Card-Connected System - Architects and Engineers Specification
Note 1: This document provides example A&E specification material for CoreStreet-Enabled smart card based physical access control systems, organized according to the MASTERFORMAT 2004 EDITION NUMBERS & TITLES.
Insert the appropriate material from this document into the relevant sections of the security system specification under development. If you are developing a MasterFormat style specification, adjust the fourth part of the item number if needed (i.e. the “.01” of “01 86 33.01”) based on its position related to the other itemed numbers in your specification.
If you are not developing a MasterFormat style specification, you may ignore the numbering and use the titles and text as appropriate for your specification document. Where project- or system-specific data should be provided by you, a notation will be found in blue text, for example: (insert capacity here). In some places the item numbers sequence intentionally skips numbers in the Level four (4-part number) specification items to allow room for future expansion of the specification without changing the number assignments for existing specification items.
Note 2: The specification items in this document meet or exceed the relevant requirements of the Transportation Worker Identification Credential (TWIC) program of the Transportation Security Administration (TSA) when used with ISO 7816-compliant contact-type smart cards or ISO 14443-compliant proximity contactless smart cards. Full TWIC compliance also requires a TWIC-compliant fingerprint biometric system in addition to the CoreStreet-specific technology.
DIVISION 01 - GENERAL REQUIREMENTS
01 86 00 FACILITY SERVICES PERFORMANCE REQUIREMENTS
01 86 33 Electronic Safety and Security Performance Requirements
- 01 86 33.01 Acceptable Systems
This document describes the requirements specific to a smart card based access control system. Systems that do not provide all of the features described below shall be unacceptable. -
01 86 33.11 Central Management
The access control system shall be centrally managed, which means that regardless of the quantity or location of card readers, management of the entire card system can be performed from a central server and optionally from workstations networked to the central server.
-
01 86 33.12 Access Control Independence from Network Infrastructure
The access control system shall extend access control beyond wired or wireless network infrastructure by using a combination of networked and standalone smart card readers and/or intelligent locksets, under a distributed decision approach.
-
01 86 33.13 Distributed Access Control Decisions
The access control system shall utilize a distributed decision approach that allows card readers to perform access decisions without having to perform a database lookup. Reader access decisions shall be based upon comparing proof of cardholder access privileges stored on smart cards against access rules and invalid card lists stored in readers.
-
01 86 33.14 Card-Connected and Network-Connected Readers
The access control system shall provide “Card-Connected” capability for readers, whereby access cards carry system messages between network-connected readers and readers with no network connection. The network-connected readers shall write invalid card lists and proof of cardholder access privileges to cards, and retrieve messages (such as “access granted”) from cards for storage in the system historical database. The network-connected readers shall read messages from the Card-Connected readers including access history (granted, denied), low battery and door held open messages, and transmit these messages to the central server for processing and storage. The network-connected readers shall transmit their system messages to the central server in real time.
-
01 86 33.15 Panel-Connected Readers
Card readers shall be referred to as “Panel-Connected” when they are installed with a wired or wireless connection to an access control panel.
-
01 86 33.16 No Degraded Mode
Access control decisions made at network-connected readers shall be performed in the same way Card-Connected readers perform them, so that a temporarily loss of the network connection shall have no effect on access decision making and no degraded mode is required.
-
01 86 33.17 Card Data Expirations and Updates
The access control system shall provide a short user-definable time interval (such as 24 hours) after which data stored on smart cards expires, and must be updated by card presentation at a network-connected reader. The result of short expiration time intervals is that lost or stolen cards automatically become invalid for access quickly (within the short time interval), which keeps the invalid card list empty or very small. Expiration intervals as small as 1 hour shall be supported so as to severely limit the time period in which a lost or stolen card can remain valid, as an anti-theft/anti-forgery measure.
- 01 86 33.18 Invalid Card List Distribution
Whenever any card is cancelled or revoked, the access control system shall immediately transmit the current invalid card list to all network-connected readers, which in turn shall write the invalid card list to all cards presented, so that Card-Connected readers can read the current invalid card list from any card presented to them. -
01 86 33.21 Card Capacity
The access control system shall support up to (insert capacity here - determined by capacity of front-end system) number of card readers, with some, all or no readers having biometric function.
-
01 86 33.22 Card Reader Accuracy
The card reader shall be capable of 99.99% data read accuracy. The card reader must accurately interrogate the credential 99.99% of the time on the first attempt.
