Access Control Systems Based on Physical Attributes

The ultimate access control system would uniquely identify a person and admit that person and only that person independent of whether the person possessed a particular coded card or token and/or knew a particular code. This ultimate identification system would be based on one or more physical characteristics.

Nonautomated physical attribute identification systems have long been the primary method of verifying the identity of a person: the signature (as used on personal checks and credit card slips); the fingerprint (as used by the FBI); pictures (as used on ID badges, passports, driver’s licenses, which have become the preferred form of identification for banking and credit transactions);and, to a limited extent in some criminal proceedings, the voiceprint. Digital Network Architecture may be next.


Types of Systems

The equipment that is now available for access control in some cases measures the physical attributes that are well-known and of accepted legitimacy, and in others relies on attributes that the manufacturers themselves have represented as being unique. A discussion of the current offerings follows; other techniques will doubtless come and go.


Facial Recognition.

There has never been a fully automated system using the face as a physical attribute, although for twenty years semi-automated systems have been available that store a person’s picture on microfilm, videotape, videodisk, or digital memory. Such systems are a sort of nonportable picture badge, with the image retrieved by an automated identification means such as a card or a PIN. Another simple and economic form of face-based non-automated access control that has become popular is the video intercom, which was originally developed for entry lobbies in apartment buildings. This device allows the occupant to both speak with and see the face of a visitor before opening the door (usually electronically).


Signature Comparison

The signature is the basis for personal identification in hundreds of millions of financial transactions every day. There are machine-assisted methods for presentation of a stored signature image to the bank teller, but these are not used for access control. There has never been a fully automated system for signature comparison, although for twenty years there have been fully automated systems that are based on the manner in which the person writes the signature (e.g., pressure, acceleration, speed), rather than on the appearance of the finished signature.


Fingerprint Comparison

Fully automated fingerprint access control systems have been marketed for 25 years by a continually changing series of unsuccessful vendors originally driven by work for the FBI and the Air Force. The technology is similar to that used in the FBI fingerprint search operation, which makes 15,000 searches a day through a file of 25 million prints. Fingerprint-based access control can be installed for a price that is little more than that for a top-end card access or proximity system.


Hand Geometry

Hand geometry as a unique physical attribute stems from a 1971 study by Stanford Research Institute on the efficiency of manufacturing and inventorying gloves for Air Force pilots. An access control system based on this physical attribute was introduced in 1972. It was successfully sold and widely used under the aegis of several companies, but was abandoned by a major player in the security electronics field in 1988 as a business area not worth pursuing. New systems are on the market today, at prices that are competitive with those for card access systems.


Voice Recognition

Voice recognition was the subject of extensive research activities in the early 1970s, but no serious voice-based products were marketed until the late 1980s. Voice input has a natural cost advantage over other physical attribute-based access control systems in that the data-entry mechanism is an inexpensive telephone handset and the workings are all electronic. However, it has suffered from suspicions of unreliability and fear of being easily outwitted by recording and playback devices, and from government reports openly stating these concerns. There have been a number of products on the market from time to time, at prices competitive with those for card access systems. One rudimentary form of voice-access control is the telephone entry system, which is actually a machine-assisted voice-plus-keypad system. Like the video intercom, it is intended for multi-unit residences and requires that the person on the inside recognize the voice of the prospective admittee.


Blood Vessel Patterns

Other systems analyze the patterns of blood vessels on various portions of the human anatomy. One system that was introduced in 1983 is based on the conclusion of a 1935 medical paper that the pattern of the blood vessels on the retina of the eye is unique. Another uses the blood vessels on the wrist. A question is legitimately raised about whether any one physical attribute provides a more dependable basis for identification than the others. Fingerprints certainly have the most solid legal precedent and endorsement through long-term use, and there is only one chance in a billion that two randomly selected fingerprints will match. Signatures are also well accepted as identification for financial transactions. Voiceprints have acquired some legitimacy in the courts. Faces have never been measured in an automated identification system. The uniqueness of the other attributes is validated only by the claims of the companies that sell the equipment. In practice, however, all of the products have accuracy rates in the one-in-a-thousand category because of the problems in measuring the attribute, and no attribute has been demonstrated to be superior.


These methods of biometric access control can be paired with other forms of authentication such as PINs, passwords, proximity or I-class cards to add another layer of assurance. Because biometrics are still not at the point of 100% accuracy, the room for error they leave necessitates, generally, the use of another method in conjunction with them. In the near future however we can expect the accuracy of these methods to improve and eventually become primary access control measures.


Security Technology of South Texas is a local leader in access control, video surveillance, and community management systems in the South Texas area. Get in touch with us today to see what we can do to help secure your location.



Please contact us through email at

Through our website form :

Or by phone at 210-446-4863     24/7

The Five Phases of Access Control

The purpose of access control is to grant entrance to a building or office only to those who are authorized to be there. The deadbolt lock, along with its matching brass key, was the gold standard of access control for many years; however, modern businesses want more. Yes, they want to control who passes through their doors, but they also want a way to monitor and manage access. Keys have now passed the baton to computer-based electronic access control systems that provide quick, convenient access to authorized persons while denying access to unauthorized ones.

