There are many building access control features that require information to be known by more than one controller. The information is needed to make decisions regarding allowing or preventing access to a premises or particular room. Conventionally, a primary access control unit, networked to other access control units, performs access control functions of this type. The primary access control unit decides what information needs to be distributed to other access control units. The primary access control unit is used for implementing various access control schemes, such as anti-passback, 2-man rule, n-man rule, and various supervisor procedures.
The anti-passback access control scheme prevents an authorized user from presenting a credential card to access an area, and then “passing back” that card, through for example a window or another door, to an unauthorized user, who then uses the same card to access the area.
Anti-passback is accomplished by the use of two credential readers, one on entry and one on egress, at particular doors. Users must present their card to enter, and also to exit the area. The access control system registers when someone has entered, and when he or she has left. If someone enters and passes back his or her card to another person, the unauthorized user will not gain entry, because the system will recognize that the proper user's card already has been used to enter the building and that no subsequent egress has been logged for that card. Therefore, the use of the card by the second user is invalid.
The 2-man and n-man rule access control schemes require that two authorized personnel, in the 2-man rule case, or some other number of authorized personnel, in the n-man rule case, be the minimum number of personnel in a room so controlled. Thus, in the 2-man rule controlled room, the room is either unoccupied or there are at least two authorized personnel in the room simultaneously. These types of access control schemes are useful where verification of an occupant's actions is desirable. For example, often banks employ a 2-man rule when emptying an automated teller machine (ATM), thus two bank employees are required to be present in the ATM room while the received deposits are cataloged and processed. In this way, the possibility of theft can be greatly reduced.
Referring to FIG. 1, a conventional access control system is shown. The primary access control unit (P-ACU) 10 receives from and sends messages to access control units (ACU), such as card reader 30, RF-ID reader 40, biometric scanner 50, and other ACUs 60 as known in the art. The ACUs 30, 40, 50 and 60 are generally connected to the P-ACU 10 using an Ethernet infrastructure. While the Ethernet infrastructure shown in FIG. 1 is a wired Ethernet network, the network can be wired or wireless. An Ethernet routing device 20, such as an Ethernet switch, or router, is employed to coordinate Ethernet message traffic to efficiently utilize available network bandwidth. The Ethernet routing device 20 identifies the destination of a message but does not read the content of the message.
The disadvantage of the conventional access control scheme is that both sets of hardware—primary access control unit and Ethernet routing device—are needed to efficiently control the access network.