Wireless ACS: ideas, implementation examples, prospects.
The main objective of this review is to familiarize industry specialists with a new promising topology for organizing full-fledged wireless ACS based on the IEEE 802.15.4 wireless data transmission protocol, better known as «ZigBee technology». In fact, it would be more correct to call this article an «introduction» rather than a review — both because of the novelty of the proposed concept for building wireless ACS and the limited supply of the systems under consideration on the market.
In the last few years, wireless technologies have been actively implemented in many security systems — in particular, they are very successfully used in security and fire alarm systems. Wireless (often even powered by conventional batteries) sensors, detectors, sirens and other equipment operating via a radio channel are offered by a large number of manufacturers, including Russian ones. The reasons are obvious: wireless systems have tangible advantages for both end users (increased safety and reliability of systems that do not depend on broken or burnt-out wires) and for installers (installation of systems is not only significantly simplified, but also increases the possibilities for expanding and expanding systems at operating facilities).
However, in such a segment of the TSB as ACS, the situation today is completely different: installers and developers talk a lot about wireless ACS, but in reality only a few Western manufacturers offer such systems. And not all of them are ready to implement them in our country: at the moment, literally several such systems have been installed in Russia. And so far, all of them are at hotel facilities.
First, let's look at the very idea of »wirelessness», i.e., define:
a) what systems are we talking about;
b) what wires exactly need to be eliminated.
So, we are not considering stand-alone ACS for 1-2 doors and a hundred or two users, but universal systems of the 2nd, and better the 3rd class (according to the classification of GOST R 51241-2008), i.e. systems for a large number of users and access points (at least several thousand), with real-time management and control, with a sufficient number of access levels and time schedules of access (256 or more), etc.
Ideally, a wireless ACS should be such in absolute terms, i.e. without wires at all.
The existing (and offered on our market) classic ACS, which fall under the definition of GOST universal systems of the 2nd and 3rd classes, use wires very widely, and for completely different purposes. Let's divide all these wires into three categories.
Firstly, trunk communication channels (most often, RS485 or IP data transmission standards are used). In this same category, we will also include all sorts of converters and interface converters (although these are not wires in their pure form, they are an add-on, which would also be useful to get rid of).
Secondly, wires for “binding” the door, i.e. loops connecting the access controller with readers, actuators, sensors, exit buttons, etc., etc. And, thirdly, power lines – both for controllers and peripherals – readers, actuators.
This «classification» division of wires is done intentionally, since the conversion of each of the three types to a wireless state is carried out differently.
1. Trunks.These channels are used to connect access controllers with the ACS database (the central database server). As a rule, these data transmission channels occupy the lion's share of the total cable length, and theoretically it is easiest to transfer them to a wireless radio channel. There are already quite a few technologies for this — Wi-Fi, WiMAX, GSM, Bluetooth, ZigBee. If the system uses IP controllers, then there is no need to invent anything — it is enough to simply install 2 Wi-Fi access points «at the ends of the wire». In fact, everything is not so simple here, but first let's consider the following points.
2. «Binding» of the access point. The term is rather conditional, but all specialists understand it perfectly. Despite the small footage of such cables per system, it is the possibility (or rather, the impossibility) of laying them at a specific facility that in most cases limits the number of rooms equipped with ACS (access points). And when deploying ACS at an already functioning facility, it is laying this “last meter of cable” that becomes the main headache for installers. Another problem is the variety of protocol types used in the “strapping”. Unlike highways, where there are less than five such protocols, here we have a complete variety. Theoretically, all of them can also be transferred to a wireless radio channel. In practice, the cost of all kinds of converters will definitely destroy the whole point of transferring the system to a “wireless” state.
3. Power lines.There is also one big problem here. There are practically no technologies for transmitting power voltage of sufficient power without wires (at least there are no industrial samples, only prototypes so far). The only alternative is to use batteries or accumulators. However, I can hardly imagine the size (and cost) of a set of batteries sufficient to operate the magnetic lock so beloved by our installers for at least a year or two without recharging or replacement (more frequent battery changes will destroy the prospect of using such a system for most users due to operating costs).
At first glance, it's a complete dead end. Yes, we still have a real alternative to transfer the highways to a wireless state, and the cables for points 2 and 3 can be left as is, and many of our developers have not even considered other options. But this will not be a wireless ACS.
Nevertheless, all the listed problems have a solution, and it has been known for quite a long time.
