, material, and property.
Property controls are not limited to packages carried openly, and they include the control of anything that could be used to conceal property or material. Faculty and staff should not be routinely searched, except in unusual situations. Searches must be performed according to the school SOP.
All POVs on the campus should be registered with the school’s physical security office. Security personnel should assign a temporary decal or other temporary ID tag to visitors’ vehicles to permit ready recognition. The decal or the tag should be distinctly different from that of school students, faculty, or staff.
The best control is provided when all of these elements are incorporated into access control procedures. Simple, understandable, and workable access control procedures are used to achieve security objectives without impeding school operations. When properly organized and administered, access control procedures provide a method of positively identifying school students, faculty, staff, contractors, vendors, or visitors.
Building design
When designing, building, and installing engineered security controls, security practitioners must consider a variety of factors to ensure optimum results. While not doing so can leave access control systems prone to nuisance alarms, it can also lead to limited or no authorization controls at all. Your objective should be to prevent penetration and provide authorized access through layered levels of security on your campus.
Layered levels of security
The outer perimeter/outer protective layer can be a man-made barrier controlling both traffic and people flow. The inner layer contains the interior lobby and main entrance, turnstiles, revolving doors, handicap gates, elevators, emergency door alarms, and private occupied space. The inner protective layer contains biometrics, mirrors, and video surveillance applications. The middle layer consists of exterior parts of the building.
High-security areas are laid within the inner layer with limited access to a select few. Reducing opportunity within your complex’s design must be tailored to the specific area’s environment.
When designing administrative controls for access control, one must consider the tolerance for process errors. This means we should consider the percentage of unauthorized transactions we can allow with minimal consequence. While engineered controls make a significant difference controlling access capabilities, our tolerance for mistakes or errors in access control often equally relate to the administrative controls that rule the measurement of results and prove our access control levels are operating at the desired levels.
Access cards
1. Proximity cards. Proximity access cards are often used for schools. They work via the use of passively tuned circuits that have been embedded in a high-grade fiberglass epoxy card. One can gain access when the cardholder holds the card within two to four inches from a card reader. The reader’s sensor detects the pattern of the frequencies programmed in the card, and it communicates with the sensor by electromagnetic, ultrasound, or optical transmission. This pattern is then transmitted to the system’s computer. If the pattern matches that of the reader, the reader unlocks the door and records the transaction. If the pattern does not match, no access is granted and this transaction is recorded.
2. Magnetic stripe cards. Magnetic cards use various kinds of materials and mediums to magnetically encode digital data onto cards. To gain access, the card user inserts or “swipes” (passes the badge through) the card reader. As the card is withdrawn from the reader, it moves across a magnetic head, similar to that in a tape recorder head, that reads the data programmed in the card. The information read from the card is sent to the system’s computer for verification. If verification is made, the computer sends a signal to the card reader to grant or deny access, and if access is granted, the door is unlocked. Magnetic cards look like regular credit cards. The most popular medium for this type of access card is a magnetic stripe on which a pattern of digital data is encoded. This type of card is relatively inexpensive and a large amount of data can be stored magnetically compared to other kinds of magnetic media. These cards tend to chip and break, however, through excessive use.
3. Weigand cards. Weigand-based access control cards use a coded pattern on magnetized wire embedded within the card. When this card is inserted into a reader, the reader’s internal sensors are activated by the coded wire. This type of card is moderately priced and will handle a large amount of traffic. It is less vulnerable to vandalism and weather effects than other types of cards, but it does stand up to a considerable amount of wear and tear.
4. Biometrics access control. Biometrics is most accurate when using one or more fingerprints, palm prints or palm scan, hand geometry, or retina and iris scan. Remember deterrent controls delay unauthorized access. Think proactive management.
5. Biometric ID systems operate locks to doors. Used in high-security areas where limited access is maintained, this system checks physical characteristics that verify and allow access/entry.
6. Smart cards. These contain an integrated chip embedded in them. They have coded memories and microprocessors; hence, they are like computers. The technology in these cards offers many possibilities, particularly with proximity card access control systems. Optical cards have a pattern of light spots that can be read by a specific light source, usually infrared. Capacitance cards use coded capacitor-sensitive material that is enclosed in the card. A current is induced when the card activates a reader that checks the capacitance of the card to determine the proper access code. Some access devices come in the shape of keys, disks, or other convenient formats that provide users with access tools that look attractive and subdued but at the same time are functional.
7. Dual technology card. Some cards have dual technology, such as magnetic stripe/proximity card and a radio frequency identification (RFID)/proximity card.
8. Card readers. Card Readers are devices used for reading access cards. Readers come in various shapes, sizes, and configurations. The most common reader is the type where the card user inserts the card in a slot or runs or “swipes” the card through a slot. The other type of reader uses proximity technology where the card user presents or places the card on or near the reader. Some insertion-type card readers use keypads; after the user inserts the card, the user enters a unique code number on the keypad. This action then grants access.
