How many devices has the mobile phone replaced in the last 20 years? Maps, GPS Navigation, portable music player, camera, video recorder, radio, calculator, voice recorder, books, planner, flashlight…there are probably a dozen more that have already been replaced and will be replaced very soon.
Rarely forgotten and consistently in the hand, mobile phones are our most constant companion. So, it is logical that they are conveniently replacing keys, fobs or access cards to open doors. With more than 85% adult mobile ownership in Canada, is your organization ready to take the leap?
For decades, key cards have been a pivotal piece in access control. But increasingly, more offices, educational institutions, condominiums, hotels and other businesses are making access control through mobile phones an integral part of their security system.
It represents a more cost-effective, simpler way for companies to manage identification credentials as it eliminates numerous manual tasks related to handling, printing, distributing and disposing of physical identity badges.
What’s new in mobile credentials?
A mobile credential is an authorization token much like an access card or key fob. Your smartphone contains a unique ID number that can be used as the electronic key to open a door with an electric lock. Mobile credentials make it easier to enter and exit – as you are always more likely to be carrying it rather than a card or fob which can be forgotten at home.
Organizations prefer mobile credentials because it provides true mobility both for the administrator and end user. The administrator can remotely assign and revoke credentials, sent directly to the user’s smartphone. Credentials can be provided temporarily or only for certain time schedules e.g. to contractors, and when the time is up, there is nothing to be collected from the end user. It is convenient for end user by eliminating the need to carry one more credential i.e. key, fob, or access card and they do not need to worry about losing a fob or access card.
A smartphone app controls the transfer of the identification number to the door reader. The ID number is transferred from the door reader to the controller where it is compared to the list of users. If the ID number is accepted, it will unlock the door. The list of users is maintained in a door access management software. The smartphone can connect to a door reader using NFC (Near Field Communication), Bluetooth, or even WiFi.
NFC works at close range and mimics contact with an access card. So, NFC is more familiar to someone conditioned to using a smart card. The downside is that range is limited to 10 cm and has limited availability on iPhone 6/6S or older models. It is available on all android phones.
On the other hand, Bluetooth is available cross-platform with no conditions and has a much longer range up to 100m. This raises security concerns for some organizations – when the phone with the credential is within range of the door, anyone else may be able to open it without having the credentials. This concern is minimized by programming it to work within close proximity to door readers, in addition to being used from a distance. However, in some scenarios e.g. at a parking garage Bluetooth is ideal, because users don’t have to roll down their car window to access the premises.
Additional security can be attained by having multi-factor access authorizations. Users will have to enter a PIN code/biometric verification in addition to having the mobile credential. Mobile credentials allow for integration with other technology, such as facial recognition. Although this multi-step verification reduces the convenience of mobile credentials, it may be used selectively for the most sensitive doors at a facility e.g. a control room.
In a way, mobile credentials are already set up for multi-factor authentication – users generally keep their phones locked with a PIN or pattern. So when using the mobile credential to open a door, they have to first unlock the door and then present the phone to the card reader at a close proximity. It presents a very secure access control solution.
Mobile credentials for access control is securely linked to a specific smart phone – once a mobile credential is installed on a smart phone, it cannot be re-installed on another smart phone. Door readers use strong encryption when transferring data.
If a smart phone is lost, damaged or stolen, it can be immediately deactivated in the access control management software and replacement credentials can be issued immediately. Because a user checks his/her phone dozens of times a day, lost phones are likely to be noticed within minutes whereas an access control card or fob may not be missed up to 2/3 days. Then revoking access from the lost card/fob and providing replacement card/fob is a lengthy process compared to revoking/issuing access to mobile credentials.
So, with all these benefits, is your organization ready to switch over to mobile credentials for access control? Here is what access control in a mobile application looks like for your end users:
- Open doors with their smartphone
- Take advantage of multi-factor security authentication: Use on-phone authentication for high-security areas
- Use a credential that is less likely to be lost or forgotten
- Have one credential for access to multiple facilities
When selecting your access control system supporting mobile credential, look for ease of administration, management and distribution.
Some older Bluetooth-enabled systems force the user to register themselves and their integrators for every application. Door access – register. Parking access – register again. Data access – register again, etc. Newer solutions provide an easier way to distribute credentials with features that allow the user to register only once and need no other portal accounts or activation features.
In addition, you don’t want hackers decoding your Bluetooth transmissions, replaying them and getting into your building, so demand from your security service provider that your system is immunized against such risks.
Using mobile devices as keys aligns perfectly with the mobile-first preferences of today’s workforce. It not only delivers a convenient user-experience, but also helps boost operational efficiency.
Someday, all personal identification may be stored on chips implanted in our bodies. Until then, smartphones as mobile credentials are steadily becoming the access-control technology of choice for physical security.
Want to explore more? Contact us today for a no obligation consultation.