Access contol systems restrict or permit entrance to a secure area, based upon credentials which a person wishing to gain entry must present.  There are three general types of credentials which commonly describe progressive levels of security for access control.  They are:

1. something a person has, such as a key, debit card, access badge or passcard;
2. something a person knows, e.g. a PIN, security code, or password; and,
3. something they are, typically a biometric input, e.g. fingerprint, facial recognition, iris recognition, retinal scan, voice, or hand geometry.

Historically, being in possession of a simple key was sufficient to gain access to many areas.  For example, home security was originally considered effective simply by using the locks on the front door.  As security risks became more common, people began to install home alarm systems which required a Personal Identification Number (PIN) to be entered when gaining access to the home.  This is a basic example of a two-factor home security system.  In a very simple sense, your family recognizing you as a family member is an basic example (although not a particularly safe one if it is an intruder) of the third level of credential.   Automated access control systems which incorporate all three types of credential as a requirement are considered most secure.

Access badges (or digital keys) use various technologies to identify the holder of the badge to an access control system. The most common technologies are barcodes, magnetic stripe, proximity, RFID or and smart cards.  The access badge contains a number that is read by a card reader attached to a computer system that makes the access control decision based on information about the credential.  If the card information is included in the approved access control list, the system unlocks the controlled entry point. The transaction is stored in the system for later retrieval so that reports can be generated that record who gained entry and when and where.

Since biometrics refers to various method for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits, they satisfy the requirements of the third type: something a person is.  A human characteristic can be analyzed for suitability for biometric analysis in terms of the following parameters:

• Universality - each person should have the characteristic.
• Uniqueness - is how well the biometric separates individuals from another
• Permanence - measures how well a biometric resists aging.
• Collectability - ease of acquisition for measurement.
• Performance - accuracy, speed, and robustness of technology used.
  
• Acceptability - degree of approval of a technology.
• Circumvention - difficulty to use a substitute.