top of page

The Evolution of Access Control Systems

Any building with a door or an entryway needs some sort of security to protect the occupants and the property. The most common type of security is some form of an access control system. Access control systems have evolved to become more sophisticated and effective at deterring unauthorized entry.

Some examples of access control over the years include pin pads, keys, turnstiles, card readers, and biometrics. Today, we have much more advanced forms of access control systems.

Here's a deeper dive into the evolution of access control systems throughout the years.

What Is Access Control?

Access control is any system used to regulate who can enter or exit a space. The most common type of access control is a door lock. Other examples include keypads, turnstiles, and fob readers.

Access control systems are used in both residential and commercial settings. They are often used in conjunction with security cameras and alarm systems.

The earliest known access control system was used in the Palace of Knossos in Greece. This door lock was a wooden block that slid into a bracket to secure the door.

Meanwhile, the Heron of Alexandria invented the first mechanical access control system in the 1st century AD. The system used a locking mechanism that consisted of a bolt, tumblers, and keys.

Since then, access control systems have come a long way.

Main Components of an Access Control System

Although there is no one-fits-all solution for access control, most systems share some standard components. Here are the main features of access control.

Mandatory Access Control

Mandatory access means users are only granted the permissions they absolutely need to perform their job duties. This is in contrast to discretionary access control, which allows users a certain amount of leeway in choosing which resources to access.

In a Mandatory Access Control (MAC) system, permissions are assigned by a centralized authority, such as an administrator. Such a system is often used in sensitive environments, such as military or government organizations, where it is critical to limit access to sensitive data.

Example: In a hospital, only staff with the proper permissions should be able to access patient records.

Discretionary Access Control

In computing, discretionary access control (DAC) is a type of security that relies on users making security decisions. It is the most common type of access control used in business organizations.

With DAC, each user is assigned a set of permissions that determine what actions they can perform on the system. The administrator can assign different permissions to different users and can change those permissions at any time.

DAC is contrasted with mandatory access control (MAC), which relies on predefined security rules that users cannot modify. MAC is typically used in military and government organizations, where security is of the utmost importance.

Example: A user is given read and write permissions to a file. The user can read and write the file but not modify or delete it.

Role-Based Access Control

Role-Based Access Control (RBAC) is a type of access control in which permissions are based on users' roles within an organization.

RBAC is a flexible and powerful access control model used in various settings. It is particularly well-suited to large organizations with many users and complex access control requirements.

RBAC can be used to implement both mandatory and discretionary access control. In mandatory access control, permissions are based on an individual's security clearance (e.g., top secret, secret, confidential).

On the other hand, discretionary access control allows users to specify who should access which resources. RBAC is a more fine-grained approach than mandatory or discretionary access control, which can be more challenging to implement.

Example: In a hospital, doctors should have access to medical records, while nurses should have access to patient charts.

Rule-Based Access Control

Rule-based access control (RBAC) is a model for managing permissions in which users are assigned roles that dictate what actions they are authorized to perform.

RBAC can manage computer systems, enterprise software, and even network permissions.

However, it comes with its challenges. One of the biggest challenges with RBAC is that it can be difficult to manage roles and permissions consistently across an extensive system.

Moreover, RBAC does not scale well to extensive systems.

It can be difficult to manage roles and permissions consistently and effectively in systems with hundreds or even thousands of users.

Example: In a financial organization, a teller would have a role that allows them to access customer accounts and perform transactions.

Meanwhile, an auditor would be able to view customer accounts but not perform transactions.

How Has Access Control Evolved Over the Years?

Access control has undergone a dramatic evolution in recent years. In the past, access control was primarily a physical security measure designed to protect buildings and other physical assets from unauthorized entry.

One of the earliest forms of access control was the pin pad. A pin pad is a device with a keypad that requires a user to enter a code to open a door or gate. Pin pads were used extensively during World War II to protect military installations.

Today, access control is much more than that. It's an essential part of cybersecurity, playing a vital role in protecting organizations from cyber-attacks.

In the early days of computing, access control was primarily a matter of physical security. Computers were large, expensive machines kept in secure rooms with locked doors.

Only authorized personnel were allowed to enter these rooms, and they had to sign in and out whenever they did. This physical security measure was effective in preventing unauthorized access to the computers.

However, as computing became more widespread and computer networks began to connect organizations worldwide, physical security measures alone were no longer sufficient.

Cybercriminals could now attack organizations from anywhere in the world and didn't need to physically enter the premises.

This realization led to a shift in thinking about access control. Instead of being primarily a physical security measure, it is seen as a critical part of cybersecurity.

Organizations began implementing access control measures to prevent unauthorized access to their computer networks.

These measures typically involved creating user accounts and assigning permissions to determine what each user could do on the network.

In recent years, access control has undergone another evolution. With the rise of cloud computing, organizations are now storing more and more data off-site in the cloud.

Evolution of Access Control in Physical Security

Apart from computing, access control has also evolved significantly in physical security. In the past, access control systems were stand-alone systems working without other security systems.

Today, access control systems integrate with video surveillance and intruder alarm systems.

This integration allows for a more comprehensive approach to security, providing greater visibility and coordination between different security systems.

It also allows for a more rapid response to security incidents, as information from one system can be used to trigger alerts in other systems.

The evolution of access control is likely to continue in the future as new technologies are developed, and new threats emerge.

The Impact of 9/11 on Access Control Evolution

The horrific events of 9/11 had a profound impact on the evolution of access control. Before 9/11, security was primarily focused on physical security.

However, after the attacks, it became clear that organizations needed to do more to protect themselves from terrorist threats.

As a result, access control systems began to place a greater emphasis on biometrics, which are unique physical or behavioral characteristics that can be used to identify an individual.

The use of biometrics, such as fingerprint and iris scanners, has become increasingly common in access control systems. The 9/11 attacks also led to the development of new technologies, such as RFID (radio frequency identification) tags. Apart from these access control elements, there have been many other advancements in the field:

  • Barcodes: These are machine-readable optical labels that are attached to objects. Barcodes store information about the entity to which they are connected, and they can be used to track the movement of objects.

  • Magnetic Stripe Cards: These are credit card-sized cards that have a magnetic stripe on the back, which stores information about the cardholder, such as their name and address.

  • Proximity Cards: Proximity cards use radio waves to communicate with a reader, allowing them to be read without physically touching the card.

  • Smart cards: They have an embedded microprocessor, where the user's information is stored.

  • IP Door Readers: SInce IP systems are more advanced, they can allow or deny access to an individual based on their IP address.

  • Thermal Cameras: These cameras can detect heat signatures, making them ideal for security applications.

As access control evolves, the need for physical security orchestration, such as Keer, will become paramount. Keer is a unique PropTech solution that connects all your physical security assets to form a smart mess with AI/ML capabilities.

As a result, there's no risk of being 'vendor-locked' since you'll have a unified system for security management. Request a demo to try Keer today.

The Future of Access Control

The future of access control is likely to be shaped by the continued development of new technologies. For example, biometrics is an area ripe for further development.

In the future, we may see the use of more sophisticated biometric identifiers, such as vein patterns and DNA. We may also see the development of new access control technologies, such as IoT and AI-based systems.

IoT (Internet of Things) systems will allow access control systems to be connected to a network of devices, allowing for a more comprehensive and coordinated approach to security.

Likewise, AI (Artificial Intelligence) systems will enable access control systems to become more intelligent and adaptive. So rest assured, we're in for an exciting future when it comes to access control.

bottom of page