A big deal in Brazil
Jan 1, 2000 12:00 PM
ACCESS CONTROL & SECURITY SYSTEMS INTEGRATION STAFF
Most access control applications have obstacles to overcome. Obstacles are often magnified for larger projects such as the Companhia Siderurgica Nacional (CSN) steelworks, which is the largest steel concern in Brazil. Implementation of an access control system at its President Vargas steel mill, in Volta Redonda, 90 miles north of Rio de Janeiro, was a security application that presented more than its share of logistical problems. The giant plant produces more than 5 million tons of steel annually. Within its 10-mile perimeter, the plant employs 10,000 people and outsources 15,000 jobs. Further complicating the immense project was the atmosphere of the plant where molten metal, iron ore dust particles, high temperatures and magnetic fields are common. CSN needed a comprehensive access control system that could both withstand the elements and span the vast distances of the plant. The solution involved contactless smart cards.
In November, 1999, a consortium led by SBS-Siemens began the roll-out phase for the access control project at the CSN plant in Volta Redonda. Companhia Siderurgica Nacional accounts for 18 percent of Brazil's production of crude steel each year. The company was privatized in April 1993 and exports its steel products to 66 countries. The project had taken more than a year to complete.
According to Jairo Martins, general director of SBS, one challenge was the logistics of dealing with the high number of companies involved in the project. The execution of the project involved more than 250 operations distributed among eight different companies, including suppliers and service providers. The responsibility for the scheduling and managing of all jobs and the financial transactions of the project was assigned to a SBS internal working team. After 10 months of negotiations and discussions, three major objectives for the project were determined:
* personalize more than 25,000 cards (10,000 for employees and 15,000 for contract personnel from outside companies) including capturing digital photographs of each worker;
* extend the corporate communications network in order to reach all the physical access points involved in the project; and
* adapt the existing access control devices such as turnstiles and gates to the new technology.
CSN had other concerns as well. Prior to the contract with SBS-Siemens in December 1998, CSN was looking for a card technology that would fulfill the requirements for the new physical access control-and-time attendance project. Card technologies such as bar codes, magnetic stripes and punch cards were rejected because they could not cope with the production environment of the Presidente Vargas plant where steel particles in suspension, remnants of lubricants and high magnetic fields are constants. The extreme environment of this locale and the necessity of durability ruled out some of the more economical card technologies.
The access control system also needed to ensure high reliability in controlling all entrances to the factories and offices. In addition, it needed to restrict access to blocked cards 24 hours a day, seven days a week even in the event of a power failure or communication breakdown.
These features are found in contactless smart card technology, which produces cards that are immune to magnetic fields and metallic dust and can be hermetically sealed. It is also possible to mirror database information in the cards, so any access control transaction can be performed locally and therefore the system can continue to work when communication is lost between the reader devices and the main database.
"This is possibly the biggest access control system in the world based on Mifare technology," says Jan Lerke, director of Novacard do Brazil. The cards are manufactured by Novacard, based in Germany, and distributed by Novacard do Brazil.
The physical distances between the main technical services provider and the steelworks location required a strategic and organized communications system during the system installation. The companies adopted a technique based on the virtual enterprise concept. Communication channels were formally established among the companies involved in the project using EDI (electronic data interface) tools. Conference calls, teleconference, follow-up meetings and software tools for task managing, scheduling and distribution were used extensively for the duration of the project. Internet tools were also used for data exchange such as the database, lay-outs and remote software updating. This approach resulted in agility and a considerable operational cost reduction in the execution of tasks.
System Overview The physical access control system, developed by S&V Consultoria e Tecnologia, is based around distributed computing technology and contactless smart cards. The system is known as SVSS-High and is composed of a set of hardware and software modules that were developed specifically for smart card technology. Combined with the state-of-the-art technology in distributed computing, the product is efficient and easy-to-use. The system uses contactless smart cards (Mifare standard) which provide high data security, reliability and flexibility to the system.
The smart cards have a memory of 1K and can be used for 16 different applications. This application uses two out of the 16 fields available in the card, leaving another 14 fields available for future applications such as health care, public transportation, loyalty programs and other employees benefits. One field is now used for access control and time/attendance applications and the other for system management.