To get rid of wires, you need to either use several wireless converters at once (which, as noted above, negates the idea itself), or zero out their length. That is, the set of equipment, which includes a controller, reader, position sensor (if needed), actuator (lock), etc., should turn into a single device — an electronic lock. Wires «from the outside» are not connected to it, we will not take into account several centimeters of wire inside the lock structure itself. Even the power source of electronic locks is not a power supply from a 220 V network, but ordinary batteries: from one set (usually from 1 to 6 standard batteries, which can be bought in any store) electronic locks work for 2-4 years. Such characteristics are achieved thanks to the cunning actuator of the electronic lock: the engine (sometimes a solenoid) in such locks only locks/unlocks the locking mechanism, and the user opens the door himself, pressing the lock handle. Thanks to this scheme, electronic locks use micromotors with very low energy consumption.
Similar electronic lock systems were invented more than 20 years ago, but they had a number of features that seriously limited their scope of application:
1. Until recently, trunk communication channels were not used at all in such systems. Electronic locks had no real-time connection with the system server. From time to time, the system operator could ensure the connection of the locks with the server by transferring (literally) information from the database to the lock and back via a special device — a portable programmer. That is, to collect the protocol of passages through the access point or, conversely, to make changes to the parameters of the access point, he had to go to the lock with a programmer, connect it to the lock to download the data and then return to the computer. Real-time control of the access point (electronic lock) (opening or blocking the door from the operator's workstation) was not provided at all.
2. For the convenience of managing user access rights in the absence of a backbone (more precisely, for the possibility of assigning rights to new users after the locks have been programmed), these rights in electronic lock systems are recorded directly on the user card. That is, the card always acts not as an access identifier, but as a carrier of access rights.
3. The next feature: to manage users, i.e. to change or cancel access rights, the operator had to get physical access to the card (let us remember: it is the carrier of access information) or to the lock (to enter a blacklist with a list of lost cards into its memory). To change access rights, the card must be rewritten. To cancel a lost key, it is necessary to go around all the locks where this card was valid.
Such a system cannot be called a full-fledged ACS. Until recently, they were used mainly in hotels, where with a large number of access points (electronic locks), the lack of need to lay leads more than compensates for all the described shortcomings. However, times are changing.
The idea of creating a wireless universal ACS
For the evolutionary transition from an electronic lock to a universal ACS, it is necessary to ensure communication between the locks and the ACS server in real time. Of course, such communication can be organized using the classic method, i.e. by laying cables. However, in this case, we lose the main advantage — ease of installation and the ability to deploy the system «live», in an already functioning office (for example). And the price of such a system will be quite high. In classic ACS, it is possible (and necessary) to use one controller for several doors (4, 8, 16 …), and since the controller is the most expensive element of the system, the price «per door» will not be so high. With an electronic lock, in which the controller is «implanted» inside, the equality «one controller = one door» is always fulfilled.
If you add a wireless radio module to the capabilities of electronic locks, the balance of power can change dramatically. After all, in this case, in addition to all the existing advantages, we get a truly wireless, but universal ACS that meets all the requirements.
Choosing a technology
Choosing a technology for organizing a wireless trunk channel between electronic locks and the ACS server is a fundamental task.
The previously mentioned Wi-Fi or Bluetooth technologies, as well as GSM networks, are not really suitable for these purposes. Both because of high energy consumption and because of the peculiarities of the network topology organization. Any of the above technologies would eat up the entire charge of the battery set of an autonomous lock in a few days, and the need to supply external power (installing power supplies and laying a cable to the lock) destroys the very meaning of the term «wireless ACS».
Therefore, the IEEE 802.15.4 protocol was chosen as a transport. It provides excellent opportunities both for organizing sufficiently branched multi-level networks (with a mixed topology of «point-to-point», «star»), and for the parameters of energy consumption of transmitting devices.
The IEEE 802.15.4 standard was developed by an alliance of companies (Invensys, Honeywell, Mitsubishi Electric, Motorola, Philips, etc.). This standard describes wireless personal area networks (WPAN – Wireless Personal Area Network). The IEEE 802.15.4 standard was adopted quite a long time ago (the formation of the IEEE 802.15.4 specification began in the late 90s of the last century, the current protocol specification is dated 2006).
