Month: May 2021

Access Control Models: How to Navigate Changing Security Frontiers

Access control helps organizations ensure security both online and offline. Here’s how to do it.

As businesses undertake digital transformation projects frontiers expand in both physical and digital spaces, access control has become about more than just keycards and security kiosks. The need for more robust security across organizations has led IT leaders to explore various access control systems, including examining how different access control models and management structures could work together to benefit business. 

But before an access control management structure or model can be implemented, let’s take a look at access control in the interconnected age.  

What Is Access Control and How Does It Work with IoT?

Access control is a security technique that regulates who or what can view or use resources in any environment. There are two main types: physical and logical. Both forms of access control are concerned with entry to restricted areas but vary on how to define those areas.  

Logical access control addresses who or what can attain virtual access to data, digital resources and computer networks (think password-protected documents or two-factor authentication). Meanwhile, physical access control impedes bodily access to buildings, rooms or other tangible assets (think metered gates or doors that lock automatically). 

The rise of the Internet of Things has transformed access control. Security cameras, card readers, locks and more can now connect via a single wireless network, allowing security managers to control them from various software-based platforms. Whether it’s using a smartphone to open a door or monitoring security footage via a tablet from a remote location, IoT has increased the mobility and scope of access control in a way never before seen on previous systems.  

But even as the IoT revolution changes access control, it can create added vulnerability for hackers looking to exploit these interconnected networks. That’s where access control models and management become key.

Understanding Access Control Models and Management

There are three primary models of access control:

Web-based access control systems are entirely cloud-based and store permissions on the web rather than on a physical device. This model allows security managers greater access and visibility into the areas they’re monitoring and makes it easier to update or change security permissions in real time from any location. 

Mobile-based access control models function in much the same way. Using a smartphone, security teams can remotely access every aspect of a business’s security system — from the password-protected server to a locked door — to update and change permissions via codes sent over Wi-Fi or cellular signal.

For businesses looking for even greater mobility, connecting all access control software and hardware via one network allows security managers to update these devices all at once in real time. This IoT-based access control model keeps systems up to date with the latest security patches.

However, these models can create their own security risks. Anything cloud- or web-based, or which links several devices to one source, can easily fall prey to hackers. Access control management systems can reduce this increased cybersecurity risk by clearly identifying who can access secured information. 

What Are the Types of Access Control?

Mandatory Access Control (MAC) management is the strictest management option and cedes total control of an entire operating system — doors, cloud-based services, elevators, smartphones — to a system administrator. Without this administrator’s permission, no one and nothing can gain access. 

Discretionary Access Control (DAC) management is one step down from MAC and allows businesses to decide who has access to which areas. Think of this as a bit like the official guest list for a party: The people on the list have access to the party, but they can’t bring a friend and might not have access to every room at the event. Unlike with MAC systems, there is no single entity that grants permissions. 

Similar to DAC, Role-Based Access Control (RAC) grants permissions based on certain criteria. Here, a user might have access to his or her personal email, but not to a business’s private files on the same server. This allows businesses to create layers of security and grant access based on unique needs. 

Last, Rule-Based Access Control (RBAC) is a mixture of DAC and RAC. Here, an individual or list of individuals have access to certain areas based on unique needs but must abide by certain rules (think of elevators that lock out employees after hours, regardless of whether they have keycards). 


How to Choose an Access Control Model and Management System

No one type of access control is foolproof, and no one model or management structure is better than another. What’s important is that a business identifies its end goal before implementing any type of access control structure. 

R&S Erection of Concord, a California-based vendor of garage doors, commercial gates and loading dock equipment, recommends following four steps when selecting access control:

  1. Consider access control policies, models and mechanisms. As outlined above, the model and management structure selected is critical to the success of access control. Choosing the model and structure helps identify the hardware and software requirements.
  2. Know the hardware and security requirements. Hardware will vary based on what level of security is needed and what kind of authentication process is required. For instance, fingerprinting will require different hardware and offer a different level of security than, say, keycard readers or facial recognition requirements.
  3. Assess connectivity and costs. Not all access control systems work with all types of operating systems. Some offer web-based connectivity solutions that may require network upgrades. Consider network capacity and the cost of additions or extensions before selecting certain access control models.
  4. Plan for the future. While many access control system vendors will offer upgrades, make sure to examine such policies before purchasing. Also consider future business developments before committing to one type of access control model or management structure.  