9. Electronic access control (EAC) systems applications. Ideally used as part of a fully integrated facility management system. In such a system, EAC is interfaced and integrated with fire safety/life safety systems, video surveillance systems, communication systems, and nonsecurity systems such as heating, ventilation, and air conditioning (HVAC). In an integrated system, EAC systems allow users access to various areas or limited areas. They can track access and provide attendance records. As a safety feature and for emergency response situations, they can determine where persons are located in facilities. In general, EAC systems are very flexible and strides in technology have made them even more so.
This section barely covers all that you need to know about EAC. The best way to learn about EAC is to actually work with EAC systems. Take advantage of every opportunity to work with EAC systems. Seek assignments where EAC systems are used and ask questions to control room operators, your supervisors, and EAC vendors and service technicians. There are many excellent sources where you can read about EAC and related systems.
Badges
There are many types of badges. Badges with color coding can be used for various reasons that may include designating years of service, clearance levels, departments, and/or locations. In addition, there is video badging, which displays a school logo or a special design and may be color coded and there are badges incorporating digitized data or a photograph.
When badges are initially introduced to a school’s security system, it would appear to be a simple process, until some of the questions and concerns we have identified below arise:
1. If an individual loses their badge, it costs $10 to replace. Some schools allow one “free” replacement easily.
2. When a faculty or staff member is terminated, who retrieves the badge, keys, or other school property? Are all school badges deleted if not used in 30 days?
3. If a badge is stolen, what is the process to render it useless?
4. If a badge is borrowed or used by an unauthorized person(s), has sufficient data been included? Height, weight, and color of eyes and hair can be included by using both sides of the card.
5. Database for badges? Are principals required to give written permission before access is granted?
6. Identify access levels and authorization process.
7. Consider all potential vulnerabilities and the risk of threats.
Biometrics characteristics1
Biometrics characteristics are often classed in two main categories:
1. Physiological Biometrics. Features notably identified through the five senses and processed by finite calculable differences: sight (how a person looks including things like hair and eye color, teeth, or facial features), sound (the pitch of a person’s voice), smell (a person’s odor or scent), taste (the composition of a person’s saliva or DNA), and touch (such as fingerprints or handprints).
2. Behavioral Biometrics. Based on the manner in which people conduct themselves, such as writing style, walking rhythm, typing speed, and so forth.
In order for any of these characteristics to be used for sustained identification encryption purposes, they must be reliable, unique, collectable, convenient, long term, universal, and acceptable.
Types of biometrics devices
Iris cameras. They perform recognition detection of a person’s identity by mathematical analysis of the random patterns that are visible within the iris of an eye from some distance. It combines computer vision, pattern recognition, statistical inference, and optics.
Iris recognition. This is rarely impeded by glasses or contact lenses and can be scanned from 10 cm to a few meters away. The iris remains stable over time as long as there are no injuries, and a single enrollment scan can last a lifetime.
Fingerprints. Formed when the friction ridges of the skin come in contact with a surface that is receptive to a print by using an agent to form the print, such as perspiration, oil, ink, grease, and so forth. The agent is transferred to the surface and leaves an impression which forms the fingerprint.
Hand scanner and finger reader recognition systems. These measure and analyze the overall structure, shape, and proportions of the hand, such as length, width, and thickness of hand, fingers, and joints and characteristics of the skin surface such as creases and ridges.
Facial recognition device. This views an image or video of a person and compares it to one in the database. It does this by comparing structure, shape, and proportions of the face; distance between the eyes, nose, mouth, and jaw; upper outlines of the eye sockets; the sides of the mouth; location of the nose and eyes; and the area surrounding the cheek bones. The main facial recognition methods are feature analysis, neural network, eigenfaces, and automatic face processing.
Voice recognition voiceprint. This is a spectrogram, which is a graph that shows a sound’s frequency on the vertical axis and time on the horizontal axis. Different types of speech create different shapes on the graph. Spectrograms also use color or shades of gray to represent the acoustical qualities of sound.
Smart card. A pocket-sized plastic card with an embedded chip that can process data. It is used in industries such as education, health care, banking, government, and biometrics. Smart cards can process data via input and output of information and is essentially a mini processor. They can provide identification, authentication, data storage, as well as other services in an educational setting.
Digital biometrics signature. This is equivalent to a traditional handwritten signature in many respects because a properly implemented signature is more difficult to forge than the traditional type. Digital signature schemes are cryptographically based and must be implemented properly to be effective. Digital signatures can be used for e-mail, contracts, or any message sent via some other cryptographic protocol.
Vein recognition. This is a biometric method for recognizing individual people based on unique physical and behavioral traits. Physiological biometrics is one class of biometrics that deals with physical characteristics and attributes that are unique to individuals. Vein recognition is a type of biometrics that can be used to identify individuals based on the vein patterns in the human finger.