Increasing demand for mobile credentials has fast-tracked the development and adoption of wireless technologies.
This article addresses the use of Bluetooth-enabled mobile devices in place of a physical credential. In most (if not all) mobile-ID applications, a mobile device is the credential that communicates with a reader, which is hardwired or uses Wi-Fi to communicate with physical access control systems (PACS).
Sometimes, multitechnology Bluetooth-capable “card readers” are used, because they’re compatible with existing card populations and can be phased out gradually. However, a rapidly growing number of Bluetooth ID systems are “readerless” and cardless.
ASSA ABLOY division HID has been at the forefront of this move. We interviewed HID Product Marketing Director Luc Merredew about the shift to Bluetooth.
Locksmith Ledger: In which applications do you see legacy credentials continue to be used, and where will mobile IDs gain preference?
Merredew: We have to be clear what is meant by “legacy” here. In one definition, we simply are talking about the physical form factor of the credential, where a legacy credential is a plastic card or a fob versus a digital identity on a mobile device.
An alternative definition instead refers to the technology used to store and communicate the identities on the credential. In this latter case, a legacy technology, such as 125 kilohertz (kHz) or magnetic stripe, is compared to a modern RFID (radio-frequency ID) technology, such as Seos or MIFARE DESFire EV3. That said, mobile identities are proving to be popular in many of the same applications as physical credentials, although higher education and commercial real estate lead the industry averages.
We believe that customers want options. If customers want DESFire and mobile via NFC (near field communication) but have to support 125 kHz at one location and want BLE (Bluetooth Low Energy) at another, we provide those options.
LL: How does the cost per credential compare with the cost per mobile ID? Is there a point where mobile IDs become more cost-effective, or must the potential for additional features be factored in to make such a comparison?
Merredew: In many cases, mobile solutions already deliver a price advantage. We provide our customers and partners with total cost of ownership data to compare traditional credentials with our mobile offering that includes the employee/user/student turnover, printing and distribution costs and more.
It’s worth noting that there are solutions out there that are offered at “no cost.” but free isn’t a sustainable position.
No business can commit to offering service for free for the long term. There has to be revenue coming from somewhere to maintain and develop the platform, to engage third-party penetration testers and to update and test the app.
LL: Is it necessary to upgrade the electronic access control (EAC) hardware to transition to mobile IDs?
Merredew: The HID solution is designed to be as broadly compatible as possible, so almost all PACS can use the HID Mobile Identities service. You have to have a compatible HID reader — iCLASS, multiCLASS SE or Signo — or a reader powered with HID technology, such as an ASSA ABLOY lock.
After you’ve onboarded an account, you add the keyset to the reader by using a mobile app or a configuration card and then enroll your users in the HID Origo Platform. Taking it a step further requires integration between HID Origo and the EAC headend. Regardless of the method, any EAC that uses Wiegand or OSDP can take advantage of the HID reader and service. Many of our readers already are compatible with BLE/NFC mobile access, either natively or through an upgrade module.
LL: What dealer training is required to sell and administer mobile IDs?
Merredew: We recommend partners take the training module in our HID Training Academy. This is optional and free. We have numerous additional assets to help dealers understand the solution. It’s a subscription service, so it’s a little more complex than a simple hardware sale. We also have to secure customer keysets,so it’s necessary to manage access to the portal and our reader manager portal, so dealers should expect to learn some new workflows.
LL: Why are mobile IDs more secure than traditional credentials?
Merredew: With HID mobile access, the same Seos credential technology is used in physical and digital credentials, so we can simplify a comparison and assert that a user protects that device with more vigor that they would protect a card on a lanyard. We could also say a user has to unlock their device to use the credential, and in the event of loss, that user likely can use a “find my phone” feature and report that phone lost almost immediately. The physical ID might go days before being missed.
The technology-less badge is a great complement to the mobile ID. Many organizations have policies that require badges to be worn. They give the perception of security, are part of the uniform and have some security value where personnel actually check them. We also provide photo-ID functionality in our app, so a user can select their ID and display an image that an admin uploaded to their user record. This could be a QR code, another image or symbol, or a number, too. So, a security officer could ask to be shown this image as policy requires.
LL: What’s the typical read range of mobile IDs?
