Security systems for access control in facilities typically use a central access controller or multiple distributed access controllers, which are coupled to readers associated with locking mechanisms at doors. Security systems with a central access controller are described for example in U.S. Pat. Nos. 4,839,640, 4,816,658, 4,544,832, and 4,218,690. A security system with a distributed access controllers is described in U.S. Pat. No. 6,738,772. Personnel are provided badges or cards encoded with badge information that can be read by a reader, and then passed by the reader to an access controller, which makes an access decision according with the badge information and any additional authentication data (e.g., pin number and/or biometric(s)) received.
Badge information is encoded on badges magnetically (e.g., magnetic strip), optically (e.g., bar code), or wirelessly (e.g., RF tag), in a manner such that readers can access such information from the badges when presented to readers. Traditionally, the information encoded represents at least a badge number and an issue code. The badge number is a unique number or code assigned to the owner of the badge, while the issue code identifies each reissue of the badge. For example, when a badge is first issued to a person the issue code may be set to one. If the badge is later reissued to the person, which often occurs as badges can be damaged or lost, the issue code is set to two or other number indicating it is a different badge from the one damaged or lost. This avoids unauthorized use of the old badge.
One problem is that badges can be forged enabling unauthorized access by copying badge information from an existing badge onto a new badge. Such forging is possible by the use of similar technology to that used in creating badges in the system. Unauthorized access can risk both personnel and protected property of a company, university or other establishment relying on its security system. Moreover, even a user reporting a lost badge does not protect against the sophisticated forger who can modify the stored badge information on the lost badge with a new reissue code, thereby forging a new badge. This problem is often exacerbated by the absence of additional authentication, such as provided by pin number entry and/or biometrics capture, at the reader, which could assist in avoiding unauthorized access by a forged badge.
Thus, an improved security system is desirable which reduces the risk of unauthorized access using a forged badge, and adds improved authentication of badges, even at a reader which lacks additional authentication by use of a pin number entry and/or biometrics. It is further desirable that such improved security system can be readily implemented in an existing security system infrastructure (hardware and software) without requiring the expense of new or retrofitted access controller(s), or purchase of a new access control security system.