Access Control Systems Based on Physical Attributes

The ultimate access control system would uniquely identify a person and admit that person and only that person independent of whether the person possessed a particular coded card or token and/or knew a particular code. This ultimate identification system would be based on one or more physical characteristics.

Nonautomated physical attribute identification systems have long been the primary method of verifying the identity of a person: the signature (as used on personal checks and credit card slips); the fingerprint (as used by the FBI); pictures (as used on ID badges, passports, driver’s licenses, which have become the preferred form of identification for banking and credit transactions);and, to a limited extent in some criminal proceedings, the voiceprint. Digital Network Architecture may be next.


Types of Systems

The equipment that is now available for access control in some cases measures the physical attributes that are well-known and of accepted legitimacy, and in others relies on attributes that the manufacturers themselves have represented as being unique. A discussion of the current offerings follows; other techniques will doubtless come and go.


Facial Recognition.

There has never been a fully automated system using the face as a physical attribute, although for twenty years semi-automated systems have been available that store a person’s picture on microfilm, videotape, videodisk, or digital memory. Such systems are a sort of nonportable picture badge, with the image retrieved by an automated identification means such as a card or a PIN. Another simple and economic form of face-based non-automated access control that has become popular is the video intercom, which was originally developed for entry lobbies in apartment buildings. This device allows the occupant to both speak with and see the face of a visitor before opening the door (usually electronically).


Signature Comparison

The signature is the basis for personal identification in hundreds of millions of financial transactions every day. There are machine-assisted methods for presentation of a stored signature image to the bank teller, but these are not used for access control. There has never been a fully automated system for signature comparison, although for twenty years there have been fully automated systems that are based on the manner in which the person writes the signature (e.g., pressure, acceleration, speed), rather than on the appearance of the finished signature.


Fingerprint Comparison

Fully automated fingerprint access control systems have been marketed for 25 years by a continually changing series of unsuccessful vendors originally driven by work for the FBI and the Air Force. The technology is similar to that used in the FBI fingerprint search operation, which makes 15,000 searches a day through a file of 25 million prints. Fingerprint-based access control can be installed for a price that is little more than that for a top-end card access or proximity system.


Hand Geometry

Hand geometry as a unique physical attribute stems from a 1971 study by Stanford Research Institute on the efficiency of manufacturing and inventorying gloves for Air Force pilots. An access control system based on this physical attribute was introduced in 1972. It was successfully sold and widely used under the aegis of several companies, but was abandoned by a major player in the security electronics field in 1988 as a business area not worth pursuing. New systems are on the market today, at prices that are competitive with those for card access systems.


Voice Recognition

Voice recognition was the subject of extensive research activities in the early 1970s, but no serious voice-based products were marketed until the late 1980s. Voice input has a natural cost advantage over other physical attribute-based access control systems in that the data-entry mechanism is an inexpensive telephone handset and the workings are all electronic. However, it has suffered from suspicions of unreliability and fear of being easily outwitted by recording and playback devices, and from government reports openly stating these concerns. There have been a number of products on the market from time to time, at prices competitive with those for card access systems. One rudimentary form of voice-access control is the telephone entry system, which is actually a machine-assisted voice-plus-keypad system. Like the video intercom, it is intended for multi-unit residences and requires that the person on the inside recognize the voice of the prospective admittee.


Blood Vessel Patterns

Other systems analyze the patterns of blood vessels on various portions of the human anatomy. One system that was introduced in 1983 is based on the conclusion of a 1935 medical paper that the pattern of the blood vessels on the retina of the eye is unique. Another uses the blood vessels on the wrist. A question is legitimately raised about whether any one physical attribute provides a more dependable basis for identification than the others. Fingerprints certainly have the most solid legal precedent and endorsement through long-term use, and there is only one chance in a billion that two randomly selected fingerprints will match. Signatures are also well accepted as identification for financial transactions. Voiceprints have acquired some legitimacy in the courts. Faces have never been measured in an automated identification system. The uniqueness of the other attributes is validated only by the claims of the companies that sell the equipment. In practice, however, all of the products have accuracy rates in the one-in-a-thousand category because of the problems in measuring the attribute, and no attribute has been demonstrated to be superior.


These methods of biometric access control can be paired with other forms of authentication such as PINs, passwords, proximity or I-class cards to add another layer of assurance. Because biometrics are still not at the point of 100% accuracy, the room for error they leave necessitates, generally, the use of another method in conjunction with them. In the near future however we can expect the accuracy of these methods to improve and eventually become primary access control measures.


Security Technology of South Texas is a local leader in access control, video surveillance, and community management systems in the South Texas area. Get in touch with us today to see what we can do to help secure your location.



Please contact us through email at

Through our website form :

Or by phone at 210-446-4863     24/7

BRIVO Multifamily Access Control and Home Automation


Previously marketed as Parakeet, Brivo’s foray into the multi-tenant video, access control, and home automation market provides a total solution for property management to wirelessly integrate surveillance with building access and smart home features. Properties can make themselves more attractive to new clients by offering a fully mobile experience for access and automation, encouraging them to pay more and stay longer.


Anywhere they go with an internet connection, clients will be able to use the app to:


  • Adjust apartment temperature or turn on lights
  • Open the lobby door, front gate or garage
  • Access the right floor on the elevator
  • Grant access to guests and take them to the pool
  • Pay rent and submit work orders
  • Save money with energy efficiency controls


This all takes place through the cloud, meaning there are no on-site servers to set up and maintain. So long as the location has reliable commercial-grade internet and clients have phones, the solution is seamless and elegant.

