Engineer & Author
Access control refers to the practice of limiting access to a physical space or digital resource, such as a digital file or building or a room, to authorized users only. Access control is achieved through various means, from traditional lock and key systems to modern smart locks and multi-door access systems.
This four part series guide provides a comprehensive introduction of how access control is achieved. The first post by introducing access control key terminology and then dives into the different types of systems and credentials, as well as how those can be remotely controlled through Seam’s products. Subsequent posts cover Smart Locks, Access Control Systems and Intercoms.
Access control is the practice of regulating who has access to a physical or digital space, asset, or resource. In other words, access control is all about “who does what and to what”. It’s based on the access control policy and controls who gets in and out of the system (or physical space), who gets what resources (in case of the digital systems) and when that happens. In this post, we’ll cover main terminology and main types of access systems and credentials.
There are four core elements to access control:
Therefore atomic primitives play a central role in defining the types of access control.
The relationship between subjects, objects, and operations are generally organized into three main types of access control:
It’s important to understand the type of access control. Next, let’s look at types of credentials being used.
Before access can be granted, a person must first present a credential. There are many types of credentials and verification processes:
The aforementioned access types can be combined, for example visitor management or personnel accesses can use badges (cards).
As with many things in life,each credential type has their own pros and cons. Let’s discuss the main pros and cons of main credential types: keys vs. badges vs PIN codes.
Physical keys are economical but cumbersome to share with a visitor. They can also be lost or duplicated without permission, creating unauthorized access risk. The only remedy is often a rekeying operation of each compromised lock, which can be expensive.
Similarly, badges, IDs, and fobs also require a physical exchange to grant visitor access and can be lost or copied. However, a compromised badge or fob can generally be deactivated from a centralized system without requiring any rekeying operation.
Lastly, PIN codes and mobile-keys are by far the easiest to share since they can simply be emailed to a visitor. Like badges and fobs, they’re also easy to deactivate from a system. However, not every door access point will have a keypad to input a PIN code or have the ability to receive a mobile key presented over bluetooth or NFC. The latter feature is only supported by the more modern hardware systems and could require a system upgrade.
Therefore, when picking a credential type, an operator should evaluate how often credentials need to be shared, how costly a compromised credential might be to mitigate, and whether there is a budget for upgrading access points to more flexible credentials such as mobile keys.
We’ve covered the credential types. Now, let’s look at types of access systems.
An access system receives a credential as input and outputs a decision to grant or not to grant access. At Seam, we usually classify access systems into 4 categories:
The four categories are not black and white. They are often combined and interloop, e.g., an apartment complex can have ACS, intercoms and gates. An individual single-family home can have gates and individual smart locks not connected to each other.
To sum up, access control comprises a set of primitives such as people and actions, and is governed by a set of access policies (e.g. RBAC). To gain access, a user must present credentials. Credentials have various pros and cons. Physical credentials are difficult to share, hard to track, and readily compromised. This can lead to expensive rekeying operations. Meanwhile, novel credential form-factors, such as mobile keys, are easy to share and track, but require newer access systems to be installed.
The rest of this guide will cover each access control type in-depth, starting with smart locks.