What is facial recognition?

Facial recognition is a way of identifying or confirming an individual’s identity using their face. Facial recognition systems can be used to identify people in photos, videos, or in real-time.

Facial recognition is a category of biometric security. Other forms of biometric software include voice recognition, fingerprint recognition, and eye retina or iris recognition. The technology is mostly used for security and law enforcement, though there is increasing interest in other areas of use.

How does facial recognition work?

Many people are familiar with face recognition technology through the FaceID used to unlock iPhones (however, this is only one application of face recognition). Typically, facial recognition does not rely on a massive database of photos to determine an individual’s identity — it simply identifies and recognizes one person as the sole owner of the device, while limiting access to others.

Beyond unlocking phones, facial recognition works by matching the faces of people walking past special cameras, to images of people on a watch list. The watch lists can contain pictures of anyone, including people who are not suspected of any wrongdoing, and the images can come from anywhere — even from our social media accounts. Facial technology systems can vary, but in general, they tend to operate as follows:

Step 1: Face detection

LThe camera detects and locates the image of a face, either alone or in a crowd. The image may show the person looking straight ahead or in profile.


Step 2: Face analysis

Next, an image of the face is captured and analyzed. Most facial recognition technology relies on 2D rather than 3D images because it can more conveniently match a 2D image with public photos or those in a database. The software reads the geometry of your face. Key factors include the distance between your eyes, the depth of your eye sockets, the distance from forehead to chin, the shape of your cheekbones, and the contour of the lips, ears, and chin. The aim is to identify the facial landmarks that are key to distinguishing your face.

Step 3: Converting the image to data

The face capture process transforms analog information (a face) into a set of digital information (data) based on the person’s facial features. Your face’s analysis is essentially turned into a mathematical formula. The numerical code is called a faceprint. In the same way that thumbprints are unique, each person has their own faceprint.

Step 4: Finding a match

Your faceprint is then compared against a database of other known faces. For example, the FBI has access to up to 650 million photos, drawn from various state databases. On Facebook, any photo tagged with a person’s name becomes a part of Facebook's database, which may also be used for facial recognition. If your faceprint matches an image in a facial recognition database, then a determination is made.

Of all the biometric measurements, facial recognition is considered the most natural. Intuitively, this makes sense, since we typically recognize ourselves and others by looking at faces, rather than thumbprints and irises. It is estimated that over half of the world's population is touched by facial recognition technology regularly.

Thinmoo has a one-stop solution for smart communities

Using new generation information technologies such as the Internet of Things, cloud computing, mobile Internet, mobile terminals, and OTO, it integrates functions in many fields such as smart buildings, smart homes, smart properties, smart security, and digital life. Payment, surrounding shops, community activities, community circles and many other life assistance information and services are integrated into the same platform to provide community residents with a safe, comfortable, convenient, and low-carbon modern community living environment.

Does your community have the following problems?

1. Difficult to pay? Continuous calls

2. Is the security risk high? Security is difficult

3. Difficult to manage? low efficiency

4. Difficult to serve? Information Lag

Thinmoo have one-stop smart products

●Integrate face recognition, cloud video intercom, and access control functions;

●ARM 4-core high-speed CPU, 7-inch/13.3-inch/21-inch/32-inch, etc. optional;

●A variety of door opening methods are available: face recognition/mobile phone remote/mobile phone Bluetooth/card swiping/visitor temporary password/phone/optional QR code;

● Optional ID card recognition to open the door, support capture, whitelist, blacklist, video linkage function;

●Comprehensive support for advertising functions, support for the implementation of community operators’ business;

●Remote cloud management, simple and fast installation and construction;

●Optional support for IoT cloud intercom indoor unit, no special wiring is required, cloud visual intercom can be realized by using the owner’s WiFi;

●Support IoT API SDK interface, perfect support for third-party integrated development;

●High-end aluminum alloy metal material, exquisite production, support outdoor use.

