Who Is Using Mobile Data Access Control?
Colleges and universities—where the users are never typically more than a body’s length from their smartphones whether in the dorm, in class, watching the football game or visiting Mom and Dad—are prime. The sole benefits are convenience, convenience and convenience. Their smartphone can help them get into their dorms, attend the special lab course, verify their identity for on-campus tickets and even ride the bus.
- By Scott Lindley
- March 22, 2022
One of the leading adopters of mobile access control systems is the multi-family residential industry: for example, the high-rise, luxury condominium in downtown Sarasota, Fla., recently upgraded by Quantuum Energy Products. According to Damon Tarquinio, owner of the integrator, "This building had an older access control system they wanted to upgrade. They felt that they could no longer rely on their older key fob system. Their condo board had expressed a desire to move up to a current technology that would also help them future-proof their way of getting into the building."
The condo residents wanted to move to a mobile technology. They were the pushers to the new system.
"These residents walk their dogs a lot," said Tarquinio. "They go in and out of the condo grounds often and always seem to have their phones with them to keep in touch. They don't always want to bring their key fobs with them, as usually they are connected to their other keys and don't want to risk dropping them and losing them."
When senior-aged residents were delicately asked if they would have any problems with a new technology, the refrain was consistent: "Oh, no—if I have any questions, I'll just ask my grandchild!"
Tarquinio then asked them what system they were presently using, and it turned out that Quantuum could simply pull out their old readers and replace only the new mobile system readers. By not having to switch the entire system, changing only the readers would save the condo owners a major expense.
This brings up an important point for both integrators and their end users when upgrading a system. With one simple question, "What are you using now?", Tarquinio saved his customer many dollars. If the integrator doesn't ask the question, then the customer should ask if parts of their present system can be re-deployed. After all, many of these vendors are OEMs, having scores of private-labeled units among their customers. Several of them feature multiple products. With this as a background, many integrators will often find it easy to select older products that they can integrate simply.
The condominium had the usual access points found with most multi-family projects. To get from the parking garages into the lobby, there were one or more doors to access. The fitness club and pool were connected via an elevator that needed to be controlled. There was the classic entry at the front and side exit portals from the building’s grounds to the outside. But for some of the access points, like the parking garage gates, the old key fob system could not tell them who was where—and when.
Interestingly, when they were going to put in the new mobile system, Quantuum was also asked if they could easily install a new key fob system that connected with end users’ smart phones for access.
"For these residents, we were able to answer with a double affirmative," Tarquinio explained. "First of all, this system can use smart cards and key fobs—which are more secure than the old technology fobs they were using in place of their smart phones. And secondly, these fobs do not have the looks of the cheap little plastic pieces typically deployed. They have the classic looks that a proud luxury condominium resident would want to show off."
What Has Led to the Growth of Mobile Access Control?
Until recently, there has been a focus by integrators and customers on assuring that their card-based access control systems are secure. Just as companies were learning how to protect card-based access control systems, along came mobile access credentials and their readers, which use smart phones instead of cards as the carrier of identifying information. While many companies perceive (incorrectly) that they are safer with a card, the mobile can be a far more secure option—with many more features to be leveraged—when done properly. They deliver biometric capture and comparison, as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC.
A special word of caution needs to be emphasized when changing over to mobile systems. Many legacy access control systems require the use of back-end portal accounts.
For hackers, they have become rich, easy to access caches of sensitive end-user data. These older mobile systems force the user to register themselves and their integrators for every application. Door access: Register. Parking access: Register again. Data access: Register again. Each registration requires the disclosure of sensitive personal information.
New solutions provide an easier way to distribute credentials with features that allow the user to register their handset only once, with no other portal accounts, activation features or hidden fees required. Users no longer need to fill out several different forms. Today, all that should be needed to activate newer systems is the phone number of the smart phone.
The Smartphone Itself Provides Protection
As far as security goes, the smartphone credential is already a multi-factor solution by definition. Access control authenticates you by following three things:
- Recognizing something you have (RFID tag/card/key)
- Recognizing something you know (PIN)
- Recognizing something you are (biometrics)
Your smartphone has all three authentication parameters. This soft credential is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs. One cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors—availability and built-in multi-factor security verification—are why organizations want to use smartphones in their upcoming electronic access control implementations.
Leading smartphone readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks.
When the new mobile system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices.
Likewise, new soft systems do not require the disclosure of any of the end user’s sensitive personal data. All that should be needed to activate newer systems is simply the phone number of the smartphone.
Used in a Wide Variety of Applications
Some functions just naturally lead to the use of smartphone-enabled access control. Colleges and universities—where the users are never typically more than a body’s length from their smartphones whether in the dorm, in class, watching the football game or visiting Mom and Dad—are prime. The sole benefits are convenience, convenience and convenience. Their smartphone can help them get into their dorms, attend the special lab course, verify their identity for on-campus tickets and even ride the bus. That's why institutions of higher learning are a sure bet to soliciting mobile access control.
Another prime prospect is anywhere you’d find large parking lots and structures. With their 15-foot read range, smartphone credentials let drivers easily get reads from well beyond what proximity and smartcards would provide, granting users access from the confines of their car if it happens to be raining. Drivers can stay warm and dry (or cool, as the climate may be) when accessing the parking booth at the entrance or self-service boom.
Secure applications such as those in medical facilities, data rooms and armories are proving to be other great applications for mobile access. As far as security goes, the mobile credential, by definition, is already a multi-factor solution.
Once again, one must have proper access to the phone to have access to the credential. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. For better or worse, the phone must be “on and unlocked.” These two factors—availability and built-in multi-factor verification—are why organizations want to use smart phones in their upcoming access control implementations.
Plus, once a mobile credential is installed on one smart phone, it cannot be re-installed on another. Think of a soft credential as being securely linked to a specific smart phone. Similar to a card, if a smart phone is lost, damaged or stolen, the process should be the same as with a traditional physical access credential. It should be immediately deactivated within the access control management software, and a new credential should be issued.
Mobile Access Control for Little Boxes and Cabinets
Now, key management of small-format interchangeable core (SFIC) applications—such as cabinets and lock boxes—is now possible with mobile access when you replace the mechanical locking device with a smart, secure digital technology activated via your mobile device. With specific capabilities in healthcare, retail and commercial, government, and learning and higher education environments, mobile access will work anywhere you need it to.
Access control is critical in healthcare facilities, but the cost has always been prohibitive. Now, you can extend electronic access control to anywhere you currently use a mechanical lock using a small format interchangeable core. This includes medicine cabinets, linen closets, filing drawers and more.
In retail establishments, mobile access control provides an improved and cost-effective way to monitor, manage and trace individual access to inventory, offices records, back-of-house storage and display cases. The administration can also save the time and effort it takes to change keys or replace cores due to high staff turnover.
Government agencies have many doors and cabinets containing sensitive information in offices, files and cupboards within close proximity of the general public. Whatever small space that uses a digital "key" to protect what is stored inside can now be managed with mobile access control.
Where Will You Be Using Mobile Access Control?
Writing a year ago, the research company Gartner forecasted that, "The mobile access control market is primed for mainstream adoption, providing product leaders with opportunities to expand into new business areas and service models. Product leaders should build mobile access options into their roadmaps to support emerging customer demand."
This article originally appeared in the March / April 2022 issue of Campus Security Today.