Access control controls access via a set of rules defined by the operator “Who – When – Where” so that only authorised persons have access to the areas in buildings or protected areas on a site that have been approved for them. Access authorisations can be limited in time (expiry period, time). Access authorisation can be checked by people, e.g. employees of a security service, or by technical access control systems on the basis of proof of identity.
Material and biometric means of identification can serve as an identification feature for access control. In the case of material (electronic) identification features, a distinction is often made between active and passive media. Both have different strengths and weaknesses compared to the other variants. Passive media are available in standardized and standardized versions, while active identification media are usually proprietary products of individual manufacturers. The smartphone used as an identification medium plays a special role here, which usually uses BLE, NFC or both in combination as an interface, whereby the NFC interface in communication is (theoretically) compatible with the standardized passive identification media based on 13.56 MHz RFID transponders.
Active identifiers are typically battery-powered. Either the battery in the identification medium supplies the decision-making electronics of the closure system with energy, or the identification device communicates with the locking system via a radio communication that is at best encrypted. The latter is used, for example, in most automobiles.
Active identification media usually offer longer ranges than the classic passive RFID transponders, but in contrast they are mechanically more sensitive, require batteries and are often about 10 or more expensive. Due to the fact that these are usually proprietary systems, active transponders often cannot be integrated into other systems or can only be integrated with great effort (e.g. copying/printing systems, canteen and payment systems, fleet management, time recording, etc.).
There are also solutions in which a passive HF transponder card can be used as a wide-range transponder by means of an active booster, this enables driver identification by means of the normal access card even on a wide-range reader.
Since 2006, it has been possible to use the mobile phone via Bluetooth as a means of identification, i.e. as a key. A distinction is made between two systems. Some that do not require special software on the mobile phone. In this case, only the MAC address of the Bluetooth interface is read, i.e. it is checked which mobile phones the nearby devices pretend to be.
Such systems that use special software to ask for a password on the mobile phone. Modern access control systems allow the use of mobile phones as a means of identification using Near Field Communication and can thus replicate the functionality of chip cards.
There are vendors of various systems in the market.
An example of using smartwatch as a trigger – Detect Samsung Smartwatch BLE and Trigger IBM Watson IoT Event.
A distinction is also made between contact and non-contact media when it comes to passive identification means. This is where the range of technologies used is the largest.
Contactless proximity systems use various RFID techniques. Usually, the different RFID technologies are divided into three groups based on their frequency range, Low Frequency (LF), High Frequency (HF) and Ultra High Frequency (UHF). Media in ISO card format (plastic card), as a key fob, as a wristband or sticker are common. Contactless systems can also be integrated into wristwatches, mobile phones, mechanical keys and garments or fashion accessories. Transponders can even be surgically implanted under the skin in appropriate versions. The method is becoming more widespread, especially in the identification of animals, and there are also implants for use on humans.
Contact cards have a contact surface that is visible from the outside. The contact-based cards, which are still considered secure at the present time, are usually processor chip cards, on which cryptographically secured PKI certificates are applied. Often, these cards also have so-called dual interface chips, which can be addressed both contact-based and contactless. In practice, the use of PKI-based identification media for access control is associated with comparatively high effort and thus usually also high costs and is therefore usually only used in high-security areas, e.g. in the military sector. In the area of access control in IT systems of authorities and larger companies, PKI smart cards have been widely used since Windows 7 for multifactor authentication and can also be used, for example, for signing and encrypting e-mails. Theoretically, such cards could also be used for physical access control, but this is only very rarely implemented.
Today, magnetic stripe cards are generally no longer considered secure enough, as they can be copied and manipulated without much technical effort. In addition, the cards are subject to high wear and tear. Nevertheless, this system is still widely used in some hotels, for example, because the hotels shy away from the costs of modernization.
Since the mid-2000s, the magnetic card has been increasingly replaced by contactless identification media, as these offer a much higher storage space with higher security through encryption. In addition, they are much more resistant and virtually wear-free.
Passwords or PINs, for example, can serve as an intellectual means of identification, for example as a door opening code that can be entered via a number keypad. Mental identifiers are often used as another factor in the use of a material identifier. Similar to the PIN of a bank card, this is intended to make unauthorized use more difficult. In addition, it is possible to trigger further functions in the background by using different PINs.
In addition, biometric features such as fingerprint, iris or retinal scan, finger vein detection, facial features etc are used for identification or verification.
When using biometric features as an additional factor to a physical electronic means of identification, it is possible to store the data derived from biometrics, usually encrypted in the form of a hash value, on the identification medium.