Access control systems are broadly classified into three types. There are physical access control system, soft access control systems and hybrid systems. The primary objectives of an access control system are identification, authentication, authorization, and integrity.
Let us look at these objectives in detail.
Identification
One of the main objectives of access control
systems is the identification and management of individuals granted access with
credentials.
The credential may be a smart card, a magnetic
card, radio-frequency identification badge or biometrics. Some systems also
allow for password-only authentication.
Where access to a particular resource is
determined based on time, it is called time-based access control (TBAC).
Given that access control credentials are
often abused by imposters to gain entry to restricted areas, identification
helps to prevent any unwelcome guests from entering prohibited areas.
Authentication
Authentication is the process used to verify
that someone who is claiming to have a certain position, identity, or right is
the one claiming it.
One of the most important aspects of an access
control system is its authentication features. Authentication is the process of
identifying an individual or object based on their unique set of
characteristics, which is referred to as their ‘identity.
Access control systems use a variety of
methods to ensure credentials are not stolen or used to gain entry.
A credential may be as basic as a username and
password to a smartcard, fob or biometric identification. But as with any new
technology, it is important to check into reliability and quality of service.
Access Control Systems are often controlled by
computers running custom software that can track the activity of each
credential and allow access at peak times using time-of-day based security
controls.
A good example of authentication in practice
would be Two-factor authentication (also known as 2FA).
It is a combination of two different
components, such as a password, token, etc., and something only the user
possesses, like a USB Security Key, his/her fingerprint or an authenticator
application.
The advantage of using two-factor
authentication is that it is extremely difficult for criminals to hack into
accounts.
Authorization
Access control systems are used to control and
monitor access to physical areas. Access is controlled by issuing authorized
identification cards or keys. The process of issuing identification cards and
granting access is called authorization.
Access control can be achieved by physical
barriers, such as locked doors or gates or by software-based security systems
that control the flow of traffic. All of this is done through computer-based
rules, badges, or cards and by people who make decisions about whether someone
should gain access to a particular area or not.
Integrity
One of the objectives of access control
systems includes ensuring integrity and accountability in the physical
environment. It is best achieved through a combination of physical, logical and
procedural controls, for example, user identification and proper maintenance.
Integrity is about making sure that every
transaction is authorized. Accountability means ensuring that the person who
carried out the transaction can be identified and be held liable for any
consequences.
Bottom Line
Access control systems work by identifying a
person attempting to enter and making a decision whether to let that person in
or not. The next phase is to let the personnel know in case someone has
breached the security boundary.
Once you know these objectives, you can better
understand what access control systems can do and can figure out how to use
them at your business premises.