Programmable logic controllers (PLCs) have become the backbone of modern automated ticketing and access control systems. Their reliability, real-time processing, and ability to operate in harsh environments make them ideal for managing turnstiles, gates, fare-collection machines, and credential verification. Ladder logic, the most widely used PLC programming language, offers an intuitive graphical approach that mirrors traditional relay circuits, enabling engineers to design robust control sequences. This article provides a comprehensive guide to designing ladder logic for automated ticketing and access control, covering system architecture, input/output mapping, validation logic, security measures, and integration with external systems.

Understanding Ladder Logic in the Context of Access Control

Ladder logic gets its name from its visual resemblance to electrical ladder diagrams. Each rung represents a logical condition: inputs (switches, sensors, reader signals) on the left side and outputs (gate motors, alarms, indicator lights) on the right. The logic flows from left to right, and a rung is considered “true” when continuity exists from the left power rail to the right output. This simplicity makes ladder logic easy to troubleshoot and modify, which is critical for mission-critical systems like transit fare gates or secured building entrances.

In ticketing and access control, ladder logic handles tasks such as validating credentials, timing gate open/close cycles, counting passengers, and controlling emergency egress. Unlike higher-level languages, ladder logic executes cyclically, typically in milliseconds, ensuring deterministic responses to events like card taps or biometric scans.

System Architecture for Ticketing and Access Control PLCs

A typical automated access control system comprises several hardware layers:

  • Input Devices: RFID readers, barcode scanners, biometric sensors, push-to-exit buttons, inductive loop detectors, and tamper switches.
  • Output Devices: Gate opening actuators, locking solenoids, audible buzzers, visual indicators (red/green LEDs), and alarm relays.
  • PLC Hardware: CPU, memory, and I/O modules rated for industrial temperature and voltage ranges. Many PLCs now include Ethernet/IP or Modbus TCP ports for integration.
  • Host Computer or Server: Manages the credential database, transaction logs, and remote configuration. The PLC communicates via serial or Ethernet protocols.

When designing the ladder logic, the programmer must map every physical input and output to a specific address in the PLC’s memory. This mapping is documented in an I/O assignment table and forms the foundation of the entire control program.

Mapping Inputs and Outputs to Ladder Elements

Every ladder logic rung references input and output addresses. For example, a card reader’s “valid read” signal might be wired to digital input %I0.0, and the gate open coil to digital output %Q0.0. The programmer uses normally open (NO) and normally closed (NC) contacts to represent conditions.

Consider a simple ticket validation rung:

  • Contact %I0.0 (Valid Ticket Signal) – NO contact closes when a valid credential is read.
  • Contact %I0.1 (Gate Closed Limit Switch) – NO contact confirms the gate is fully closed.
  • Output %Q0.0 (Gate Open Coil) – energized when both contacts are true.

Once the gate opens, a timer rung delays the gate close to allow passage. Additional interlocks prevent the gate from reopening while it is already opening or closing.

Designing Ticket Validation Logic with Ladder Diagrams

Basic Validation Sequence

The core of any automated ticketing system is the credential validation process. The ladder logic must:

  1. Detect a signal from the credential reader (e.g., a momentary pulse from an RFID reader after a successful read).
  2. Verify the credential’s validity – typically this is a binary signal from the reader itself (if it does on-board validation) or a confirmation from a central server via a communication module.
  3. Energize the gate open output for a preset duration.
  4. Monitor the gate position sensors to prevent opening if an obstruction is detected.
  5. Reset after the gate closes to await the next credential.

A sample ladder rung might look like:

Rung 1: Gate Open Command
---| |---| |---( )---
   Valid   Gate   Gate
   Ticket  Closed Open
   (%I0.0) Limit  (%Q0.0)
           (%I0.1)

This simple rung shows that the gate will open only when a valid ticket is present and the gate is fully closed. Without the gate closed limit, the gate could attempt to open while already open, causing mechanical strain or safety hazards.

Handling Multiple Credential Types

Modern access control systems often support several credential types: magnetic stripe cards, contactless smart cards, mobile device NFC, QR codes, and biometric fingerprints. Each reader type outputs a different signal format. The ladder logic can use selector switches or configuration bits to enable or disable certain reader inputs. For example:

  • %I0.2 – Card Reader 1 Valid
  • %I0.3 – Biometric Scan Valid
  • %I0.4 – QR Code Valid

These inputs can be OR-ed together so that any valid credential opens the gate:

Rung 2: OR of Credential Signals
---| |---|  |---( )
   Card   Biometric  Valid
   Valid  Valid      Cred
   %I0.2  %I0.3     %B0.0
   |
   |---| |---
        QR Valid
        %I0.4

Then Rung 1 uses the internal bit %B0.0 (Valid Cred) instead of the raw %I0.0. This modular approach simplifies maintenance and allows disabling individual reader types without rewiring.

Implementing Security Measures in Ladder Logic

Security features are essential to prevent tailgating, credential cloning, and unauthorized entry. Ladder logic can enforce multiple security layers directly in the control program.

Multi-Factor Authentication

A high-security zone might require both a card and a PIN. The PLC can monitor a separate input for a keypad or biometric verification. The ladder logic uses a two-step sequence:

  1. First factor valid (card read) – start a 10-second timer for second factor entry.
  2. Second factor valid within the timer window – enable gate open.

