=Paper=
{{Paper
|id=Vol-3057/paper25.pdf
|storemode=property
|title=Access Control in Corporate Systems
|pdfUrl=https://ceur-ws.org/Vol-3057/paper25.pdf
|volume=Vol-3057
|authors=Oleg V. Boychenko
}}
==Access Control in Corporate Systems==
https://ceur-ws.org/Vol-3057/paper25.pdf
Access Control in Corporate Systems
Oleg V. Boychenko
V.I. Vernadsky Crimean Federal University, Avenue Academica Vernadsky, 4, 295007, Simferopol, Crimea
Abstract
The work carried out a study on the use of access control systems (MCDS) to ensure permitted
access to corporate security. Description of basic, peripheral and additional equipment as part
of modern access control systems in the activity of a dynamically developing economic
enterprise is given. The main technological capabilities of modern access control systems are
described. Directions of the most effective application of access control systems have been
determined. Studies have found that MCDS has been widely used in companies where users
need to manage and restrict access to information resources with confidentiality characteristics.
The fundamental points of the development of innovative access control systems based on
machine training and artificial intelligence technologies have been studied. The procedure of
preparation of systems for performance of main tasks of determination of the justified necessity
of employees on access to information resources of the organization, having signs of
confidentiality, is described. It is of paramount importance to use the updated software
application as part of access control systems with the provision of continuous monitoring of
the unauthorized impact on the automated information system of information resources
management of the corporation. The main direction of the development of modern security
systems using artificial intelligence systems based on distributed neural networks integrated
with blockchain technologies has been determined.
Keywords 1
Access control, security system, security, identification, intellectualization.
1. Introduction
Access control is a set of software and hardware and agency instructions that solve problems of
management and administration, visit separate rooms, and operations control the movement of
personnel, and spend time in the field. Removing a person from the standard workforce is particularly
important for the safety of facilities where the cost of error and sometimes basic needs are very high.
On the other hand, the security officer must be provided with full and accurate information on local
developments and have a convenient way of working seamlessly and solving problems. The access
control system usually contains ID numbers, card readers, controllers, and ACU [1] servers, and the ID
card contains information for user identification.
Along with this, the research shows the prospects for the development of continuous access control
management technologies in organizations using information resources that have signs of
confidentiality, modern technological machine learning systems (neurotechnologies) in combination
(integration) with artificial intelligence systems.
The global market for artificial intelligence (AI) solutions in 2018 amounted to $21.5 billion, in
2024 it will reach $137.5 billion. The global market for neurotechnology solutions in 2018 amounted
to $1.3 billion, in 2024 it will increase to $7 billion.
Taking into account the global market for artificial intelligence and neurotechnology in general -
taking into account the internal developments of companies - in 2018 amounted to $396 billion, and by
2024 it will increase to $890 billion. Similarly, the size of the global neurotechnology market as a whole
in 2018 amounted to $7 billion, by 2024 it will increase to $35 billion.
Proceedings of VI International Scientific and Practical Conference Distance Learning Technologies (DLT–2021), September 20-22,
2021, Yalta, Crimea
EMAIL: bolek61@ mail.ru (A1),
ORCID: 0000-0003-3326-1015 (A1)
©️ 2021 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
217
� The Russian market for AI solutions in 2018 amounted to 2.1 billion rubles, by 2024 it will increase
to 160 billion rubles. The Russian market for neurotechnology solutions in 2018 amounted to 100
million rubles, by 2024 it will grow to 8.2 billion rubles.
The Russian AI market as a whole in 2018 amounted to 189 billion rubles, by 2024 it will increase
to 907 billion rubles. This indicator includes the revenue of companies in the field of artificial
intelligence, the revenue of other IT companies that develop products thanks to AI, and the increase in
revenue of companies from various sectors of the economy, which was obtained thanks to artificial
intelligence).
Similarly, the Russian neurotechnology market as a whole in 2018 amounted to 45 billion rubles, in
2024 it will grow to 65 billion rubles.