-
01 86 33.23 Fingerprint Reader Accuracy and Resolution
Biometric matching shall have a verification (1:1) accuracy of 99% or higher. The biometric Equal Error Rate (EER) shall not be more than 1% for verification. Fingerprint biometric technology shall be capable of template creation from a single image capture. Fingerprint reader image resolution shall be 500 dpi or higher. When a reference or operational biometric verification (1:1) is initiated, the correct result (accept or decline) shall be accomplished on the first attempt at least 90% of the time. Biometric devices shall offer liveness detection as a manufacturer’s option.
-
01 86 33.24 Card Reader Access Response Time
Regardless of how many cards are presented simultaneously at any number of system card readers, and regardless of the number of cardholders having access rights at any particular reader, the response time from card data interrogation to door unlock shall be less than 1.0 seconds for an electric strike and less than 2.0 seconds for an electro-mechanical lockset.
-
01 86 33.25 Card Reader/Keypad Access Granted Response Time
Regardless of how many cards and PINs are presented simultaneously at any number of system readers, and regardless of the number of cardholders having access rights at any particular reader, the response time from PIN entry to door unlock shall less than 1.0 seconds for an electric strike and less than 2.0 seconds for an electro-mechanical lockset.
-
01 86 33.26 Card Reader/Keypad/Biometric Access Granted Response Time
Regardless of how many cards and PINs are presented simultaneously at any number of system readers, and regardless of the number of cardholders having access rights at any particular reader, the response time from completion of biometric presentation to door unlock shall be less than 1.0 seconds for an electric strike and 2.0 seconds for an electro-mechanical lockset.
-
01 86 33.27 Single-Card Physical and Information Systems Access Control
To support single smart credential use for physical and information systems access control, the physical access control system shall support reading and writing CoreStreet-Enabled system data via compatible desktop, keyboard or other types of smart card readers used for information systems access control.
-
01 86 33.31 No Separate Public Key Infrastructure
The system’s use of digital certificates and secure information protocols shall not require a separate Public Key Infrastructure (PKI) solution.
-
01 86 33.33 Multiple Systems Sharing of Readers
The access control system shall support the management of access roles, rules and privileges for Card-Connected readers by cooperating independent multiple authorities who use separate access control systems. For example, access to common area readers such as restrooms, exercise rooms, utility rooms, cafeteria, etc. could be established by separate organizations, each with its own system, such as the Army and the Navy.
-
01 86 33.35 Standards Compliance
- 01 86 33.35-01 ISO 14443
The access control system shall comply with the ISO standard 14443 for Proximity Contactless Smart Cards. - 01 86 33.35-02 FIPS-201
The access control system shall comply with Federal Information Processing Standard 201 (FIPS-201) in support of Homeland Security Presidential Directive 12 (HSPD-12).
- 01 86 33.35-01 ISO 14443
DIVISION 08 - OPENINGS
08 40 00 ENTRANCES, STOREFRONTS, AND CURTAIN WALLS
08 42 00 Entrances
-
08 42 33 Revolving Door Entrances
-
08 42 33.13 Security Revolving Door Entrances
Security revolving doors shall incorporate Core-Street enabled card readers configured for card-only ingress to support high traffic levels during normal business hours, and card-plus-pin ingress for after-hours use. Egress door operation shall be activated by (insert type of request-to-exit device, such as PIR motion-detection).
-
08 42 33.13 Security Revolving Door Entrances
08 70 00 HARDWARE
08 74 00 Access Control Hardware
-
08 74 13 Card Key Access Control Hardware
- 08 74 13.03 Card Reader and Electronic Access Control Lockset Certifications
- 08 74 13.03-01 FCC Certification
The system card readers and electronic access control locksets shall be FCC certified. - 08 74 13.03-02 UL 294 Listing
The system card readers and electronic access control locksets shall be UL 294 listed as an access control system accessory. - 08 74 13.06 Warranty Requirements
Card readers shall include a factory warranty stating that the equipment is free from defects in design, material, manufacture and operation. The factory warranty period shall be for the lifetime of the product. The manufacturer shall not be responsible for installation, handling or use of product that does not comply with manufacturer’s published instructions. - 08 74 13.09 Acceptable Card Reader and Lockset Manufacturers
Acceptable card reader manufacturers are HID, Indala and SARGENT. - 08 74 13.13 Mortise Lockset with Integral Card Reader and Keypad
Access control mortise locksets shall be CoreStreet-Enabled and include an integral 12-digit Keypad. - 08 74 13.15 Mortise Lockset with Integral Card Reader, Keypad and Fingerprint Reader
Access control mortise locksets shall be CoreStreet-Enabled and include integral 12-digit Keypad and Fingerprint reader. - 08 74 13.17 Wall-mount Access Control Reader and Keypad
Wall-mount access control readers shall be CoreStreet-Enabled smart card readers which include an integral 12-digit Keypad. - 08 74 13.19 Wall-mount Access Control Reader, Keypad and Fingerprint Reader
Wall-mount access control readers shall be CoreStreet-Enabled smart card readers include integral 12-digit Keypad and Fingerprint reader. - 08 74 13.21 Mortise Lockset Low Battery Notification
CoreStreet-Enabled lockets shall generate a system alarm or supervisory message
-
08 74 16 Keypad Access Control Hardware
- 08 74 16.13 Access Control Keypad
A 12-digit Keypad (1 2 3, 4 5 6, 7 8 9, * 0 #) shall be integral to each Card Key access control reader.