●Integrate cloud video intercom, access control function, and face recognition;

●Linux system;

●A variety of door opening methods are available: face recognition / mobile phone remote / mobile phone Bluetooth / card swiping / visitor temporary password / phone / optional QR code / optional ID card identification to open the door;

●Support capture, whitelist, blacklist, and video linkage functions;

●Remote cloud management, simple and fast installation and construction;

●Optional support for IoT cloud intercom indoor unit, no special wiring is required, cloud visual intercom can be realized by using the owner’s WiFi;

●Support IoT API SDK interface, perfect support for third-party integrated development;

●A variety of appearances are available, supporting outdoor use.

●Industry-leading Bluetooth low energy chip, supporting a variety of communication methods;

●Cloud authorization, mobile phone to open the door, shake to open the door, close to open the door;

● Optional support for multiple door opening methods such as QR code, swiping card, dynamic password, and remote door opening;

●New optional support for Bluetooth precise angle positioning function, adding a new indoor positioning experience for access control;

●Optional support Ethernet/4G/WiFi/Lora/NBIoT Ethernet communication mode;

●Support IC card offline authorization through mobile APP, completely replace traditional products;

●Optional support for CPU card, MI card, ID card and more card types;

●Iot cloud access control, no need to deploy a server locally, fully realize cloud management and cloud authorization;

●Support IoT API SDK interface, perfect support for third-party integrated development;

●Alarm function: Optional support for illegal door opening alarm, door open overtime alarm, fire linkage, anti-dismantling function;

●Double Gang, Single Gang, 86 boxes and other appearances are optional, adapting to different installation environments.

●Bluetooth sensing distance <20 meters, configurable with different working modes;

●Support multiple door opening methods such as Bluetooth, card swiping, password, and remote door opening;

●Optional support for multiple communication methods such as NBIoT/Lora/Zigbee;

●Support APP

●Using the lowest power consumption chip, low power consumption and high performance.

●No sense of duty

  ●Easy to install

  ●Quick recognition

  ●Support offline operation

  ●HD camera

  ●Night mode.

●Support HTTPS secure Web access;

●Support two language features, Chinese version and English version Web client;

●Support extraction of facial feature information, send back-end server through LAPI to continue analysis, smart light-sensitive fill light switching is more accurate, smart metering capture images more uniform;

●Support 2D/3D noise reduction;

●Support 100dB optical wide dynamic to meet the needs of high-contrast scenes;

●Advanced H.265 coding algorithm, higher coding and compression efficiency;

●Support Onvif international standard protocol, can access third-party back-end/platform;

●Three-stream package capability to meet real-time streaming and storage streaming requirements of different bandwidths and frame rates;

●Support mobile phone monitoring;

●Support Web end, provide SDK development;

●IP67 protection level.

●Diversified face input: App, face equipment, batch import of photos, USB camera capture, U disk import, etc., easy input and export;

●Exquisitely crafted, the equipment is waterproof and dustproof up to IP54;

●Using a 2 million high-definition wide dynamic camera, which can quickly and accurately capture face information for verification and comparison;

●Facial recognition can be done quickly without internet connection, technology blessing, perfect performance;

●Diversified unlocking: mobile phone unlocking / face recognition unlocking / optional QR code unlocking / property management unlocking

ID card unlocking/compatible password swiping card/phone unlocking;

●Live body detection, anti-counterfeiting and anti-counterfeiting;

●Rich information dissemination, text, picture, video can all be distributed;

●Remote cloud operation, synchronous update, view device status information;

●Security capture: collection of video information of entering and exiting personnel, and early warning.

Thinmoo has a one-stop solution that manages from mobile APP, hardware, and back-end products on the same line to provide a new smart community experience for communities, residents, and properties.



Cloud Video Intercom

Cloud IoT Access Control

Mobile Intellegent Lock


IoT Sensors

Smart Park System


Intelligent garbage sorting system

Smart community solution

Smart school solution

Smart hospital solution

Contact Us:

+86 4001883169‬

+86 0755-28688395‬





Open chat