Five Ways Mobile Credentials Are Changing Access Control

July 1, 2020
Leveraging credentials embedded on smartphones provides end-users with a number of benefits

In an increasingly mobile world, our smartphones help us communicate and interact throughout our professional and personal lives. People expect technology to provide them with greater convenience – and now, enhanced security and potential protection from COVID-19 – by limiting contact with shared devices.

The mobile revolution has become a vital part of access control. Entirely new mobile credential ecosystems that rely on smartphones are replacing the need to carry traditional plastic access cards. And that’s only one benefit mobile credentials bring to organizations of virtually any size.

Here’s a look at five ways mobile credentials can permanently change our approach to access control.

1. Limit Device Contact

According to the CDC, an individual may get COVID-19 by contacting a contaminated surface or device and then touching their mouth, nose or eyes. As a result, many organizations are looking for systems that limit people’s contact with the access control and other security systems. Smartphone credentials limit contact for access control to a smartphone typically used only by its owner.

2. Increased Security

For decades, plastic access control cards have enabled people to enter through doors, gates and other barriers. However, cards can be lost or stolen, and they may be borrowed by unauthorized people. Mobile credentials add several layers of security above the normal plastic card.  First, smartphones add security with pin codes, fingerprint or face ID.  The next layer mobile credentials add is the encrypted wrapper the card payload is placed into. This means that when the mobile credential is transmitted to the reader, the basic card encryption (Prox, DESFire, iCLASS, etc.) is enhanced by another encryption layer used to secure the transmission of the card payload to the reader.  For a company on proximity-based credentials, where the technology is a ‘transmit in the clear’ format, the introduction of mobile credentials makes the process much more secure.

Mobile apps support multiple security protocols that may vary among enterprise locations, even among doors within the same facility. For example, access to a high-security research lab may require the device to communicate with a reader while a nearby integrated biometric provides two-factor authentication. Accessing a conference room may only require an app and authorized smartphone. New access control features and functions may be added with a wireless upload to the app and readers.

Meanwhile, our mobile devices have other potential security benefits. For example, with appropriate privacy safeguards, mobile devices can be enabled to monitor location.  If enabled and integrated into an access control system, a network security administrator can shut off computer access if your phone shows you are eating lunch or in a meeting room.  Additionally, given the cost of mobile phones and the amount of personal data devices contain, employees may not be inclined to share their phone with another person, where plastic badges may be easier to share. 

3. Added Convenience

Smart credentials don’t require an access card be kept in a wallet or attached to a lanyard. Many of us routinely carry our smartphones throughout the day. Also, facility managers can take advantage of smart credentials to enable authorized visitors to skip registration at the security desk to get a temporary access card, thereby reducing the number of touch points, again an important change as the world adapts to COVID-19.  The authorized visitor would then be sent an email to download an app to their phone that would grant them access to the appropriate areas of the site they would be visiting.  Once at the site, the visitor may immediately access authorized areas. The credential can also be set to expire as the visitor leaves.

A mobile credentialing system is also highly customizable. Administrators may choose a frictionless, hands-free solution in which employees enter pre-authorized doors with their smartphones remaining in a pocket or bag. In locations using entry turnstiles where there are tightly bunched readers, employees can be required to present their smartphones to a specific reader, so the other readers are not confused by the 30-foot radius of the phone’s Bluetooth Low Energy communications protocol.

4. Reduced Costs

Mobile credentialing costs can be very predictable compared to plastic credentials that can be lost or misplaced.  Mobile credentials can eliminate the capital costs of plastic badges, printers, ink, storage and handling, and can move these to an operational expense for businesses concerned about cash flow. Think of the cost of access cards at an enterprise organization such as a major university. Each year, administrators must create and issue tens of thousands of new cards for the incoming student body. In addition to opening dorm rooms, a smartphone can also act as a one-card solution enabling students to make purchases at the dining commons, check out library materials and many more activities. And unlike plastic cards, mobile credentials may be reused, transferred and remotely deactivated. 

5. Planned Migration

The move toward mobile credentials may happen sooner than anticipated before the COVID-19 pandemic. A total switch from a card-based access control system to one only using smartphones could be prohibitively expensive for most organizations. Fortunately, the choice doesn’t have to be entirely one system or the other – the best solution may be a combination of the two.

New hybrid readers support mag stripe, proximity and recent chip-based smart cards, as well as mobile credentials. That’s almost 40 years of technology in a single reader. Hybrid readers enable a phased approach to both newer card technologies as well as adding mobile credentials when the time is right. The industry also offers add-on readers that provide mobile credentialing capabilities. These add-ons, hidden in a wall or ceiling near existing card readers, add the Bluetooth technology required for mobile credentials.

The added security, efficiencies and reduced costs of contactless mobile credentialing are making the technology a mainstream choice for many organizations looking to improve access control.

Greg Berry is vice president, mobile credentials for LenelS2, part of Carrier, a global provider of heating, ventilating and air conditioning (HVAC), refrigeration, fire, security and building automation technologies.