Thus, to detect defects in the equipment of the MCDS system, it is now most advisable to use the
development of Boeing using the neural network and machine vision for detection with higher accuracy.
In addition, modern computer vision architectures and deep neural network algorithms are being
developed to recognize and analyze captured images of aircraft, identify anomalies and initiate early
warnings.
2. Technological Aspects of CPD
Each card is assigned a certain level of access, according to which the user is entitled to access that
or that door at certain intervals. The card can be used simultaneously as a bypass with a photograph, a
credit card, etc. The following types of cards are used in the ACU system:
#Plastic card with magnetic strip Card «Wiegand» is a plastic card with a rectangular loop of
hysteresis made of an alloy, which allows assigning each unique code card;
#bar-code card - plastic card with printed bar-code;
#Sensor Contact Cards - Plastic Card with built-in chip and electronic interface.
It should be emphasized that the Smart Card is much better than other types of ID cards in almost
all functions (safety level, read technology, noise resistance, mechanical damage, durability, reliability,
and bandwidth).
The main advantages of a non-contact smart card are a high level of security, storage of a
considerable amount of information, the possibility of programming and reprogramming, the possibility
of performing cryptographic operations. Reader applications, as an important element in an ACS
system, provide a reading of the information on the map. This information is addressed to the manager
who decides on the user’s access to the automated system. [2]. It contains information about the
operating system’s mode configuration, a list of people who are entitled to enter the premises, and their
right of access to these premises. Large systems may have multiple controllers.
To enhance the authentication process, a keyboard connected to the administrator is used to dial a
personal ID number. SCOD servers are computers that control their associated access controllers. Port
data, photos, individual code, and other information about the holder of the user’s ID card are entered
on the personal «electronic card» so that the personal «electronic card» The user and identification
number were appropriate and recorded in the databases. [3]. In the system, each code is linked to
information about the rights of the cardholder. Based on a comparison of the information and the
circumstances in which the card was entered, the system makes the decision: open the controller or door
locks (lock, turnstiles) or turn the room into a protection mode, including emergency signals, etc.
All facts about the presentation of maps and related actions (bypassing, alarm, etc. ) are recorded
under control and stored on a computer. Information on events related to the presentation of maps can
be used in the future for the production of reports on the recording of working time, the allocation of
work, etc. Depending on the tasks of the administrative boards, you can choose the appropriate access
control and management system. A small access control system prevents access to undesirable people,
and staff will determine the exact terms to which they are entitled to access. The more complex system,
in addition to limiting access, assigns each employee a unique schedule, saves, and then browses
information about the events of the day. Systems can operate autonomously and on a computer.
An integrated access control system allows to solve security and safety issues, automate the work of
employees and accounting, to create an automated workstation. The set of workstations performed by
218
�complex systems makes it possible to use monitoring systems to perform certain tasks in a company or
facility.
Sound hound technology is designed to create the conditions for a flexible and scalable voice
intelligence system with voice support and combines both automatic speech recognition (ASR) and
natural language understanding (NLU) in one mechanism, which significantly improves speed and
accuracy. In addition, the Houndry Platform offers more than 125 domains of mutual understanding,
title schedules, and redistribution rights from suppliers.
The implementation of the measures of this roadmap will need 392 billion rubles. until 2024.
Including the federal budget, as it is planned to allocate 57 billion rubles for the corresponding purposes,
extrabudgetary sources - 335 billion rubles.
Barriers to the development of artificial intelligence in Russia are a low level of AI use in companies;
low use of AI technologies in health care; low availability of medical data required for AI; low
availability of quality education; Poor quality and accessibility of public services for residents and
companies; Low intensity of AI research; Lack of modern AI training programs; insufficient
development of domestic high-speed energy-efficient microprocessors that are optimal for AI tasks;
insufficient provision of data centers for collective or individual use for the performance of AI tasks;
lack of regulatory conditions for access to data and lack of a full-fledged system of regulatory and
technical regulation in the field of AI. Because of the above, a gradual transition to new technology
platforms with traditional mechanisms for effective management of access control systems in
corporations becomes an urgent need.