Access control systems aim to control who has access to a building, facility, or a “for authorized persons only” area. This is typically carried out by assigning employees, executives, freelancers, and vendors to different types of groups or access levels. Everyone may be able to use their access cards to enter the main door but not to areas containing secure or privileged information.


Beyond the obvious reason, physical security, there are several reasons a business or medical facility might need an access control system.



.Hospitals, doctors’ offices, and health insurance companies need to comply with HIPAA health data regulations.

.Banks, insurance companies, and any business that accepts and processes credit cards is subject to PCI credit card data regulations.

.SaaS providers, data centers, or any company hoping to maintain SOC2 cybersecurity standards.


IP Data:

Businesses that deal with privileged data and intellectual property, such as software developers, entrepreneurs, startups, and pharmaceutical companies need to not only control who comes into their facilities, but which areas they are allowed to access.


5 Phases

The 5 phases in an access control system allow it to both rapidly and effectively process users through a structure while documenting who was where and when.

1. Authorization is the phase that turns strangers into members. The first step is to define company policy; determine what people can and cannot do. This should include who has access to which door(s), and whether members of the organization can share access.

The next step is role-based access control (RBAC). By assigning roles to users, they get a certain set of assigned privileges. This comes in handy for administrators since they don’t have to individually update every user, should something change.

Most organizations use employee directories in tandem with RBAC, since these lists include all authorized employees as well as their access levels.

2. Authentication goes one level deeper than authorization. In this phase, members present to a door reader whatever badge, token, or credential they were given upon being authorized. The reader will check its validation to determine whether or not it should unlock the electric lock on the door in question.

3. Access: Now that the credentials have been authenticated, the access tools available at this stage make sure everyone gets in the right door, at the right time, faster and easier.

Unlock- Upon validation, the presenter can unlock whatever she wants to access. This can happen by pushing a button, presenting an access card, fob, or badge that requests access.

Trigger- Once the request to enter has been received by the access control system, the access is triggered, typically in the form of a door unlock.

Infrastructure- If the door unlocks, multiple events are tracked at once: The user was correctly authenticated, the user triggered an unlock, the door opened and the door closed.

4. Manage

This phase helps the administrator meet several challenges, including adding new access points, onboarding and offboarding users, maintaining security, and troubleshooting problems. Let’s examine some advantages.


Cloud-based access control systems can help startups and small businesses when they expand to new offices or additional offices by providing flexible and modular extensions of the existing setup.


Online access control systems send real-time alerts to administrators or security should any irregularity or attempted breach take place at any access point, allowing them to investigate immediately and record the event.


Modern access control systems allow administrators to remotely configure permissions, or seek support from the vendor, should access points or users have issues—a huge advantage over locally-hosted systems.


5. Audit

Auditing physical access control is useful for all types of businesses. In addition, it helps certain sectors meet special requirements.


Businesses can perform regularly-scheduled system reviews to make sure everything on the access control system is set up properly. It can also tell them if someone no longer employed by the company has been inadvertently left in the system.

Suspicious Events:

Since many access points are routinely tracked during any access event, auditing can prove useful to security officers when investigating unusual behavior. The data can be used to flag or highlight unusual access behavior or analyze it against historical data.

Compliance Reports:

Companies that process sensitive data like patient healthcare information, banking financial reports, or credit card payments must deal with audit requirements in the access control space when filing compliance reports in accordance with HIPAA, SOC2 or PCI. Some special categories like cyber security or ISO certifications also require managed and auditable access control. The audit phase can pull up the proper data for these periodic reports.


Security Technology of South Texas is a local leader in access control, video surveillance, and community management systems in the South Texas area. Get in touch with us today to see what we can do to help secure your location.

Please contact us through email at
Through our website form :

Or by phone at  210-446-4863   24/7

Machine Learning to Improve Access Control: Part 2

The “Covid Factor”
Covid-19 has changed the way both people and organization view nearly every aspect of interaction almost overnight. From opening the door and interacting with access control measures to rethinking how much of business even needs to be conducted on-site, this re-imagining has actually come at an opportune time relative to recent advancements in access control. Contactless systems are the preferred method for ingress and egress, and this has already been a trend in the industry for some time.

Whether it be an office, hospital, university campus or industrial plant, compliance requires either eliminating manual door activation, for example a hand pressing a switch or using a handle to open a door, and replacing with an automated “no-touch” solution or, when that isn’t desired or possible, enabling the manual door activation to be done with another part of the body (i.e., arm, elbow, hip, knee or foot), which is referred to as a manual ‘low-touch’ solution.
The use of touchless switches (also referred to as “no-touch” or “hands-free” switches) to activate automatic door operators or de-energize locking devices is increasing at an unprecedented rate. It’s very likely that touchless switches could become more common than push plate switches in the not too distant future.

