An access control system is a system which enables an authority to control access to areas and resources in a given physical facility. An access control system also lies within the realm of physical security although it is generally seen as a secondary layer of security within a physical structure.
Access control has become an every day reality. From the lock on your car door to the PIN you input on an ATM system, you can find access control every where. When it comes to securing important, confidential or sensitive information and / or equipment, access control is of the utmost importance.
Physical access by a person can be allowed based upon authorization, payment, etc. There may also be one-way traffic of people such as border crossings, ticket checkers or turnstiles. A variation of access control is exit control. For example, at a store, after check out or at the border of a country.
Traditionally, access control was a matter of mechanical locks and keys. When a mechanical key was lost or the key holder was no longer authorized to use the protected area, the locks had to be re-keyed. Now, many companies and people use electronic access control which uses computers to solve the limitations of mechanical locks and keys. The electronic access control system will grant access based on the credential presented in magnetic code stripes on the backs of cards, proximity cards or fobs which send a transmitted signal or codes entered on a keypad. When access is granted, the door will unlock and the user is granted access. Also, the system will monitor the door to send an alarm if the door is forced open or if it is held open too long after being unlocked.
The way electronic access control works is that when a credential is presented to the reader, it sends the credential¿s information, which is usually a number, to a highly reliable processor in the control panel. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database. The door will remain locked when access is denied. The door will unlock when there is a match between the credential and the access control list. Also, the control panel will ignore a door open signal so as to prevent the alarm from triggering. Usually, the reader will provide feedback, such as a flashing green LED light for access granted or a flashing red LED light if access is denied.
Many times, when credentials are presented as magnetic encoded cards or key fobs, they can be passed around, thus subverting the access control list. For example, Alice has access rights to the server room but Bob does not. Alice either gives Bob her credential or Bob takes it; he now has access to the server room. If companies and people want to prevent this, two-factor authentication can be implemented. In a two factor transaction, a second factor is needed after the primary credential is presented such as a PIN number or a biometric input such as a finger print.
The most common security risk of intrusion of an access control system is simply following a legitimate user through a door. Often the legitimate user will hold the door for the intruder. This risk can be minimized through security awareness training of the user population or more active means such as turnstiles. In very high security applications this risk is minimized by using a sally port, sometimes called a security vestibule or mantrap where operator intervention is required presumably to assure valid identification.