Controlling access resource functions. Establishing, by a resource access manager, enrollment information (e) for each of a plurality of users. Encrypting, by the access manager, each received (e) in an authorization data item for the corresponding user. Transmitting, by the access manager, each authorization data item to a corresponding user device. Receiving, by a resource control point, from a user device, a request for access to a function of the resource, the request for access comprising the received authorization data item and verification information (v). Decrypting, by the control point, the received authorization data item to extract (e). Determining, by the control point, a similarity measure between (v) and (e). For a determined similarity measure greater than or equal to a threshold, authorizing, by the control point, the request for access. For a determined similarity measure less than the threshold, denying, by control point, the request for access.