The system is controlled by software developed by S&V Consultoria. It is a Windows-based software running in Windows NT. The stand-alone readers do not have an operating system. They are connected to the Windows NT system via serial communications (RS485 standard). S&V Consultoria developed the software using Delphi, a software developing tool. Using information from the old database, they created a new database using Oracle software and running in UNIX.
The system is responsible for the access control of workers and vehicles in the plants, the monitoring of employee attendance and the management of the meals served at the 10 cafeterias on the premises. It acts not only as a security system but also as a powerful human resources tool to improve management of workers.
Coping with the harsh environment of the steelworks Confronting the difficulties presented by the steelworks' corrosive environment was a fundamental concern, requiring certain systems. The communication network infrastructure necessitated the use of fiber optics in most of its branches to avoid hazards such as magnetic-inducted noise and ground loopback electric surges. A grounding scheme was adopted to guarantee electrical noise isolation in all of the equipment. Special metal shielding was developed for the smart card readers to protect against spurious electric and magnetic fields. Because contactless smart cards communicate with the readers via radio frequency it was necessary to leave a window in the polycarbonate over the reader antenna to allow the waves to pass through. To protect against water splash, dust and dirt, metal boxes containing the readers were hermetically sealed.
The environmental solution also extended to access points in the form of turnstiles, gates and employee time clocks - a total of 140 transaction points - integrated with smart card readers. The card readers have an 8-bit built-in microprocessor, with 64K of memory and I/O ports. The system is based on a distributed architecture providing high availability and features such as remote card updating. It is possible to block, unblock or even change permission of a given card in the field. The system is fail-safe even in the event of a power failure, wiring problem or machine shutdowns. The system also manages more than 45 different working shifts. The steel mill operates 24 hours a day, seven days a week.
The whole installation is divided into zones configured according to the security needs of the company. Three main security areas need to be protected: the 15 story-building where all the administrative offices are located, the steel mill itself and the perimeter, where there are eight access points.
Cards The contactless smart cards are used as electronic keys for turnstiles and gates, and for system operation. The layout of the cards was created by S&V Consultoria, which took the photos and enhanced them. The cards were printed on DataCard and Eltron card printers.
The company used a digital Olympus 220L camera for the personnel photos. Two pieces of software were created: one to capture the image and place it in the client's database (SV Capture), and second for printing and quality control purposes (SV Personalized). The result was a rejection rate lower than 2 percent. S&V Consultoria trained personnel from the steelworks plant to issue cards.
Some functions of the system, especially those related to security and system administration, can only be accessed when the user has the proper credentials. This information is encoded into the card. Each card has a unique manufacturer number which links a physical card to a user in the system. The cards - primarily used as ID badges - are graphically and electronically personalized. The first consists of the thermal printing process of user personal data in the card including his/her digital photograph and registration number. The second is the process of formatting the Mifare chip with proper data structures and parameters for the system including the cryptography keys generated for the installation. The card is then issued to the user.
Users are divided in categories such as employees, visitors and outsourcers. Users can be further divided into groups of users based on common properties such as the set of permissions. For example, a group could be formed from employees and outsourcers who have the same working shifts and the same access privileges for the administration building of the steelworks company.
The practice of identifying users and cards as different entities in the system guarantees that a particular user has only one active card at a time. Whenever a provisory or new card is issued to a user, any other card(s) previously issued to the same user are automatically blocked temporarily or permanently. If for any reason there is a need to change the status of a specific user/card in the field (e.g., to block), a system operator can do it via the SSOperate system user interface. Once the desired status (block/unblock, for example) has been selected from a menu of options, the operation is automatically scheduled. The next time the selected card is presented to any point of access in the system, this new status will be reflected.
The access points have a buzzer that creates an alarm when somebody tries to use a card that has been cancelled. The feature allows security guards to be aware of any person trying to enter the facility without permission. The system also records such transactions and can provide a report of denied-entry attempts. The smart card will be used by all employees, outsourcers and visitors of the Presidente Vargas plant.
The system will expand to six other locations in three other states, but it will be monitored and managed from the main site, possible because of the distributed nature of the solution.
"The Steelworks in Volta Redonda is an example of how the automation of the physical access control based on smart cards makes the difference in the security and employee management processes in the working environment. Before the company was privatized, the only way to identify individuals was by the use of traditional badges, which could not restrict the access to dangerous areas such as the furnaces. The theft of equipment was common before the implementation of the new system. Things were completely out of control," says Newton Handa, the steelworks coordinator of the smart card access control project.