- Security TWENTY
- Women in Security Awards
As you join in the trend to use smart phones for mobile access control, select the right communications protocol, writes Scott Lindley, General Manager, Farpointe Data.
Using smartphones in access control systems is the new buzz in discussing readers and credentials. Electronic access control manufacturers are promoting the various ways that mobile technology, soft or virtual credentials, can be used to replace cards. It’s not surprising that all are trying to get on board.
According to Gartner Research, 95-plus percent of all adults aged 18 to 44 own smart phones. That’s not all – 69 percent of the entire population already uses smart phones. That’s babies through seniors. Gartner suggests that, by 2020, 20 per cent of organisations will use mobile credentials for physical access in place of traditional ID cards. Let’s rephrase that last sentence. In less than 18 months, one-fifth of all organizations will use the smart phone as the focal point of their electronic access control systems. Not proximity. Not smart cards. Phones!
Besides the fact that just about everyone has one, what are other reasons? To arrive at that answer, let’s review the basics of access control. Access control authenticates you by following three things:
• Recognises something you have (RFID tag/card/key),
• Recognises something you know (PIN) or
• Recognises something you are (biometrics).
Your smartphone has all three authentication parameters. This soft credential, by definition, is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone’s security parameters, such as biometrics and PINs. Once a biometric, PIN or password is entered to access the phone, the user automatically has set up two-factor access control verification – what you know and what you have or what you have and a second form of what you have.
To emphasise, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential works just like any other app on the phone. The phone must be “on and unlocked.”
These two factors – availability and built-in multi-factor verification – are why organisations want to use smart phones in their upcoming access control implementations.
Bluetooth and Near Field Communications (NFC) are the most popular short-range radio wave communication standards used in smartphone credential systems. When implementing mobile access, there are a few things to consider before deciding on the type of reader to invest in. The installed base of mobile devices can affect the technology choice as iPhones 5s and earlier do not support NFC. In organisations with a large base of iPhones and Androids, Bluetooth is the only option.
Bluetooth technology is quite popular and, if you have ever tried to sync smart phones, computers and/or headphones, you have probably used it. Bluetooth readers are less expensive because almost every smart phone already has Bluetooth. Not even 50 percent of all smart phones yet have NFC.
In most instances, NFC (Near Field Communications) uses less power. As a result, this means that the smart phone needs to come into much closer nearness to the reader, like a proximity card versus a longer-range transmitter. The good news is that such closer proximity prevents interference for other devices communicating from farther away. The negative is that the reader can seem more finicky.
There are other advantages to a closer read range. NFC eliminates any chances of having the smart phone unknowingly getting read such as can happen with a longer read range. There are also those applications where multiple access readers are installed very near to one-another due to many doors being close to one another. One reader could open multiple doors simultaneously. The shorter read range or tap of an NFC enabled device would stop such problems. However, with this said in defense of NFC, it must also be understood that Bluetooth enabled readers can provide various read ranges of no longer than a tap, as well.
And, this leads to a major advantage for Bluetooth. Read range can be from an inch to over 15 feet. Installers can provide adjustable read ranges and differ them for various applications. For instance, they could choose a reader requiring presentation at the computer server room. Three feet may be the preferred range at the front door. When entering the facility gate, a still longer read range, perhaps six feet, can be provided so users don’t have to open their car window to reach the reader. At 15 feet, the reader can open parking garage doors or gates that allow entrance to the facility, such as at gated communities. There is yet another advantage to a longer reader range. Since NFC readers have such a short and limited read range, they must be mounted on the unsecure side of the door and encounter all the problems such exposure can breed. Bluetooth readers mount on the secure sides of doors and can be kept protected out of sight.
The Bluetooth technology used in access control is called Bluetooth Low Energy (BLE). It is very efficient; a single cell battery could operate for months on end. For those technically inclined, it operates with a maximum speed of 1Mbps with actual throughput of 10 ~ 35 Kbps. Thus, access control using Bluetooth BLE technology with today’s smartphone offers the promise of lowering the cost of hardware.
To make the system work, there needs to be a direct connection between the Bluetooth enabled device and the Internet. This is done very simply through the cellular data network or a secure WIFI connection. To install a mobile credential, a user needs to first have the Wallet App installed on a supported smart phone. Next, you launch the App and select the “+” button, indicating that you would like to load a new credential. A Registration Key Certificate is provided for each credential ordered. Now, enter the unique 16-character Key from the Certificate and tap “Submit.”
Once successfully registered, the new mobile credential will appear in the Wallet App ready for use. From that point on, the user simply presents their smart phone to the BLE-enabled reader. Forget having to enter a PIN or password to authenticate your identity (as you do with a card). Henceforward, your smart phone is your identity. Once the phone is operational, so too is your credential!
As when implementing any new technology, become familiar with it. Where can you find the benefits? Where are the potential pitfalls? Make sure your manufacturer not only understands Bluetooth but knows how to coach you through your initial installations. Don’t forget about your cybersecurity responsibilities. For instance, some older Bluetooth enabled systems force the user to register themselves and their integrators for every application. Door access – register. Parking access – register again. Data access – register again. Et cetera.
Newer solutions provide an easier way to distribute credentials with features that allow the user to register only once and need no other portal accounts or activation features. By removing these additional information disclosures, vendors have eliminated privacy concerns that have been slowing down acceptance of mobile access systems.
Also, you don’t want hackers listening to your Bluetooth transmissions, replaying them and getting into your building. Make very sure that the system is immunized against such replays. That’s simple to do. Your manufacturer will show you which system will be best for each application. Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions. They are unquestionably going to be a major component in physical and logical access control. If they are going to constitute 20 percent of all card-based access control within the next 18 months, you can expect the numbers to be much higher by the end of 2020.