- 08 74 16.13 Access Control Keypad
-
08 74 19 Biometric Identity Access Control Hardware
- 08 74 19.13 Access Control Fingerprint Reader
Fingerprint reader shall be integral to each access control reader.
- 08 74 19.13 Access Control Fingerprint Reader
11 12 00 PARKING CONTROL EQUIPMENT
11 12 13 Parking Key and Card Control Units
-
11 12 16 Parking Structure Access Control System
- 11 14 16.03 Gate Arms
Access control for exterior or entry/exit gate arms shall be implemented utilizing an outdoor rated CoreStreet-Enabled reader configured for card-only access. - 11 14 16.03 Roll-Up Gates
Access control for roll-up gates shall be implemented utilizing an outdoor rated CoreStreet-Enabled reader configured for card-only access.
- 11 14 16.03 Gate Arms
11 14 00 PEDESTRIAN CONTROL EQUIPMENT
11 14 13 Pedestrian Gates
- 11 14 13.16 Rotary Gates
Access control for exterior or entry/exit rotary gates shall be implemented utilizing an outdoor rated CoreStreet-Enabled reader configured for card-only access. - 11 14 13.19 Turnstiles
Access control for interior turnstiles shall be implemented utilizing a CoreStreet-Enabled reader configured for card-only ingress to support high traffic levels during normal business hours, and card-plus-pin ingress for after-hours use. Turnstile egress operation shall be configured for activated by (delete method not to be used) (insert type of request-to-exit device, such as PIR motion-detection) -or- card-only operation.
11 15 00 SECURITY, DETENTION AND BANKING EQUIPMENT
11 18 00 Security Equipment
-
11 18 13 Deal Drawers
- 11 18 13.03 Deal Door Access Control Access control for deal drawers shall be implemented utilizing a CoreStreet-Enabled reader configured for card plus PIN and biometric access.
-
11 18 23 Valuable Material Storage
- 11 18 23.03 Controlled Material Access
Controlled materials shall be stored in storage closets, enclosed cabinets and storage containers secured via access-controlled electro-mechanical locks. Access control for controlled materials shall be implemented utilizing a CoreStreet-Enabled reader configured for card plus PIN and biometric access.
- 11 18 23.03 Controlled Material Access
11 19 00 Detention Equipment
-
11 19 16 Detention Gun Lockers
- 11 19 16.03 Gun Locker Access Control Gun lockers shall be secured via access-controlled electro-mechanical locks. Access control for gun lockers shall be implemented utilizing a CoreStreet-Enabled reader configured for card plus PIN and biometric access.
DIVISION 12 - FURNISHINGS
12 00 00 FURNISHINGS
12 50 00 FURNITURE
12 51 16 Case Goods
- 12 51 16.19 Case Goods Access Control
Card-Connected CoreStreet-Enabled readers shall be utilized to provide centrally managed access control for case goods designated to be secured by access control.
12 51 19 Filing Cabinets
- 12 51 19.19 Filing Cabinet Access Control
Card-Connected CoreStreet-Enabled readers shall be utilized to provide centrally managed access control for filing cabinets designated to be secured by access control.
DIVISION 13 - SPECIAL CONSTRUCTION
13 00 00 SPECIAL CONSTRUCTION
13 20 00 SPECIAL PURPOSE ROOMS
13 27 00 Vaults
-
13 27 53 Security Vaults
- 13 27 53.03 Security Vault Room Access
Access to security vault rooms shall be controlled by an access-controlled security gate or door. Access control for security vault rooms shall be implemented utilizing a CoreStreet-Enabled reader configured for card plus PIN and biometric access.
