P
hysical access control is securing who and what can enter a facility. A physical access control system (PACS) is an electronic system that authenticates individuals when approaching security gates, doorways, storage cabinets, or any other access point.
For most business professionals, physical access control systems are one of those invisible business technologies that you don’t think about until they stop working. It’s only then that they realize just how important they are. But security professionals know better. The access control system you use and how you manage it significantly impact corporate security and broader business operations.
Choosing the right access control solutions can appear daunting, but it doesn’t have to be. This article breaks down the key components of physical access control systems so you can better assess what makes sense for your organization.
At a high level, a physical access control system always includes a few core components:
Access control points are any barriers, like a door or turnstile, where you can stop personnel and require them to authenticate themselves before proceeding. As long as it is a physical barrier that someone cannot bypass, you can enforce different necessary actions for someone to gain entry.
Personnel must present their credentials to authenticate themselves at an access control point. Various technologies are currently available for credentialing. Here are the leading options.
This authentication system requires users to authenticate themselves with something they know, such as a password or PIN code. KBA physical access control systems are less expensive because they require less infrastructure and do not require physical tokens to purchase or manage.
Aside from lower costs, one major advantage of using KBA for access control is that adding new users is trivially easy. You only have to generate a new PIN or passcode for them, and they’re off and running.
The downside is these systems tend to be less secure. Unlike physical or biometric authentication, it is very easy for users to share passwords or PIN codes, compromising the security of your assets.
Biometric authentication involves scanning a physical attribute of the person requesting access.
Fingerprints
Fingerprints are unique to each individual and stay consistent throughout our lives. That makes them an easy, permanent biometric record for access control. A fingerprint reader compares stored print records to the fingerprint a user scans.
Facial Recognition
Facial recognition scanners use pattern-matching software similar to those used in fingerprint scanners to match the shape of a user’s face against scanned records. But unlike fingerprint scanners, this is a non-contact form of biometric authentication. As a result, they are also very difficult for attackers to bypass.
Iris Eye Scans
Much like fingerprints, the irises in a person's eye hold a unique pattern that remains stable throughout life. A scanner can detect that pattern and match it against access control records. Iris eye scans are highly accurate and difficult for an attacker to defeat. They are also fast and easy to use, scanning from several inches to several feet away in seconds.
Retinal Scans
This method employs infrared light to capture and identify the unique pattern of blood vessels in a person's eye. Retinal scanning is the most secure form of biometric authentication, with an almost non-existent failure rate. It's also fast, making it ideal for places with high traffic. However, certain individuals may find the retinal scanning process somewhat invasive and uncomfortable.
Voice Recognition
Voice recognition access control compares spoken passphrases with high-quality digital recordings. These systems can be more user-friendly than eye or facial scanning technologies, which typically need to be installed at a specific height. Moreover, they require much less user training than other biometric authentication methods.
Unlike knowledge-based credentials, which a user memorizes, or biometrics, which are user attributes, physical token authentication requires the user to present an item they carry.
Swipe Cards
These ID cards come with an embedded magnetic strip that stores identification information that can be read by swiping through a reader. Magnetic swipe cards represent the most cost-effective physical token solution, typically costing only a few cents each. Furthermore, replacement cards and related materials are readily available.
Smart Tokens
Smart tokens have many form factors, including ID cards and key fobs, but they utilize an embedded computer chip to store credential information instead of a magnetic strip. The information transferred from the token to the access control solution is encrypted, which makes this method a better option in high-threat settings.
RFID Tokens
Radio Frequency Identification (RFID) tokens are battery-less. They operate within a short distance, typically up to 6 inches (15cm). They are typically small, and RFID readers can scan several tokens at once, speeding traffic through congested access points.
Learn More: What is RFID Technology? Choose the Right Technology for Your Business
Mobile access control systems use a smartphone application as user credentials. Administrators assign user IDs within the app. Then, individuals simply need to wave their smartphones near access control points, where the phone’s short-range wireless antenna communicates their credentials.
No matter which type of credentials you use, users must provide them at access points to authenticate themselves. They do this through credential readers. The information from the reader is transmitted to the system's control panel and server. Certain readers are integrated within interactive terminals, allowing for prompts that require users to input extra information upon authentication.
Access control panels are small computer systems located on-site at access points. They receive user credentials from readers, check for access permissions, and, when confirmed, grant entry by unlocking control points.
While some modern physical access control systems can bypass control panels and perform direct reader-to-server verification, depending on the specific layout of your facility and IT infrastructure, you may not want that setup. It's advisable to collaborate with your IT and facilities teams to identify the most suitable system configuration.
The access control server is the backbone of managing physical access. It handles tracking, analysis, and reporting of access control activities. For smaller facilities, the server may be located on-site. In IT, this is called “the edge,” close to entry points and control panels. However, it can also be located remotely, depending on how your company hosts its IT infrastructure.
The server maintains your directory of authorized users along with any specific access conditions they have–for example, different permissions on different shifts. It also generates detailed reports, aiding in internal security evaluations or compliance with regulatory standards.
The standard format of user profiles simplifies integrating your access control system with other security frameworks at the server level. You can manage various systems through a unified user list, enhancing efficiency and security.
For instance, when adding a new team member, you can simultaneously assign them access to necessary areas, keys, and assets required for their role. And when an employee leaves the organization, you can revoke their access rights across all systems with a single action.
You can use PACS technology in various ways depending on your specific security and business needs. Three primary access control models exist: rule-based, role-based, and attribute-based.
As the name suggests, access to different spaces is governed by predefined rules set by administrators under a rules-based system. They can be built around anything the system can monitor and are typically designed to optimize security and convenience for system users. Access control rules might include restrictions based on the following:
Rules-based access control use cases
These systems work well for managing workflows. For example, if you need to manage access to fleet vehicle leys based on which vehicles have been sitting idle the longest. This will help distribute mileage and maintenance more evenly across an entire fleet. Or you could manage access to handheld electronic devices based on which have been charging the longest inside a smart asset management system.
Role-based systems manage access through a hierarchy of roles based on job titles or other organizational functions. Your roles within the organization determine what access a PACS will grant. Roles might include:
Role-based access control use cases
For example, an asset management system might allow warehouse team members to sign out a handheld device. If they report it damaged upon return through the PACS control panel, the system can flag the device as damaged. Only someone with a technician role can sign it out for servicing.
Attribute-based systems are best considered a combination of rule and role-based systems. They grant access based on real-time attributes of an individual and the environment using monitoring software. Unlike roles or rules that require manual assignment, attributes are characteristics of people, managed spaces or assets, or the wider business. These attributes are monitored in real time by the business IT systems or IoT sensors attached to a PACS or in the facility.
Organizations can expect to see a range of benefits when they bring these systems together on a unified management platform:
Learn more about Integrating Physical Access Control and Asset Control Systems
The benefits of PACS in security are many. But, as you can see, each authentication system has advantages and disadvantages. Each has its place in business security. It’s just a matter of determining what makes sense in your organization and your access control policies.