Title: Applications of Access Control System Essay Example

  • Category:
  • Document type:
  • Level:
  • Page:
  • Words:

Title: Applications of Access Control System

1.0. Introduction

Access control means the authority to allow, deny or restrict entrance or exit of individuals and or vehicles into a particular area (Tsacoumis, 2010). Accesses control is used to protect assets such as information, cash, equipment and inventory, property and employees. Although access control can use methods such as security guards, lock and keys. However, recent innovations in accesses control such as biometrics, cards and other tokens, controllers and computers are high-tech and more efficient and effective way of protection. Access control system is a system that is installed in high level security areas such as military, government institutes, data centres, and large business organizations.

Access control systems technologies prevents of illegal or unwanted entry into property, enhance personal safety, reduces frequency of security maintenance costs and facilitates easy management of information, property and assets. There are two types of access control security system that is electronic and non-electronic access control systems. Physical Security Control Systems are also known as non-electronic access control security system. According to ICT-EURASIA Conference (2013), non-electronic access control systems provide physical security access control.

Physical security access control is provided by security containers, structural barriers, vaults, locks, and human guards. Human guards are used to perform certain tasks such as searches, inspection and patrolling arrears that have not been covered by electronic security systems. Security management requires alertness and sharpness in detecting intrusions or tragedies such as fire. Therefore, job allocation nowadays in security management prefers the allocation of high tasking activities such as patrols to humans while allocating low level activities such as surveillance to automated electronic machines (International Foundation for Protection Officers, 2009).

Electronic access control systems are control systems that integrate a range of electronic devices and locks that control access to a particular area. Electronic access control enables security to know what time a person entered and left a premise, the duration that that person stayed in that premises and all the activities person did in that premise. Electronic access controls are inexpensive to manage, difficult to duplicate, invalidate and validate a user in a short period of time, easy to conduct an audit trail, easy to adapt to changes in security needs, and can be used easily by temporary users (International Foundation for Protection Officers, 2010).

2.0. Components of an Electronic Access Control System

The Access control system helps in management, monitoring and controlling human access to a protected facility or equipment. Most Access control systems usually operate by taking an individual’s credential as the input, analysing or verifying the credential, and then granting and denying the individual access based on verification of the credentials. The access control system is able to verify access through various components liked together to form an electronic access control system.

The first component of access control system is credentials (Jackson & National Institute of Justice (U.S.), 2015). A credential is a tangible or physical object that enables an individual to gain access in a restricted or controlled area. Credentials include things that an individual knows such as numbers or personal Identification Number (PIN), things that an individual has such as access tokens, things that an individual has such as biometric features (ICT-EURASIA Conference, 2013). The main applications in a credential include codes and tokens.

Codes are things that an individual knows. Codes are either common or personal. Codes can be known to a common group or common to an organization. Personal Identification Numbers are normally personal and highly confidential. Codes are usually numerical and 4 to 5 characters long. When using codes caution must be taken to avoid duplication of codes. Codes provide high tech security solution when used to verify persons when used with other credentials.

A Token or a card is something that an individual has. A token is a credential that contains a unique readable identifier such as tags, keys, and cards. Tokens are readable either by contact where the token must touch the reader or by distance or proximity, where the token does not touch the reader. Tokens are large in number and vary with price and characteristics. A token is also known as a card. According to ICT-EURASIA Conference (2013) there are five types of tokens or cards.

The first token is radio frequency identification token. This is a smart card that is issued to an individual. It is a contactless card. Radio frequency identification act as both a passive tag and a proximity card. The second type of a token is active proximity token. These are cards that give a longer range .Active proximity cards use batteries. The reading range for active proximity cards is from 1 metre to 10 metres.

The third type of token is a passive proximity token. Passive proximity cards are characterized small chips placed inside the cards. Passive proximity cards have a shorter range than active proximity cards. The chips can only transmit for short distance of less than 15 centimetres. The fourth type of a token is a Contact token. Contact cards or tags have contacts on the surface. They are hard to copy but wear off over a short period of time. Contact cards or tags include PIN and chip bank cards. The fifth type of a token is a Swipe token. These are cards that use magnetic strips to store data used to identify an individual. The information stored in the card is read by inserting or swiping the card over a reader. Swipe cards are cheap and deteriorate quickly over time. Swipe cards can be duplicated easy and therefore, they need replacement from time to time.

The second component in an electronic access control system is Biometrics. Biometric data include any unique physiological characteristic or any personal trait that an individual has. Individual biometric credentials include keyboarding dynamics, signature, voice, face, eye, hand and face geometry and fingerprints characteristics. Biometric data identifies something that an individual has. Biometric data requires verification in order to determine which unique data can be used to identify an individual (Zhang, 2010).

Biometric verification is a processes used to identify an individual’s information stored in a biometric system. When an individual swipes a card, the biometric data of the same individual is scanned and the system matches information in the database against the individual using the card. Biometric identification is the process where recorded biometric features of an individual are compared to all biometric information stored in an information database system. When a match is found access is successful.