- 13 27 53.03 Security Vault Room Access
DIVISION 14 - CONVEYING EQUIPMENT
14 00 00 CONVEYING EQUIPMENT
14 10 00 Access Control for Conveying Equipment
-
14 10 03 Elevator Access Control
- 14 10 03.03 All-or-None Elevator Access Control
Card-Connected CoreStreet-Enabled card readers shall be installed in each elevator car and interfaced with the elevator control system to provide activation of elevator operation on a scheduled or 24-hour basis. - 14 10 03.03 Floor-by-Floor Elevator Access Control
Panel-connected CoreStreet-Enabled card readers shall be installed in each elevator car and interfaced with the elevator control system to provide access to specific floors (landings) according to the cardholder’s assigned access privileges.
- 14 10 03.03 All-or-None Elevator Access Control
DIVISION 28 - ELECTRONIC SAFETY AND SECURITY
28 00 00 ELECTRONIC SAFETY AND SECURITY
28 10 00 Electronic Access Control And Intrusion Detection
28 13 00 Access Control
-
28 13 09 Access Control Cards
- 28 13 09.03 Smart Cards
The system shall utilize contactless proximity cards conforming to the ISO 14443 standard, operating at 13.56 MHz in up to 5 inches distance, such as MIFARE® and MIFARE® DESFire smart cards and readers. - 28 13 09.06 Smart Card Memory Capacity
The system shall require smart cards with a minimum memory capacity of 64K. If the cards will be used for multiple applications, the total card memory capacity for all applications should be calculated using 64K as the minimum amount of memory that shall be allocated for physical access control technology. - 28 13 09.09 Acceptable Card Manufacturers
Acceptable card manufacturers are ActivIdentity, Gemplus, and Schlumberger.
- 28 13 09.03 Smart Cards
-
28 13 19 Access Control Systems Infrastructure
- 28 13 19.03 Card-Connected and Network-Connected Readers
Card-Connected and network-connected CoreStreet-Enabled card readers shall be located as designated in the access control system installation drawings.
- 28 13 19.03 Card-Connected and Network-Connected Readers
-
28 13 33 Access Control Interfaces
- 28 13 33.16 Access Control Interfaces to Access Control Hardware
(Insert the specific model card reader’s interface/connection capabilities that will be utilized for this system) - 28 13 33.26 Access Control Interfaces to Intrusion Detection
(Insert any specific requirements for access control interface to an intrusion detection system, such as when access controlled gate operation would otherwise trigger fence perimeter intrusion detection system activation.) - 28 13 33.33 Access Control Interfaces to Video Surveillance
(Insert the method of interface to Video Surveillance for card use activation of camera recording.) - 28 13 33.36 Access Control Interfaces to Fire Alarm
(Insert the method of interface to a fire alarm system, for example, for identification of occupied building zones.) - 28 13 33.36 Access Control Interfaces to Building Automation System
(Insert the method of interface to a building automation system, for example, for occupancy based activation of lighting and or HVAC after scheduled hours of operation.)
- 28 13 33.16 Access Control Interfaces to Access Control Hardware
-
28 13 43 Access Control System Security
- 28 13 43.03 Digital Certificates
(Insert the specific model card reader’s interface/connection capabilities that will be utilized for this system) - 28 13 43.03 Digital Signature Algorithm
(Insert the specific model card reader‚s interface/connection capabilities that will be utilized for this system)
- 28 13 43.03 Digital Certificates
28 23 00 Video Surveillance
-
28 23 16 Video Surveillance Monitoring and Supervisory Interfaces
- 28 23 16.03 Card Reader Activation of Video Recording
An interface from the card reader to the video monitoring system shall be provided for all doors subject to video surveillance so that presentation of an access card to the reader will initiate video recording. For Pan, Tilt and Zoom cameras, the presentation of an access card shall trigger camera control presets to orient and focus the camera on the door.
- 28 23 16.03 Card Reader Activation of Video Recording
28 26 00 Electronic Personal Protection Systems
-
28 26 13 Electronic Personal Safety Detection Systems
- 28 26 13.03 Duress PIN
The duress PIN shall be a variation of the valid PIN that will still allow access but that will also signal an alarm. The duress PIN functionality shall be available at any card reader configured for card plus PIN or card plus PIN and fingerprint operation.
- 28 26 13.03 Duress PIN