ZigBee is the name of a set of high-level network protocols that use radio transmitters based on the IEEE 802.15.4 standard. The name ZigBee appeared as a combination of Zig-zag – zig-zag and Bee – bee, since the network topology assumes the ability to transmit information along a trajectory similar to the zigzag flight of a bee from flower to flower.
ZigBee is aimed at applications that require longer battery life and greater security, at lower data rates. The main feature of ZigBee technology is that it supports not only simple wireless topologies (point-to-point and star) but also complex wireless networks with mesh topology with message relaying and routing, with relatively low power consumption.
The IEEE 802.15.4 standard provides for operation in three ranges, the fastest and most capacious of which is 16 channels in the 2450 MHz range (the central frequency step is 5 MHz, the lowest of them is 2405 MHz) — in Russia it falls into the spectrum of unlicensed frequencies. The speed in this channel is 250 kbps. The transmission range is from 10 to 100 m depending on the output power and the environment.
Since May 2007, 802.15.4 devices have been certified in Russia, the radiation power of which does not exceed 10 mW in open areas and 100 mW indoors (decision of the State Commission on Radio Frequencies (SCRF) on operation in the frequency range of 2400.0–2483.5 MHz dated May 7, 2007).
Based on materials from Wikipedia, the free encyclopedia (http://ru.wikipedia.org) and the article by I. Shakhnovich “Personal wireless networks of IEEE 802.15.3 and 802.15.4 standards” http://electronics.ru/issue/2004/6/12
Let us dwell on several nuances that are directly related to the subject of ACS.
The main advantage of this standard as a backbone transport for wireless ACS based on the use of electronic locks is the extremely low energy consumption of the radio module itself.
However, you shouldn't count on the declared transmission speed of up to 250 kbps and the reliable signal reception distance of up to 100 m. Firstly, these parameters strongly depend on the specific implementation of the module and on the state of the environment (thickness and type of walls and ceilings, etc.). Secondly, a considerable part of the declared 250 kbps is «eaten up» by the service information of the protocol itself, which ensures the operability of devices with fairly large permissible packet losses.
Another nuance is the «fee for using» the 2.4 GHz frequency range, in which several other technologies already live (the same Wi-Fi and Bluetooth). Due to such proximity, in reality it is unlikely that it will be possible to calmly use all 16 channels provided by the protocol.
Perhaps these problems are currently slowing down the use of the IEEE 802.15.4 protocol in classic ACS, since their operability depends quite heavily on the quality of the backbone.
However, with systems built on electronic locks, the situation is fundamentally different.
Firstly, these systems were originally created for use in conditions where there is no main line at all, so even in the wireless version they easily perform the entire basic set of functions even with a completely “collapsed” network.
Secondly, the very principle of the access system here differs radically from the «classic». The main difference is the use of electronic media of access information instead of access identifiers. Access rights are recorded on the card itself at the moment the key is issued to the user, and are not stored in the depths of the ACS DB and/or in the controller's memory, associated with a certain identifier issued to the user. That is, the controllers of electronic locks should not store in their memory an access table with a list of all the cards that need to be «let in», but only their own parameters plus the real time and date. When the key is presented, the information read from the card's memory is compared with the information from the controller's memory (whether this controller is included in the list of zones allowed on the card — taking into account the real time-date, the current operating mode of the controller, etc.). And the decision «to open — not to open» is made by the controller independently, without the participation of the system server.
The presence of a wireless connection between the electronic lock and the server is not a mandatory condition for the system to function; it merely removes the limitations that previously prevented such systems from being called full-fledged ACS. At the same time, all these additional functions are not so sensitive to either the speed of signal transmission from the server to the lock and back (of course, we are not talking about minutes or even tens of seconds, but a delay of a second or two is quite possible), or to possible loss of connection and their duration.
These capabilities include:
1. Monitoring the system status and managing access points in real time.
2. Collection of system audit (by the way, electronic locks have their own non-volatile memory, where all events are necessarily recorded even if the wireless connection works without failures).
3. User management, i.e. the ability to cancel, change access rights and track the user in real time.
4. Some other features specific to special application conditions, for example, in hotel systems it has become possible to remotely extend the stay or move from one room to another without the guest visiting the reception desk.
