In a traditional access control management system, the server can control the access controller remotely using the proprietary protocol. When someone tags the RFID card, the access controller can determine whether to open the door based on the stored user access data (RFID card number and time zone information) in the access controller, and the server can periodically obtain RFID tagging event data from the access controller. However, the access controller cannot store all of the user access data due to the hardware capacity limitation, and the server cannot handle heterogeneous access controllers without knowing their adopted protocols. This study proposes an OM2M IoT middleware framework to mediate the problem. The system architecture consists of a cloud server, server-side middleware, device-side middleware, and devices. The devices and the cloud server use the middleware to convert communication protocol data formats. Accordingly, the cloud server delegates the server-side middleware to handle the new types of devices. Then, to eliminate the shortage of capacity, we enable the cache concept. The access controller acts as the first-layer cache. We need to implement the device application to serve as the cache manager for the device. The devices in the system mean both the access controllers and the associated device application. Then, the device-side middleware acts as the second-layer cache server. The cloud server acts as the top-layer cache server. When each layer of cache encounters a cache miss, it requests data from the next layer. To increase the user response speed by increasing the cache hit rate, we evaluate several cache replacement policies by conducting experiments for various scenarios and implement an experimental result-based policy prediction algorithm in the server to update the best cache replacement policy for the first-layer cache.