Biometric identification is much slower than biometric verification. Caution must be taken for high security standards when using biometric readers. There must be low false acceptance rate (FAR) for biometric identification and low match rate (LMR) for biometric verification (World Congress on Medical Physics and Biomedical Engineering & Long, 2013).

Table 1.0 below shows comparison between biometric technologies (Source: Ferrari, 2010).

Biometric Traits

User Acceptability


Hand Geometry

Facial Recognition


Medium to low

The third component in electronic access control system is Human Verification. Human verification is the process where an individual’s credentials are read by a reader and a security personnel operator is informed instead of an access point being opened. The security personnel then matches the live image of the individual with the image stored in the access control database. The security personnel then deny or allow access remotely or physically by opening the door.

Human verification needs to be used with other security measures in order to be considered as access control system. However, even when used with other security measures, a human operator must open the door to grant access. Human verification is a good method of conducting audit trail as it provides who opened the door to grant access, time of access, duration taken, date, and who initiated the access (Kim & Chung, 2013).

The human verification involves use of human image verification. Norman (2011) explains that human image verification involves use of video verification mode. When an individual presents a token to a reader, a security operator stationed at a personal computer gets a photograph of the said individual. The operator then matches the live feed photograph from the video and the stored image from the personal computer database. Access is granted manually by the operator after the security operator identifies that the individual is the one presented by the live feed and the stored photograph.

Other human verification can be done using audio means. The audio voice of an individual is integrated with multiple internet protocols based intercommunications for door control. The doors are remotely opened or closed (Ferrari, 2010). The fourth component of access control system is reader. Readers are devices that read credentials from a token. Benantar (2006) notes readers in access control systems are classified according to the functions they perform.

A combined reader is a reader that combines the functions of a controller and reader in the same device. Combined reader stores a copy of user database allowing the user to gain or deny access to a certain specific area. System readers read credentials from a Personal identification number key pad and card. Then the system reader takes the data to a controller. The reader then receives data from the controller whether the credentials match in order to allow or deny access. Standalone keypads and readers operate independently. Standalone keypads and readers contain readers and database memory. These components control door hardware that allow or deny access. Standalone readers usually operate with one credential that is common to all such as a common code. An Offline reader operates by analysing data contained in a card to allow or deny access to a specific area even without a computer memory. The card or token hold user’s information or credentials that define which time and doors are valid for access.

The fifth component of electronic access control system is the graphical user interface. In access control systems readers connect the user to a computer memory. The reader interface analyses data captured from the reader. The reader interface analyses data captured from the reader and then transfers the data analysed to the system controller. The hardware used to control the door hardware gets information from the controller to perform depending on the signal remitted from the controller (Tsacoumis, 2010).

The sixth component of electronic access control system is controllers. Controllers are devices that hold information in a computer memory. Controllers decide whether an individual is to be allowed or denied entry to a specific area at a certain time at a given date. In case of any failure in network communication, the controller is able to work offline. Controllers are connected to a personal computer by several of interconnection modes (International Foundation for Protection Officers, 2009). Depending on how controllers communicate, card transactions and alarm events may pass through several controllers. This is called interconnection between networks. This type of interconnection is used for event driven acts such as activation of sounder and anti-pass back.

The seventh component of access control system is Power Supply Unit (PSU). A Power supply unit is used to support hardware doors. Many controllers and user interface devices use separate power supply in order to ensure that chosen locks are well supported. It is recommended that access control systems should be provided with battery backup power in case the main power supply unit fails. These batteries are used as standby back up power which should be monitored regularly (ICT-EURASIA Conference, 2013).

The eighth component of electronic access control system is a Personal Computer and computer Software. A personal computer is used as a server in access control system. The personal computer is installed with software that provides solution for an insecure area to a secure area. The computer may also be installed with web based systems that allow or deny access to a personal computer. The personal computer must be provided minimum system specific requirements in order to accommodate software installation. The software contains a list that is known as Access Control List. The Access Control List contains information on users and devices. The software contains permissions that restrict on who can modify the system contents. The Access Control List contains Access Control Entities. The Access Control Entities are credentials that an individual has which allows him/her to access certain resources or information. There are two types of Access Control List. The first Access Control List is the System Access Control List. System Access Control List includes credentials of an individual who has permission to modify the access control system. The individual who can modify the system is known as the administrator. the administrator has the right to read, execute ,modify and execute various issues such as addition or removal of individuals in the access control system.

The second type of Access Control List is the Discretionally Access Control List. Discretionally Access Control List verifies the credentials of an individual who attempts to access a particular area. The recent trend in access system technology is that the manufactures provide industrial grade personal computers already installed with the system software. The graded personal computers are also readily connected to the existing wide area network (WAN) or Local area network (LAN) for easier intercommunication (Zhang, 2010).