Let's say a few words about the topology of a wireless network built on the basis of the IEEE 802.15.4 protocol. It was mentioned above that radio modules operating under this standard have range limitations. In real conditions, these distances are no more than 20-40 m (we, of course, mean deploying the system indoors). In most cases, this distance is not enough to organize a normal ACS. Therefore, the network infrastructure consists not only of a receiver and a transmitter, but also intermediate signal repeaters and retransmitters, as well as gateways connecting wireless networks with a local network segment. For example, the signal path may look like «access point — repeater — repeater — … — gateway — local network — server». The number of repeaters between the access point and the gateway (these are mandatory infrastructure elements) depends on both the geography of the facility and the specific implementation of the system. For example, in the SALTO Wireless systems, which we will consider further, the maximum number of repeaters between the lock and the gateway is 4. But the network infrastructure does not necessarily have to be linear — each gateway (by the way, it does not necessarily have to be only one per system) can simultaneously work with 4 repeaters and 16 locks, each repeater — with 4 other repeaters and also 16 locks. As a result, we get a tree-like network topology with many branches.
Let's return to the topic of wires once again. Gateways and repeaters that create a network infrastructure, at the present stage, need wires. Firstly, they require external power supply. Their transfer to battery power is theoretically possible, but still manufacturers prefer to use external power sources. Secondly, the main task of the gateway is to connect the wireless network with the regular local network of the facility. That is, gateways also use a wire to deliver information to the server. Of course, here you can get by with a Wi-Fi access point or build a gateway directly into the computer, but it is more convenient to place it in the point of space where it will optimally perform its duties.
By the way, thanks to PoE technology (i.e. power transmission directly over a twisted pair), the wires for both points can fit into one cable.
However, it seems to us that the presence of several meters of wires in the system for connecting and powering gateways and repeaters certainly cannot deprive systems built on this technology of the honestly earned title of «wireless ACS».
Prospects
At the moment, no one will risk guaranteeing a bright future for the technology we have described, although all the prerequisites for this are there. It is enough, for example, to look at the more than solid list of names of companies — the founders of the ZigBee alliance. The use of this technology in a narrow section of the front — ACS — is only a small part of the process of global and rapid implementation of wireless technologies in everything that surrounds us.
Perhaps, in some time, wired ACS will be abandoned completely, but for some reason it seems to me that this is unlikely to happen. Just as there will be no complete immersion in wireless technology: ACS operating “over the air” will find their niche, where other technologies will not be able to compete with them. And as soon as this happens, there will be a fairly large supply on this market. Another more than real scenario is the emergence of wireless integrated security systems. Of course, video will never be transmitted using ZigBee technology, but a wireless backbone deployed for ACS is quite suitable for fire alarm systems, time tracking, and some others.
Today, there are only a few wireless ACSs, and all of them are imported. Russian developers do not yet offer ready-made solutions based on such ideas. Many companies have assessed the effectiveness of implementing wireless technologies in existing systems, so they considered the issue of converting only trunk lines to a wireless state, and not the entire ACS. In many ways, this is a feature of our market. Moreover, it lies more in the sphere of the mentality of installers and developers than in economic or other conditions (see the «Authoritative Opinion» box). But we are used to acting on the principle of «catch up and overtake» — after all, as you know, in Russia they are very slow to harness…
«Authoritative Opinion»
Alexander KURILIN, CEO of PromAvtomatika
Many Russian ACS developers have worked on the issue of creating wireless ACS. In reality, no one has implemented this idea. I cannot speak about the motives of other companies, but I will tell you why we abandoned this idea.
It's all pretty trivial: despite the technical beauty of such a solution, its implementation turned out to be commercially uninteresting. We analyzed the market and realized that wireless controllers could only account for 5% of our sales. At the same time, labor costs would be incomparably higher. Why only 5%? All installation organizations we work with love wires, since they earn mainly on their installation. Accordingly, they are very cautious about any solutions that deprive them of this income. There are exceptions, but they are rare.
The next point: everything wireless is perceived by people as unreliable. This is partly not without reason, since any object can encounter a difficult-to-penetrate barrier, an intruder can try to use equipment to create interference, etc.
ZigBee is a technology that quickly became known to developers, but not to consumers or installation organizations. People live with their old ideas about the radio channel, it is often quite difficult to explain to them the advantages of ZigBee.
In addition, it is impossible to get rid of wires completely: power supply, locks, sensors – wires are needed everywhere. And in those situations where a wireless solution is needed, IP-controllers of the access control system are used with the use of third-party wireless IP-tools (Wi-Fi, GSM-routers).
