Leverage Mobile Access
Integrators well positioned to take advantage of mobile technology
- By Scott Lindley
- April 01, 2021
Mobile technology in access control applications is a growing
trend and schools and integrators are well positioned to
take advantage of its benefits. Secure data transfer, enduser
convenience, support for multiple formats and flexible
system compatibility have finally all been combined to provide
a wealth of opportunities in educational institutions.
There were other drawbacks with the original technology. Before
they switched to soft credentials, the next wave of users requested
smartphone solutions that eliminated the frustrations that they discovered
with their imaginative smartphone apps and hardware, the
main one being complicated implementation practices. fte newer
solutions provide an easier way to distribute credentials with features
that allow the user to register only once and need no other portal
accounts or activation features. By removing these additional information
disclosures, vendors eliminated privacy concerns that have
been slowing down acceptance of mobile access systems.
One additional concern held back some buyers. What if the baby
boomers at their facility don't have a smartphone? Problem solved.
Just be sure that your soft credential reader can also use a smart card.
The Hard Facts about Soft Credentials
Mobile access credentials are smartphone-based versions of traditional
access credentials, such as 125-kHz proximity cards or 13.56
MHz contactless smart-cards and tags. Mobile credentials make it
possible for smartphones, such as the Apple iPhone® and Google
Android® devices, to be used as the electronic access control credentials,
supporting a user as he moves about a secured facility, such as a
high school, college campus or university hospital.
Two technologies are used - Bluetooth and Near Field Communication
(NFC). Bluetooth readers are less expensive because almost
every smartphone already has Bluetooth. Plus, Bluetooth supports
both short and long-range reading. In contrast, NFC does not.
Bluetooth Low Energy (BLE) is used to communicate the mobile credential from a smartphone to a mobile reader. Mobile credentials
are commonly called soft credentials or digital keys and have several
key advantages over traditional, physical credentials. Specifically,
they may be less expensive and more secure than many comparable
Additionally, they are more convenient and can be delivered to end
users in either paper or electronic form via data services, text or
Bluetooth's other big advantage is read range, up to 30 feet. Plus,
installers can adjust read ranges on-site and differ them for various
individual applications. For instance, they could be short-range at the
computer access control reader but six feet at the front door. When
entering the facility gate, a still longer read range, perhaps 15 feet, can
be provided so users don't have to open their car window to reach the
reader. Typically, NFC readers only operate with a read range of an
inch or two, eliminating any possibilities of simply leaving the smartphone
in the pocket and still get reads.
Smartphone-based mobile access credentials can be sold in the
same manner as traditional 125-kHz proximity or 13.56-MHz smart
cards - from the existing OEM to the dealer to the end users. This insures seamless operation with the electronic access control system.
For the dealer, smartphone credentials will be more convenient,
less expensive and more secure. They can be delivered in person or
electronically. They are quicker to bill with nothing to inventory or to
be stolen. Also, in most cases, soft credentials can be integrated into
an existing access control system.
And, today, the access control system administrator’s tasks are simplified,
as credential distribution can also be via independent access
Smartphone-based credentials support a range of formats, including
26-Bit Wiegand, custom Wiegand, ABA Track II magnetic stripe,
serial data formats as OSDP. Mobile credentials can be ordered with
specific facility codes and exact ID numbers, and integrators will
deliver them in the precise number sequence ordered, with no gaps
and with no under- or over-runs. Each order can be precisely filled.
Very Simple to Install
To install a mobile credential, a user will first need to have the Wallet
App installed on a supported smartphone. The App is available, at no
charge, on the Apple® App Store and on Google® Play. Once installed,
launch the App and select the “Add” button to begin the process of
loading a new credential.
A Registration Key Certificate is provided for each credential
ordered. Enter the unique 16-character key from the Registration Key
Certificate and tap “Submit.” Typically, in less than a minute, the mobile
credential will load. Once successfully loaded, the new mobile access
credential will appear in the Wallet App, ready for use. Importantly, no
longer does installation require sensitive personal information (PI)
from end users, integrators or access control system manufacturer
partners. Instead, all that is required to enable the system to run on an
end-user’s smartphone is the smartphone’s telephone number—that’s
it. In this way modern mobile access solutions respect user privacy.
The telephone number is used to allow the Wallet App to securely
download and store all mobile credentials in a single, convenient
location. This includes mobile credentials that support multiple
access systems, have different formatting or are individualized with custom graphics.
The Mobile Wallet App can store many mobile access credentials
on a smartphone at one time. Typically, more than 20, however, the
actual quantity is dynamic and is related to the memory specifications
and internal storage capacity of each device. This aspect of mobile
access is a real benefit to today’s lock intensive school campuses.
By the way, mobile access credentials are not intended to be
shared. Once registered on a smartphone, each credential is tightly
linked to that device. To maintain system security, they are not
intended to be shared across multiple devices.
If a credential on a lost or smartphone is damaged, it cannot be
re-installed on another device. Think of a credential as being securely
linked to a smartphone. In the event that a smartphone is lost, damaged
or stolen, the process should be the same as when a traditional,
physical access credential is lost: it should be immediately deactivated
in the access control system management software and a new mobile
credential issued as a replacement.
Many companies still perceive that they are safer with a card but, if
done correctly, mobile can be a far more secure option with many
more features to be leveraged. The bottom line - both Bluetooth and
NFC credentials are safer than traditional hard credentials. Read
range difference yields a practical result from a security aspect. A
Bluetooth reader can be installed on the secure side of the door while
NFC must be mounted on the unsecured side.
As far as security goes, the soft credential, by definition, is already
a multi-factor solution. Mobile credentials remain protected behind
a smartphone's security parameters, such as biometrics and PINs.
Once a biometric, PIN or password is entered to access the phone, the
user automatically has set up 2-factor access control verification;
what you know and what you have or what you have and a second
form of what you have. This level of multi-factor verification is a
straightforward method to protect mobile access credentials. To emphasize, one cannot have access to the credential without
having access to the phone. If the phone doesn’t work, the credential
doesn’t work. The credential performs just like any other app on the
phone. The phone must be on.
Leading readers additionally use AES encryption when transferring
data. Since the Certified Common Criteria EAS5+ Computer
Interface Standard provides increased hardware cybersecurity, these
readers resist skimming, eavesdropping and replay attacks. With the
Federal Trade Commission (FTC), among others, now holding the
business community responsible for implementing good cybersecurity
practices, such security has become an increasingly important
If the new system leverages the Security Industry Association's
(SIA) Open Supervised Device Protocol (OSDP), it also will interface
easily with control panels or other security management systems, fostering
interoperability among security devices.
Lastly, once a mobile access credential is installed on a smartphone,
it cannot be re-installed on another smartphone. This mechanism
prevents the sharing of credentials between staff and students
alike. For security purposes, mobile credentials are tightly linked to
Why Multiple Credentials are emphasized with
Smart Phone Access Control
Mobile access credentials can easily be integrated into existing school
control systems. Think about it. Students can use mobile access control
at the front door of their dormitory, at the gates to their parking
lot and to login to the computer network’s data system. Then, at
lunch, soft credential would also be available for use at the cafeteria
or the vending machines.
Students could check out books while janitors select the tools they
need. All are separate mobile access credentials stored securely in one
location - the wallet application on the user’s smartphone, with each
mobile credential supported by its own respective school system.
Soft, mobile, smartphone-based access control credentials now
work the way you want. Every educational administrator needs to get
This article originally appeared in the March / April 2021 issue of Campus Security Today.