If the timer expires without the second factor, the system logs an attempted breach and triggers a buzzer.

Anti-Passback Logic

Anti-passback prevents a single credential from being used to grant entry multiple times without an exit event. The PLC maintains a memory bit for each credential (or a counter) that is set upon entry and cleared upon exit. Ladder logic checks this bit before opening the gate: if the bit is already set and an entry is attempted, the system denies access and sounds an alarm.

Lockout After Repeated Failures

To deter brute-force attacks, ladder logic can count consecutive failed attempts (invalid cards, wrong PINs) within a sliding time window. When the count exceeds a threshold (e.g., 5 attempts in 5 minutes), the PLC disables the reader input for a lockout period. This is implemented with counters and timers:

  • Counter C5:0 counts each invalid attempt.
  • Timer T4:0 resets the counter if no further attempts occur within 5 minutes.
  • When C5:0 equals 5, a latch bit locks out the reader for 15 minutes.

During lockout, any credential read is ignored, and a “system locked” output illuminates.

Tamper Detection and Alarm Activation

Physical tampering (e.g., gate forced open, reader casing removed) is sensed by limit switches or magnetic contacts. Ladder logic uses these inputs to trigger a hard alarm output (siren or strobe) and to set a maintenance-request flag. The alarm can be configured as latching, requiring a supervisor key-switch reset.

Error Handling and Diagnostic Ladder Routines

Robust ticketing systems must handle faults gracefully. Ladder logic can include diagnostic routines that monitor:

  • Gate motor overload (current sensor input) – if current exceeds a threshold, the motor is de-energized and a fault light turns on.
  • Credential reader communication loss – if the PLC does not receive a heartbeat signal from the reader within a set time, an alarm is raised.
  • Emergency stop or fire alarm inputs – these override all other logic and force all gates to open (fail-safe) for egress.

All fault conditions should be latched and reported to the central system via a dedicated output or communications block. Many PLCs support bit-logged diagnostic values that can be sent over Modbus TCP to a supervisory control and data acquisition (SCADA) system.

Communication with Central Servers

While ladder logic handles real-time control, the PLC must also communicate with a host system for transaction logging, credential updates, and remote monitoring. Common protocols include Modbus RTU, Modbus TCP, EtherNet/IP, and PROFINET. The PLC’s communication module reads/writes data to a series of registers:

  • Read only: Valid credential database (array of IDs or hash values).
  • Write only: Transaction records (timestamp, credential ID, entry/exit, result).
  • Read/Write: Configuration parameters (alarm thresholds, lockout times, time zones).

Ladder logic can use block-transfer instructions to move large blocks of data between the I/O memory and the communication buffer. For high-speed systems (like subway gates processing dozens of passengers per minute), the PLC must buffer transactions and use handshaking to ensure no data loss.

Testing and Commissioning Ladder Logic

Before deploying a ticketing and access control system, engineers must thoroughly test the ladder logic program. Best practices include:

  • Simulating inputs using the PLC’s built-in forced I/O function while verifying output response.
  • Using a PLC simulator software to run the program offline with virtual inputs.
  • Creating a test matrix that covers every combination of valid/invalid credentials, tamper signals, and emergency inputs.
  • Performing cycle-time measurements to ensure the scan rate is fast enough (typically under 50 ms for gate control).
  • Incremental on-site testing: first test gate open/close without readers, then add readers, then integrate the host system.

Documentation is critical: each rung should have a comment explaining its purpose. Commonly used PLC brands like Allen-Bradley, Siemens, and Schneider Electric support exporting the program with annotations for review.

Maintenance Considerations

Once deployed, the ladder logic program should be maintained with version control. Any changes to the timing or logic – for example, adjusting the gate open duration to accommodate larger crowds – must be tested and documented. Regular backups of the PLC program and the I/O configuration should be stored in a secure repository.

Additionally, the ladder logic can include a “maintenance mode” that allows technicians to manually operate the gate and bypass credential checks. This mode is activated by a key switch or a software command and is logged to prevent misuse.

While ladder logic remains the standard for real-time control, modern systems increasingly integrate with cloud services and Internet of Things (IoT) platforms. Some PLCs now support RESTful API calls over Ethernet, allowing ladder logic to trigger HTTPS posts to cloud databases. This enables remote access management, real-time occupancy tracking, and predictive maintenance based on gate cycle counts.

For instance, a ladder routine can increment a cycle counter each time the gate opens. When the count reaches a service threshold (e.g., 100,000 cycles), the PLC sets a “maintenance needed” bit that triggers an email alert via an IoT gateway. While the core control remains in ladder logic, the higher-level analytics are handled by software outside the PLC.

Conclusion

Designing ladder logic for automated ticketing and access control systems requires a deep understanding of both PLC programming and security principles. By mapping inputs and outputs correctly, implementing validation sequences with interlocks, and adding layers of security through counters, timers, and latches, engineers can create reliable, safe, and efficient systems. The deterministic nature of ladder logic ensures that a turnstile will open exactly when needed – and stay locked when it should. As physical security becomes increasingly digital, the role of ladder logic in integrating with cloud services and IoT will grow, but the fundamentals of relay-style programming will remain the bedrock of control.

For further reading, see PLC Programming Fundamentals and Access Control System Standards.