Another point that can be mentioned is the ambiguity with the licensing of wireless solutions, the need to obtain permits, the lack of clarity of the legal side of the issue…
Implementation and installation examples
Today, there are only a few implementations of such wireless ACS, which is explained primarily by the novelty of the technology. Industrial (not experimental) samples of equipment appeared in the second half of last year, when several manufacturers presented their wireless solutions at an interval of two to three months. You will find a brief overview of two such systems in this article.
A few words about examples of installations of such systems in our country and around the world.
Since at the moment the driving force of the described wireless technology is exclusively manufacturers of electronic locks — and their fiefdom in Russia until recently was exclusively hotels — then the first installations of such systems in our country also happened in the hotel business. For example, LeMeridien Moscow Country Club is a five-star hotel, sports club, golf club and complex of country residences in the Krasnogorsk district of the Moscow region. This is a fairly illustrative example of the capabilities of a system that is not tied to wiring. The equipment of this facility began more than 2 years ago and is still ongoing, since the complex continued to function all this time, and the budget for re-equipping the facility with a comprehensive ACS implied a phased implementation depending on the allocated funds and seasonal load. And although the hotel has only 130 rooms, the total number of access points has already exceeded 600. Initially, there were only 2 types of access devices — classic wired IP access controllers (there are less than a dozen of them for the entire facility) and autonomous electronic locks on most doors. When the company presented its wireless system, it was decided to install such equipment in some of the rooms to determine how convenient and useful the new technology is. Naturally, the main condition of the customer is to retrofit previously equipped rooms in such a way that the hotel does not incur any additional costs associated with downtime of rooms or the need for additional repairs. In a few months, the customer plans to summarize the results of the test operation and determine to what extent and in what areas it will be justified to use wireless electronic locks, and where to limit themselves to conventional locks without a radio module.If we talk about the implementation of such systems in the West, the situation there is somewhat different. First of all, this is due to the fact that there is no such dominance of exclusively wired systems and ACS based on autonomous locks are used quite widely, not limited to the hotel sector. Among the implemented projects, we can mention the University of Bristol (more than 200 access points), the Compass office center in Hong Kong and the Mandarin Hotel in Yelon.
VISIONLINE by VingCard
The system is developed using the open ZigBee™ platform, supported by companies that are members of the ZigBee™ Alliance. The IEEE 802.15.4 standard is used worldwide at a frequency of 2.4 GHz.
The VISIONLINE by VingCard system includes Combo or RFID locks with RF transceivers and battery packs.
Data network components: routers, gateways, power supplies, software for organizing the online network.
The reception desk equipment includes VISIONLINE software, encoders, and LockLink. Key cards — magnetic strip or RFID (for guests), smart chip or RFID (staff). Additional peripheral equipment: remote controllers, elevator controllers, online safes.
The VISIONLINE by VingCard system can centrally cancel key cards, check the validity of cards, automatically cancel cards, remotely receive reports on events occurring with locks. It also provides such functions as monitoring the state of the batteries in the lock, extending the validity of the key card, changing the room number, automatically canceling the guest key card after the guest checks out and others necessary for a full-fledged hotel ACS.
SALTORFIDWireless Access Control and Management System
Universal system. Allows a combination of autonomous and online (IP) controllers with wall readers, autonomous and online (wireless) electronic locks, electronic cylinders in one system.
Identifier type – contactless rewritable smart cards that meet ISO 14.443A, ISO 14.443B and ISO 15.693 (Vicinity) standards: MiFare, Desfire, ICODE, Legic, InsidePicoPass, HIDiClass, SKIDATA. Compatible with NFC (NearFieldCommunication) technology.
Type of access point equipment – ACS controllers of 3 versions: autonomous, online (IP) and online with the SALTO virtual network function. The system uses wall-mounted readers for indoor and outdoor use, with or without a keyboard.
Autonomous and wireless online locks for any doors, including emergency exit doors (with a panic bar).
Number of access points – 64,000. This is the number of possible users. The number of visitors is unlimited.
Global (with recording a mark on the user's key upon entry and removing it upon exit or after a set time) prohibition of double passage. Possibility of dual identification. Possibility of multi-level integration with other systems. SALTO virtual network: autonomous locks can record information on users' keys (passage history, battery status, etc.) — when passing through an online access point (IP controller), the data from the key is transferred to the DB. At the same time, an update of the access level, key expiration date, blacklist (tags of lost keys for entering into the memory of autonomous locks), etc. is written to the key.