3. Contactless Access Control Systems
There are now much different control and access control systems. A typical access control system
using a MIFARE card as an identification card is MFNet, which is designed to control and allow access
of persons or vehicles to the security control area. [4]. The authenticity of the content is verified based
on its unique identification information - a contactless Mifare smart card.
The MFCNet system consists of the following elements:
MIFARE identification letter issued to employees of the company;
Read the touch screen maps;
Fastening devices (doors with electrical or electrical locks, oscillations, obstacles);
Control devices for controlling devices connected to the information system;
ACS server with server software;
automated workstation with additional software modules (LAN staff, worktime module,
interactive application, etc.).
The MIFARE smart card is designed to define administrative tasks using large internal memory as
well as a hierarchical access key system for the information stored on the card and to provide security
against unauthorized access. The smart card can store information related to the access group, access
level, time, specific route or access point for a one-time and a temporary passage, validity period, and
user ID, etc. in the memory.
Sensor screen readers use information from MIFARE cards to read and are produced in various
implementations to ensure maximum ergonomics and reliability. The disconnector (ZU) is intended for
the immediate closure of the protective zone. ACS MFNet supports a wide variety of SPs
electromechanical and electrical locks, turnstiles, obstacles. The system can include a full-function FPR
controller 3.02 specialized version 3.02 C FPR controller with additional devices for handling with
sides and obstacles and a shorter ASCs 3.02JI image controller, where it is possible to work with only
one reader, which is structurally located directly on the administrator [5].
Server software is designed to install operating mode controllers, access methods used, authorized
lists and closed Go cards, as well as reports and other events. The additional modules enhance the
capabilities of the basic software, which is grey, and are designed to provide CPD operations, produce
specific reports or provide access to CPD data from different assignments. MFNet access control system
supports several basic access algorithms. Each access point is configured to use one or more (in any
combination) access algorithms that allow logic, i.e., if a card is allowed by at least one algorithm, the
controller decides to access.
219
� In addition to accessing any point algorithm, it is possible to include additional conditions that may
be related to logic, i.e., if the card does not meet at least one of the additional conditions, access will be
denied.
The MFNet CKD system can operate in two settings:
#Interactive (all chat controls are controlled by the system server);
#independently (manual mode).
The MIFARE contactless technology allows device administrators to operate in autonomous mode,
but in the same system. This simplifies the implementation of systems of access to business, payment,
and accounting in remote facilities and related items.
The MFNet access control system allows you to set different settings. Depending on the amount and
actions you need, you can analyze the following typical system settings:
• minimum - a system of one or more controllers operating independently or connected to an
unregistered server. Designed for small offices;
• standard is a system of multiple controllers connected to a network and a dedicated server
connected to a local network. The ACS MFNet server allows you to connect more workstations and
users to collect information simultaneously;
• corporate system - includes many tasks (60) of managing various protective devices (doors, gates,
barriers).
This system allows access to pass, entry, entry, and exit as a control location for the access control
system. System controllers connect to a server, each of which can have up to 64 controllers.
Depending on the reliability and performance requirements, MS SQL Server can be used instead of the
MS Access database for such a system. [6]. The MFNet system has all the features of classical access
systems, such as:
#Create and edit files in different formats in different regions;
#assign and modify individual and group access settings;
#Maintenance of registration and recording of the number of relationships offered by traffic,
violation of access mode.
In addition, the system uses a personnel search module that allows finding anyone employee of the
company instantly. MFNet access control system is characterized by the following factors: [7]:
multi-point access for use in a high capacity system;
The level of access inhibition refers to a system with a high level of stability.
Today, two card formats are as common as possible on the market: EM Microelectronic-Marin
EM4100 cards operating in the range of 125 kHZ, and cards manufactured by NXP Semiconductors
and HID operating in the range of 13.56 MHz.
EM-Marin cards are widespread on the Russian market - largely due to the affordable price. The use
of cards of this format has one drawback - such cards are easy to fake. Copying is done by writing a
known number to a new card with the option of overwriting the number (UID, Unique Identifier).