The ninth component of electronic access control system is programmers. If an access control system is not based on a Personal Computer, then programming application for the system must be provided for deleting and adding cards. The program may application may be inform of display or keypad that can be handheld or be part of the controller device. The program is normally protected with a password. The program contains easy to operate commands such as Yes/No queries. Such program application requires manual card follow up where security personnel write down individuals entering and exiting the premises at specific time and date (Norman, 2011).

The tenth component of electronic access control system is door contact. A door contact is a device used to sense opening and closing of a door that is controlled. A typical controlled door is made of a magnet mounted on top of the door and a contact switch installed on the door frame. Door contacts are monitored using alarms. Alarms usually go off if the door is opened the without necessary authority.

When designing an access control system, considerations in to life safety must be put in place. Life safety and fire door are used to ensure that people escape through these doors in case of a fire or any other emergency. While access to a particular or specific area is controlled, the ability to exit a building during an emergency cannot be delayed or impeded.

According to (Ferrari, 2010), the following consideration need to be taken into account when designing an access control system. What happens when the fire alarm system gets activated? Local authorities require a building or premises to have fire alarm systems which get activated in case of a fire breakout. Door control devices should have magnetic locks which are connected to a fire alarm system. When fire breaks out the alarm gets activated and people are able to open and exit the building through allocated doors.

Can people in the premises exit the premises through allocated exit doors without using a card or keys? In cases of emergencies, people usually leave their wallets and purses at their work area due to hurry in order to escape. An audible alarm should sound when the door is opened due to unauthorised access. Despite the alarm sounding, people should be able to open the door and get out. When there is failure in power supply, can people be able to open the doors when an emergency occurs? Can people be able to go out the door during a power supply failure or power outage?

Efficient and effective management of an access control system is necessary in ensuring that the access control system is always operational. The main management elements that should be taken into consideration when designing an access control system include backups and batteries. An online backup drive is considered in case future references in cases where hardware fails or malfunctions. Back up is developed by connecting the access control system to a backup device of the server. All door controllers need to be backed up by batteries .The batteries ensure that the controlled doors function continuously in cases of power outage. The batteries also ensure that an audit trail is maintained in case of power failure.

Management of cards or token is essential in ensuring that access control system is efficient. The security of access control system should have a password protection that enables programmers to add and delete cards without interfering with the operations of the system. Regular reports should be generated and presented to the security management to ensure that the system remains effective and efficient. The security management should also conduct tests such as unauthorised access challenges and fire emergency drills to determine the efficiency of the access control system.


Access control system is a process that restricts or allows people to access and work in a building or premise without insecurity. The access control system contains components that make the system to become operational. The components work hand in hand to create a secure environment. The access control system can be designed by security department of an organization or a manufacturer. The access control system must consider safety procedures such as fire escapes during emergencies. Access control systems are essential in creating a secure working environment.

Access control systems require an organization to have a confidential clause or policy that ensures that personal information is protected. Information documented for access control system should be kept confidential and access to such data should be restricted. For the access control system to stay operational, all components should be working properly. A security policy is a document written by an organization. The document outlines how the organization identifies its assets as well as threats that that organization faces (Benantar, 2006). Therefore, a security policy defines the identity or credentials of people who are authorized to access certain resources in the organization. Rules and regulations are outline in the security policy that guards the organization assets.


Benantar, M. (2006). Access control systems: Security, identity management and trust models. New York: Springer Science + Business Media.

Ferrari, E. (2010). Access control in data management systems. San Rafael, California: Morgan & Claypool.

ICT-EURASIA (CONFERENCE), Mustofa, K., Neuhold, E. J., Tjoa, A. M., Weippl, E. R., & You, I. (2013). Information and communication technology: International Conference,

ICT-EurAsia 2013, Yogyakarta, Indonesia, March 25-29, 2013. Proceedings. Berlin, Springer. http://dx.doi.org/10.1007/978-3-642-36818-9.

International Foundation for Protection Officers. (2009). Protection officer training manual. Amsterdam: Butterworth-Heinemann.

International Foundation for Protection Officers. (2010). The professional protection officer: Practical security strategies and emerging trends. Oxford: Butterworth-Heinemann.

Jackson, B. A., & National Institute of Justice (U.S.). (2015). Fostering innovation in community and institutional corrections: Identifying high-priority technology and other needs for the U.S. corrections sector.

Kim, K. J., & Chung, K.-Y. (2013). IT convergence and security 2012. Dordrecht: Springer.

Norman, T. L. (2011). Electronic Access Control. Burlington: Elsevier Science.

Tsacoumis, T. P. (2010). Access security screening: Challenges and solutions ; [Symposium on Access Security Screening, presented at New Orleans, Louisiana, on 28-30 March 2010]. Philadelphia, Pa.

World Congress on Medical Physics and Biomedical Engineering, & Long, M. (2013). World Congress on Medical Physics and Biomedical Engineering May 26-31, 2012, Beijing, China. Berlin: Springer.

Zhang, P. (2010). Advanced industrial control technology. Amsterdam: William Andrew/Elsevier.