Leverage Mobile Access

Integrators well positioned to take advantage of mobile technology

• By Scott Lindley
• April 01, 2021

Mobile technology in access control applications is a growing trend and schools and integrators are well positioned to take advantage of its benefits. Secure data transfer, enduser convenience, support for multiple formats and flexible system compatibility have finally all been combined to provide a wealth of opportunities in educational institutions.

There were other drawbacks with the original technology. Before they switched to soft credentials, the next wave of users requested smartphone solutions that eliminated the frustrations that they discovered with their imaginative smartphone apps and hardware, the main one being complicated implementation practices. fte newer solutions provide an easier way to distribute credentials with features that allow the user to register only once and need no other portal accounts or activation features. By removing these additional information disclosures, vendors eliminated privacy concerns that have been slowing down acceptance of mobile access systems.

One additional concern held back some buyers. What if the baby boomers at their facility don't have a smartphone? Problem solved. Just be sure that your soft credential reader can also use a smart card.

The Hard Facts about Soft Credentials
Mobile access credentials are smartphone-based versions of traditional access credentials, such as 125-kHz proximity cards or 13.56 MHz contactless smart-cards and tags. Mobile credentials make it possible for smartphones, such as the Apple iPhone® and Google Android® devices, to be used as the electronic access control credentials, supporting a user as he moves about a secured facility, such as a high school, college campus or university hospital.

Two technologies are used - Bluetooth and Near Field Communication (NFC). Bluetooth readers are less expensive because almost every smartphone already has Bluetooth. Plus, Bluetooth supports both short and long-range reading. In contrast, NFC does not.

Bluetooth Low Energy (BLE) is used to communicate the mobile credential from a smartphone to a mobile reader. Mobile credentials are commonly called soft credentials or digital keys and have several key advantages over traditional, physical credentials. Specifically, they may be less expensive and more secure than many comparable physical credentials.

Additionally, they are more convenient and can be delivered to end users in either paper or electronic form via data services, text or email.

Bluetooth's other big advantage is read range, up to 30 feet. Plus, installers can adjust read ranges on-site and differ them for various individual applications. For instance, they could be short-range at the computer access control reader but six feet at the front door. When entering the facility gate, a still longer read range, perhaps 15 feet, can be provided so users don't have to open their car window to reach the reader. Typically, NFC readers only operate with a read range of an inch or two, eliminating any possibilities of simply leaving the smartphone in the pocket and still get reads.

Smartphone-based mobile access credentials can be sold in the same manner as traditional 125-kHz proximity or 13.56-MHz smart cards - from the existing OEM to the dealer to the end users. This insures seamless operation with the electronic access control system.

For the dealer, smartphone credentials will be more convenient, less expensive and more secure. They can be delivered in person or electronically. They are quicker to bill with nothing to inventory or to be stolen. Also, in most cases, soft credentials can be integrated into an existing access control system.

And, today, the access control system administrator’s tasks are simplified, as credential distribution can also be via independent access control software.

Smartphone-based credentials support a range of formats, including 26-Bit Wiegand, custom Wiegand, ABA Track II magnetic stripe, serial data formats as OSDP. Mobile credentials can be ordered with specific facility codes and exact ID numbers, and integrators will deliver them in the precise number sequence ordered, with no gaps and with no under- or over-runs. Each order can be precisely filled.

Very Simple to Install
To install a mobile credential, a user will first need to have the Wallet App installed on a supported smartphone. The App is available, at no charge, on the Apple® App Store and on Google® Play. Once installed, launch the App and select the “Add” button to begin the process of loading a new credential.

A Registration Key Certificate is provided for each credential ordered. Enter the unique 16-character key from the Registration Key Certificate and tap “Submit.” Typically, in less than a minute, the mobile credential will load. Once successfully loaded, the new mobile access credential will appear in the Wallet App, ready for use. Importantly, no longer does installation require sensitive personal information (PI) from end users, integrators or access control system manufacturer partners. Instead, all that is required to enable the system to run on an end-user’s smartphone is the smartphone’s telephone number—that’s it. In this way modern mobile access solutions respect user privacy.

The telephone number is used to allow the Wallet App to securely download and store all mobile credentials in a single, convenient location. This includes mobile credentials that support multiple access systems, have different formatting or are individualized with custom graphics.

The Mobile Wallet App can store many mobile access credentials on a smartphone at one time. Typically, more than 20, however, the actual quantity is dynamic and is related to the memory specifications and internal storage capacity of each device. This aspect of mobile access is a real benefit to today’s lock intensive school campuses.

By the way, mobile access credentials are not intended to be shared. Once registered on a smartphone, each credential is tightly linked to that device. To maintain system security, they are not intended to be shared across multiple devices.

If a credential on a lost or smartphone is damaged, it cannot be re-installed on another device. Think of a credential as being securely linked to a smartphone. In the event that a smartphone is lost, damaged or stolen, the process should be the same as when a traditional, physical access credential is lost: it should be immediately deactivated in the access control system management software and a new mobile credential issued as a replacement.

Secure!
Many companies still perceive that they are safer with a card but, if done correctly, mobile can be a far more secure option with many more features to be leveraged. The bottom line - both Bluetooth and NFC credentials are safer than traditional hard credentials. Read range difference yields a practical result from a security aspect. A Bluetooth reader can be installed on the secure side of the door while NFC must be mounted on the unsecured side.

As far as security goes, the soft credential, by definition, is already a multi-factor solution. Mobile credentials remain protected behind a smartphone's security parameters, such as biometrics and PINs. Once a biometric, PIN or password is entered to access the phone, the user automatically has set up 2-factor access control verification; what you know and what you have or what you have and a second form of what you have. This level of multi-factor verification is a straightforward method to protect mobile access credentials. To emphasize, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential performs just like any other app on the phone. The phone must be on.

Leading readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks. With the Federal Trade Commission (FTC), among others, now holding the business community responsible for implementing good cybersecurity practices, such security has become an increasingly important consideration.

If the new system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices. Lastly, once a mobile access credential is installed on a smartphone, it cannot be re-installed on another smartphone. This mechanism prevents the sharing of credentials between staff and students alike. For security purposes, mobile credentials are tightly linked to a smartphone.

Why Multiple Credentials are emphasized with Smart Phone Access Control
Mobile access credentials can easily be integrated into existing school control systems. Think about it. Students can use mobile access control at the front door of their dormitory, at the gates to their parking lot and to login to the computer network’s data system. Then, at lunch, soft credential would also be available for use at the cafeteria or the vending machines.

Students could check out books while janitors select the tools they need. All are separate mobile access credentials stored securely in one location - the wallet application on the user’s smartphone, with each mobile credential supported by its own respective school system.

Soft, mobile, smartphone-based access control credentials now work the way you want. Every educational administrator needs to get on board.

This article originally appeared in the March / April 2021 issue of Campus Security Today.