How AI Will Power The Change
The addition of cameras to high risk portals has been an early example of this integration trend, enabling managers to be able to tie what took place at an entrance to a corresponding alarm condition such as a forced or jammed (propped) entrance/ exit. This capability can be further enhanced by analytics – for example, facial recognition could be used to determine which individuals might have set off the alarm condition. Analytics and other sensors could count the number of people that move through a portal during rush periods in “open” mode and also determine that a crowd has gathered and more doors/portals need to be opened to address the burst in demand for ingress or egress.
“From a design perspective there is an increasing demand, due to COVID-19, for touchless access. In this case, the integration of technologies and the use of machine learning can be leveraged to provide efficient, safe and secure access. Machine learning and AI are well adapted to leveraging data sets and, over time, gaining an understanding of conditions and matching them to access control and individual requirements,” said Salvatore D’Agostino, the CEO of IDmachines.

D’Agostino sees the convergence of AI into security spaces, not known for their reliance on analytic data, reshaping the landscape. AI can be used as a proactive step against intrusion at a security entrance like a swing door or turnstile and integrated into the access control and video security systems to provide rich analytics and situational awareness.

Emphasizing “What is Going to Happen”


“It has long been known that there are often patterns to humans, and to the same extent, enterprise behavior. Access control, surveillance, and intrusion detection systems collect large amounts of data that is often stored and then deleted without much analysis.
Enterprises are now more attuned to the ability to leverage this ‘big’ data. These are evolving now to common data formats, real-time analytics and predictive tools. There seems like there would be a similar evolution in the capabilities of physical security systems where it is not so much what is happening at a turnstile, swing door or entryway, but what is going to happen,” D’Agostino said. “This would leverage the existing systems, sensors and data collection capabilities and use big data, and analytics to drive management and monitoring. The more that physical security systems adopt standard data types, sets and structures (using syslog for logging is a simple example) and the more intelligent these systems become, the more intelligence can be put into predictive analytics.”
Security Technology of South Texas is a local leader in access control, video surveillance, and community management systems in the South Texas area. Get in touch with us today to see what we can do to help secure your location.

Please contact us through email at
Through our website form :

Or by phone at  210-446-4863   24/7

Machine Learning to Improve Access Control: Part 1

With the evolving dynamics of cloud storage and the ability to harness and proactively employ an ever-increasing pool of big data, AI in the form of machine learning and deep learning has become a disruptive technological force in the physical security industry. Advanced AI and low-cost network resources have significantly impacted video surveillance, which has been among the biggest beneficiaries of faster processing and impactful analytics. Building automation, fire systems, intrusion detection, and physical and network access control are all starting to incorporate AI functionality.

AI is increasingly taking a role in making exterior and interior entrances more secure.This technology is moving towards improving system functionalities, including: distinguishing people from objects at a facility perimeter and interior entrances; deterring piggybacking; identifying and analyzing potentially lethal objects and dangerous people; and helping to define secure areas in and around buildings creating a more defensive risk posture for a location.


As technology continues to converge and the edges of different traditionally separate technologies start to merge, we face the challenge of how AI may practically support entry solutions such as security revolving doors, turnstiles, and swing doors. A disconnect between the objectives of the building owner and building code regulations can further complicate the security blueprint. But with 5G communications on the horizon, at least for those in major metro areas, multiple systems will be able to communicate seamlessly and instantly. With billions of connected IP devices generating data, Machine Learning systems will have an enormous amount of data to run through algorithms and improve performance in the budding field of intelligent access control.

Because legacy security entrances do not have AI built into their technology, integrating intelligence into secured entrances requires a collaborative effort with a third party solutions provider. Video analytics are increasingly deployed to address use cases such as people detection, piggybacking, dangerous object detection and facial recognition among other issues relevant to secured entrances. The increased integration of AI providers with traditional security entrance partners has resulted in improvements, such as price, speed, ease of use and usability. It also includes the use of machine learning to improve algorithms over traditional modeling and correlation approaches, and integration with other systems and sensors.

The Plan Moving Forward
Security entrances and mantrap portals often combine a number of systems, sensors and requirements. Portals by their nature are an integrated solution combining access control, video surveillance, mechanical hardware, sensors and design. These systems are a micro-scale example of what we can expect to see rolling out in the next decade. As devices move to wireless and 5G increases the throughput and number of IP devices, trillions of data points will be created for algorithms to process.

The limiting factor at that point will be only processing power and the limitations of human ingenuity in programming. Nonetheless, the access control, video surveillance, alarm, and community management/smart home technologies will begin to bleed into one-another and be able to intelligently share relevant information to improve performance, all with almost zero latency. The implications, should this play out ideally, include hybrid systems capable of operating nearly without human intervention, a reduction in the need for monitoring center services, and better response and accuracy for access control and security systems alike.