From the perspective of the property management, Brivo’s apartment solution makes easier many conventional tasks. Using a single integrated platform, management can:

  • Manage access to doors throughout the property
  • Quickly assign and revoke mobile credentials
  • Monitor common area access and use
  • Control environmental features in vacant units
  • Prevent property damage with real-time alerts
  • Customize reports with actionable data

Furthermore, as many industries look for ways to reduce in-person interaction, self-guided property tours have become an expectation for those looking at upmarket apartment homes. Brivo makes providing self-guided tours easy for both parties while maintaining the security of the complex. With Brivo, showing available units is easier, safer and more convenient.

Multiple properties across an entire portfolio can be managed in one suite of software, with clear delineation between access control features, video surveillance, and automation. Enrolled individuals can be divided into staff and clients and subdivisions thereof, with mass notifications easily sent out to just the group that needs to know. With the elimination of physical keys and fobs, security is improved by reducing the attack surface of your complex to something much more difficult to clone or hack, the personal phone.

Security Technology of South Texas is one of the area’s most experienced and professional teams in physical security, access control, and surveillance. If you would like an assessment made for your business, please contact us at


Visit at 


Or call at 210-446-4863


The Stages of Attack or Penetration Testing

  1.    Network reconnaissance :

This is the first phase involved in penetrating a system. This is the stage during which information is gathered about the target in order to facilitate the attack. It can feature “Active” methods, such as actual social engineering in person, or “Passive” methods using searches of public records and even material from “Shodan”.

  1. Host port scanning and banner grabbing

This phase involves using port scanners to look for all open and closed ports. This is carried out using port scanners such as “Nmap”, “Superscan”, and “Angry IP Scanner”. Packet Sniffers like Ethercap and Wireshark can help capture information traversing a site or network.

  1. Vulnerability identification and Exploitation

Using tools like Metasploit or Sqlmap, this phase looks for any vulnerabilities which can be exploited to establish access to a system or network.  Control can be gained at the level of  the OS, system or network. This can proceed into privilege escalation via the cracking of passwords and Dos or DDos attacks. Vulnerability scanners such as Nessus and Nipper help determine how vulnerable a system is.

  1. Rootkit installation

If possible, the installation of a rootkit is an excellent way to maintain control over a system or network while also avoiding detection. Rootkits can disguise themselves and are difficult to detect. The installation of the Rootkit generally occurs after an attacker has successfully exploited a vulnerability in a system or network. The term “Root” refers to what the administrator or privileged account on Unix-like systems was/is called. Rootkits are able to modify at the level of the “kernel”, and removal of firmware Rootkits is often difficult to impossible.

  1.  Hiding tracks

One of the final phases, “Daisy Chaining” or “Exfiltration” aims to leave as little evidence as possible that the attacker penetrated a system. The more skilled the hacker, the less evidence he will leave. This is a critical phase to avoid being caught and to ensure that any modifications or malware installed stay in place as long as possible. Hiding tracks well closes out the attack and ultimately determines the overall success of the attack.

Source: Author


Contact us at


 or call 24/7        (210)-446-4863

The Latest Trends in Malware

         As we move further into the 21st century and witness the major advancements in computational power and the sprawl of web-connected devices, malware writers manage to keep up with trends and write malevolent software to match each step forward. Just like the legitimate players in the tech industries, these shadowy figures innovate and find new vectors for infection and better methods to obscure their wares from the average user and professional alike. It is safe to assume that cybercriminals are doing all they can to become more effective and virulent, and as a result the demand for the security industry’s remedies grows as well. Here is a look at some upcoming trends in malware.
         While some malware aim to impose a ransom or to steal data, others take a more aggressive approach. These “wiper malwares”, such as “Shamoon”, “Black Energy”, and Destover” have the single purpose of destroying systems and the data they contain. This tends to cause a great deal of financial damage to victims, as well as ruining their reputation in many cases. Whether it is all about sabotage or a means to cover the threat actor’s tracks on the way out of a penetrated system, this is an area to watch.
         “Fileless malware” is able to infect local hosts without leaving behind any artifacts on the hard drive. This makes it difficult for traditional antimalware software to detect them, as they tend to rely on virus and malware signatures to determine infection. These attacks almost doubled in 2018.
         Botnets are distributed infections using many host’s computational power to infect others and perform the desired actions of the attacker, such as crypto-mining or DDosing targets. So-called “bot-herders” who control these bots have even managed to create “self-organizing” botnet swarms. Due to the promise of automated wide-spread infection, this is a very enticing method of spreading malware for threat actors everywhere.
         APTs (Advanced Persistent Threats) are typically thought to originate from nation-state actors with a wealth of resources. Due to the sovereignty of nation-states, it is difficult to impossible to do anything with regard to enforcement. They are able to create customized malware of the highest order to carry out their espionage and attacks, and often aim to spy on vast numbers of users and even entire enemy or rival nations. These threats, such as the malware “Sofacy”, will only continue to grow, and have now been observed to evolve their own code.
         Cryptomining, which we have looked at previously, has seen an 83 percent increase in attacks in this last year according to Kaspersky Lab, with over 5 millions infections in the first three quarters of 2018. Examples include “Mass Miner” and “Kitty”.
         Threat actors have picked up development of Card-skimming malware in 2019 according to RiskIQ. These malware steal personal information at POS machines and often involve the physical planting of devices onto things such as ATMs to “skim” credit card details.
         Steganography involves hiding information using methods such as encoding executable information in images, text documents, and other formats that are less traditional. Encoding malware steganographically helps evade recognition by antimalware software. Threat actors will continue to push the limits to hide their toxic software from the user and antimalware alike.
Security Technology of South Texas
Contact us at
 or call 24/7        (210)-446-4863