Currently, tools are available on the market to create any duplicate cards operating at 125 kHZ.
It was the fact of the insecurity of cards operating at this frequency that served as the main incentive
for the widespread distribution of Mifare cards - especially the Plus and DESFire families, which have
maximum protection against hacking.
The main difference in the Mifare card format is the presence of internal memory. Memory access
may be restricted by the key. For example, for Mifare DESFire cards, the key length is 32 characters.
For this type of card, the AES/3DES encryption algorithm is applied to the key, which eliminates any
possibility of accessing the application.
All Mifare cards have a built-in memory structure - EEPROM. In addition, each card has a Unique
Identifier (UID). The UID is not a protected area and can be read on any device. In some cases, UIDs
are mapped. Until recently, only Mifare UID cards were used for identification in MCDS. But today
this method does not provide full protection from hacking. You can purchase cards that allow you to
record a well-known UID on a new Mifare card and use it as a duplicate [8].
To do this, cards operating at a frequency of 13.56 MHz are used with the ability to overwrite UID
(for example, Mifare ZERO cards issued by companies in China). Therefore, access control systems
are increasingly using internal Mifare card memory or, in other words, EEPROM to identify users.
EEPROM (Electrically Erasable Programmable Read-Only Memory) is an electrically erasable
permanent memory (ROM). Typically, the EEPROM consists of 16 or 40 sectors, and it is in these
220
�sectors that the access identifier is written, which is then used for identification in the MCDS. EEPROM
sectors are protected by a key.
Maps in this family represent the initial level of protection. The most common area of application
is the use as tickets for public transport or mass events. Ultralight family cards differ in memory size
(Ultralight ® Nano: 40 bytes, Ultralight ® C: 144 bytes, Ultralight ® EV1: 384-1024 bytes) and have
the ability to prohibit overwriting.
These cards have expanded memory, increased data transfer speed, and the ability to crypto protect.
Main applications: access control, payment systems, cards for campuses/ID cards, loyalty program
cards. In 2007, staff at University College London, UK, and the University of Nijmegen, the
Netherlands, discovered a serious vulnerability of such maps. It is noteworthy that NXP tried in court
to stop the publication of articles on the hacking of the Mifare Classic.
For effective implementation of card copy protection measures, the readers of the access control
system must support the read mode of identifiers from the protected area. Standard versions of readers
do not have this ability [9].
The saved configuration is written to the master map for subsequent data transfer to the system
readers. The master card is recorded using the standard desktop reader of the system.
After data transfer, the master card contains the following information:
- Mifare Map Family View;
- the memory section of the card where the identifier for reading is stored;
- access key, which will be used by each reader of the system to access user cards during
identification.
The configuration is transferred to all system readers using a master card. The administrator presents
a master card to each reader of the system.
After the master card is submitted, readers are programmed to work only with a specific Mifare card
family, reading is carried out only from the memory section specified in the configuration, Mifare UID
does not read.
The memory section of the access card previously specified in the configuration is populated with
the ID number for the employee. Identifiers are written to cards using a check reader. The memory
section of the card for recording is automatically selected according to the configuration.
Thus, Mifare is a family of contactless smart cards from NXP Semiconductors.
There are some types of maps of this format, which differ in the degree of information protection
and the amount of data stored.
Cards of this format are widely used in transport and banking. In MCDS, their use is justified if it is
necessary to obtain the most protected system.
As a rule, the recording and storage of information on the card in MCDS are not used, but the ability
to read such cards allows you to use identifiers from other areas, such as social or bank cards.
The system of access control and control (MCDS) is designed for automatic and/or automated
restriction of access of persons to a certain territory.
Access is restricted based on unique personal characteristics. The most common way to identify a
person in MCDS is to read the codes of an electronic card (electronic key).
MCDS brand TSS1 allows you to identify people on almost any basis, which are provided by modern
hardware (smart card readers, biometric readers).
The system of access control and control (MCDS) is designed for automatic and/or automated
restriction of access of persons to a certain territory.
