RFID based Access Control & Attendance

Security access and control applications may perform the functions as in the following examples...

  1. Limiting access to a restricted area
  2. Limiting access to building
  3. Verifying that an employee has the license to operate a fork-lift, company vehicle or other piece of equipment
  4. Knowing which employee performed a particular task, such as assembling a pallet of products
RFID technology has long been used as an electronic key to control who has access to office buildings or areas within office buildings. The advantage of RFID technology:
  • Convenient (an employee can hold up a badge to unlock a door, rather than looking for a key or swiping a magnetic stripe card).
  • No contact between the card and the reader, there is less wear and tear.
  • Less equipment maintenance.
Active RFID tags can be combined with motion sensors so that when objects are moved without authorization, an alarm is sounded. RFID tags can be put on laptops and files containing sensitive documents to make sure they are not removed from a building without authorization.

Access control system operation

When a credential is presented to a reader, the reader sends the credential’s information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked. If there is a match between the credential and the access control list, the control panel operates a relay that in turn unlocks the door. The control panel also ignores a door open signal to prevent an alarm. Often the reader provides feedback, such as a flashing red LED for an access denied and a flashing green LED for an access granted.

The above description illustrates a single factor transaction. Credentials can be passed around, thus subverting the access control list. For example, Alice has access rights to the server room but Bob does not. Alice either gives Bob her credential or Bob takes it; he now has access to the server room. To prevent this, two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted; another factor can be a PIN, a second credential, operator intervention, or a biometric input.

There are three types (factors) of authenticating information:

  • something the user knows, e.g. a password, pass-phrase or PIN
  • something the user has, such as smart card
  • something the user is, such as fingerprint, verified by biometric measurement

Passwords are a common means of verifying a user's identity before access is given to information systems. In addition, a fourth factor of authentication is now recognized: someone you know, where another person who knows you can provide a human element of authentication in situations where systems have been set up to allow for such scenarios. For example, a user may have their password, but have forgotten their smart card. In such a scenario, if the user is known to designated cohorts, the cohorts may provide their smart card and password in combination with the extant factor of the user in question and thus provide two factors for the user with missing credential, and three factors overall to allow access.

Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system. But it can also refer to a restroom stall where access is controlled by using a coin to open the door.