Access control can be done with numeric keypads.
An access control is a procedure that authorizes or rejects the entry of an individual or an element to a certain sector . It is a security mechanism that, depending on the case, allows you to protect a physical space (such as an office or the contents of a safe) or something abstract (a system).
A guard at the door of a nightclub or discotheque carries out access control: he decides, based on different criteria, who passes and who does not. A phone's fingerprint sensor and the username and password combination to log into an email box also function as access controls.
Its characteristics
Access control is based on determining whether an entity (whether a human being, a machine, or a computer program) has the permissions or rights needed to enter a given area. For this, it is common to carry out an identity verification .
There is, therefore, a request for access prior to the review. Access control can process that request in different ways, using various principles and techniques. Once access is approved, the conditions under which it is accepted are defined. There may be multiple levels of access, to mention one possibility.
The purpose of access control is to prevent an intruder from entering a site or using a resource . In this way, a physical space or information is protected.
Electronic locks allow access control.
Types of access control
There are several ways to classify access controls. A first distinction differentiates between physical access control (which regulates entry to a site, such as card readers or turnstiles or other physical barriers) and logical access control or information access control (protects digital data: user credentials with passwords, a phone's fingerprint sensor, etc.).
Regarding information access control, several classes can be recognized. Discretionary access control is one in which the system owner authorizes access to users according to their own rules. Typically, there is an access control list that records those who have the relevant authorization. Role-based access control , for its part, grants permissions based on functions and not based on identity; This serves to limit access to specific data.
Mandatory access control , meanwhile, is structured around an authority that assumes the regulation of authorizations and their organization into levels. It can also be called attribute-based access control , which combines certain properties with environmental conditions.
An access control can protect both physical security and logical security.
Its components
At a general level, logical access control articulates three components that enable authentication , authorization and traceability .
The authentication or authentication mechanism is the procedure for identifying the entity . In other words, it is that which confirms that the entity is who it claims to be. It can be carried out using biometrics (facial recognition, iris scan) or passwords .
Authentication gives way to the authorization process: permission is granted or access is prevented . At this point, the policies that define what the entity can do are established and applied. Finally comes the instance of traceability to facilitate the registration of the activities carried out by the entity. Traceability can be combined with an audit to hold each entity accountable for what has been done.
Access control examples
Suppose a person wants to make a transfer from their bank account . To this end, you visit your bank's website and encounter a first access control: you must enter your username and password . Once you enter the system, you detail the recipient's information and the transfer amount. To complete the operation you must pass another access control; In this case, the banking entity uses security tokens . The customer has to open an application on their phone and generate a new key with it, which is valid for just a few seconds. Thus, you quickly enter that password in home banking and finally you can transfer the money.
Let us now take the case of the presidential residence. For obvious reasons, there is an access registry and visitor management is carried out: the intention is that only those with the relevant authorization have access to the president. Access control, in this case, includes security cameras and video surveillance for real-time monitoring and motion detection sensors in sensitive areas. Likewise, there are security alarms to warn of unforeseen or risky situations and the personnel in charge of access control have intercom systems to optimize their work.