In addition to directly limiting access, MCDS solves the following tasks:
Record and modify data on the owners of electronic keys, including with automatic recognition of
identity documents.
Monitoring and visualization of the system operation (information about the system users' passes,
messages about unauthorized access, etc.) in real-time.
Storing system information in the database.
Generate reports (working hours, violations, alarm events, etc.).
Import and export data.
Organization of visitor access control.
Organization of subscription services.
Generate and print passes.
221
� Special modes (evacuation of staff, dining room, elevators, parking, control of key issuance, etc.).
MCDS in general is a software and hardware complex that includes electronic equipment and
software, and which operates using personal computer equipment, operating environments, local
networks. The basis of the complex is an intelligent control system, consisting of control electronic
units - MCDS controllers, and software that repeatedly expands the capabilities of the system [10].
Control controllers of the TSS brand are compatible with almost all types of readers of unique
identifiers (Emarin, HID, Mifare, biometric) and actuators (locks, turnstiles, barriers, gate drives, card
receivers).
All TCC brand controllers contain a key base (up to 65000), event memory (up to 150000), and in
the state of fully autonomous operation2 perform basic access restriction modes. Special settings allow
you to independently process some additional functions.
4. Conclusion
Thus, the company’s most popular automatic control system is the MFNet system, which allows the
addition of access controls to accounting functions as well as cash expenditures, Payment, and
accounting of goods and services during the operation of the system without the need to replace existing
maps and equipment.
The additional power of the MFNet system is created by the use of contactless Mifare Mifare smart
card technology, which allows working with non-independent applications, creating the potential for
functional expansion and modernization of the system even during operation.
Today, EM-Marin cards operating at 125 kHZ are most widely used in MCUD. Such identifiers do
not have copy protection, enough tools are available on the market to create any duplicates of this type
of card. Using Mifare cards in MCDS systems allows you to exclude the possibility of copying the card.
A prerequisite is the recording of identifiers in the crypto-algorithm-protected area of cards and the use
of readers (including control readers) that access the internal memory of Mifare cards using the
specified crypto-keys. Only then is it possible to initialize the user cards correctly and read the
identifiers further.
5. References
[1] A.A. Shelupanova, S.L. Gruzdeva, Y.S. Nahaeva, Theory and practice of access to information
resources. The hotline is Telecom, 2009. РР. 552.
[2] GOST R 51241-2008 «Control and access control tools and systems. Classification. General
technical requirements. Test methods»
[3] A.V. Badikov, P.V. Bondarev, Access Control and Control Systems. M.: MIFI, 2010. 128 р.
[4] A. M. Abramov, O. Y. Nikulin, A.I. Petrushin, Access control systems. M.: Obereg-RB, 1998. 170
р.
[5] A. K. Starch, Means and systems of control and control of access: A training manual. M.: NYC
"Protection" of the Department of Internal Affairs of the Russian Federation, 2003. 200 р.
[6] A. Gince, New technologies in SCUD. Safety systems. M., 2005. РР. 38-44.
[7] V.A. Crow, V.A. Tikhonov, Access Control and Control Systems: Training Manual. M.: Telecom
Hotline, 2010.
[8] N.V. Apatova, O.V.Boychenko, O.L. Korolyov, I.V. Gavrikov, T.K. Uzakov, Stability and
Sustainability of Crypto tokens in the Digital Economy. Communications in Computer and
Information Science this link is disabled, 2020, 1337, стр. 484–496.
[9] O.V. Boychenko, I.V. Gavrikov, Potential Applications of Smart Contract Technology in
Corporate Business Processes. Communications in Computer and Information Science this link is
disabled, 2019, 1141 CCIS, стр. 612-624.
[10] I. Pilkevych, O. Boychenko, N. Lobanchykova, T.Vakaliuk, S. Semerikov, Method of assessing
the influence of personnel competence on institutional information security. CEUR Workshop
Proceedingsthis link is disabled, 2021, 2853, стр. 266–275.
222