Merredew: It depends. NFC is a close-range technology. It works great, but the range is 3 inches. It also is available only to Apple users under specific applications, currently higher education in North America. However, BLE is superversatile and works with Apple and Android devices. The HID solution has multiple modalities, but the most common are Tap and Twist and Go. Both are tunable by each reader location. We suggest that sites are configured to be consistent in terms of the modality and the range, so end users know what to expect at every door. Generally, Tap is used at a range of up to 4 feet from the reader but typically within 12 inches, and Twist and Go is used up to 20 feet from the reader but typically within 6 feet of the reader.
LL: For which market segments does mobile ID show the most immediate benefits?
Merredew: Populations that have high saturation of smartphones, which is almost everywhere now. Where organizations have their own app, we’ve seen tremendous success with integrating our solution into their platform.
Following are some Bluetooth reader options on the market.
HID Signo readers are interoperable with more than a dozen physical- and mobile-credential technologies, so organizations can use their technology of choice and migrate to the latest solutions easily at their own pace. Merredew says Signo is the new standard for HID.
Signo readers are packed with smart features, such as automatic surface detection that recalibrates and optimizes read performance based on the mounting location. The readers also are IP65-rated for outdoor use, with no additional gasket required, and they feature a capacitive touch keypad that’s resistant to harsh weather conditions.
More info: https://www.hidglobal.com/products/readers/signo
dormakaba Saflok SR Series readers
Darren Blankenship, dormakaba Americas associate vice president of vertical-market development, says Saflok SR Series readers are aimed at helping customers to transition to Bluetooth readers.
“Saflok SR Series readers provide access control to common areas, perimeter entries, elevators and amenity spaces,” he says. “SR readers work with various electrified access hardware devices.”
The SR readers are BLE-capable and can operate through dormakaba Mobile Access Solutions for a perimeter access and resident unit application.
More info: www.dormakaba.us
SECO-LARM ENFORCER Bluetooth Access Controllers
SECO-LARM’s ENFORCER Bluetooth Access Controllers have a streamlined, fully app-based setup that uses integrated Bluetooth wireless technology. All data is secured on the keypad/reader without the risks inherent by having an internet connection.
The keypad is passcode-protected and has AES 128 encryption and a solid-state relay for improved reliability and increased security. You can open a door via keypad, proximity card or the SL Access app. You can access or manage unlimited devices through the app and access different output modes — timed relock, continually unlocked, continually locked — by toggling thorough the multilingual app interface.
More info: www.seco-larm.com
Securitech BT Series
Not all Bluetooth updates require a new card reader. In fact, some don’t require a reader at all. Securitech BT Series trim can be installed on virtually any door. The electric-release solenoid is located inside the trim, which eliminates the necessity for electric strikes or maglocks. It’s available for doors that have cylindrical locks, mortise locks or exit devices.
The VIZpin app is the brains behind BlueKey, which is part of the BT Series. After being enrolled by the administrator, the VIZpin app displays each user’s electronic keys, where they work and when they work.
The BlueKey enabled door pops up on the screen. Simply tap the unlock signal, and the handle is used to open the door. Key override is always available.
Administrators can add and remove users easily through the intuitive web interface. Audit trails also can be downloaded.
BlueKey always allows free exiting from any building, and the outside handle is fail-secure in case of a loss of power.
More info: www.securitech.com
Corbin Russwin/SARGENT IN series locks
ASSA ABLOY brands Corbin Russwin and SARGENT have a broad range of integrated access control locks that support BLE and NFC technology to enable an easy transition to higher security credentials and mobile access.
The IN120 Series allows facilities to expand access control coverage to more doors. The lock uses standard 802.11b/g/n Wi-Fi connectivity to connect difficult-to-wire locations to the access control system, which reduces installation costs significantly.
The IN220 Series uses 802.3af Power over Ethernet-enabled network infrastructure for power and data, which streamlines the installation process. The lock also reduces standby power consumption significantly compared with traditional access control solutions.
The IN100 Series has ASSA ABLOY’s Aperio wireless technology combined with the real-time communication of online access control.
All IN Series of locks are available in cylindrical lock, mortise lock and exit device configurations as well as a wide range of finishes and decorative levers.
Camden CV-7600 Series
Camden Door Controls CV-7600 Series mobile-ready reader combines BLE and contactless smart-card technologies.
It’s capable of reading data stored on a contactless smart-card credential via radio frequency. In addition, it can read data from a mobile credential stored in a smartphone’s wallet app through BLE technology without physical contact and then pass the data obtained to the PACS.
CV-7600 readers are compatible with MIFARE prox cards and fobs.
More info: www.camdencontrols.com
Tim O’Leary is an experienced security consultant and a regular contributor to Locksmith Ledger.