Page 70 - Security Today, April 2021
P. 70
Security Management
Ollyy/Shutterstock.com
custom graphics.
The Mobile Wallet App can store many mobile access credentials
on a smartphone at one time. Typically, more than 20, however, the actual quantity is dynamic and is related to the memory specifications and internal storage capacity of each device. This aspect of mobile access is a real benefit to today’s lock intensive school campuses.
By the way, mobile access credentials are not intended to be shared. Once registered on a smartphone, each credential is tightly linked to that device. To maintain system security, they are not intended to be shared across multiple devices.
If a credential on a lost or smartphone is damaged, it cannot be re-installed on another device. Think of a credential as being securely linked to a smartphone. In the event that a smartphone is lost, dam- aged or stolen, the process should be the same as when a traditional, physical access credential is lost: it should be immediately deactivated in the access control system management software and a new mobile credential issued as a replacement.
Secure!
Many companies still perceive that they are safer with a card but, if done correctly, mobile can be a far more secure option with many more features to be leveraged. The bottom line - both Bluetooth and NFC credentials are safer than traditional hard credentials. Read range difference yields a practical result from a security aspect. A Bluetooth reader can be installed on the secure side of the door while NFC must be mounted on the unsecured side.
As far as security goes, the soft credential, by definition, is already a multi-factor solution. Mobile credentials remain protected behind a smartphone's security parameters, such as biometrics and PINs. Once a biometric, PIN or password is entered to access the phone, the user automatically has set up 2-factor access control verification; what you know and what you have or what you have and a second form of what you have. This level of multi-factor verification is a straightforward method to protect mobile access credentials.
To emphasize, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential performs just like any other app on the
phone. The phone must be on.
Leading readers additionally use AES encryption when transfer-
ring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks. With the Federal Trade Commission (FTC), among others, now holding the business community responsible for implementing good cybersecu- rity practices, such security has become an increasingly important consideration.
If the new system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fos- tering interoperability among security devices.
Lastly, once a mobile access credential is installed on a smart- phone, it cannot be re-installed on another smartphone. This mecha- nism prevents the sharing of credentials between staff and students alike. For security purposes, mobile credentials are tightly linked to a smartphone.
Why Multiple Credentials are emphasized with
Smart Phone Access Control
Mobile access credentials can easily be integrated into existing school control systems. Think about it. Students can use mobile access con- trol at the front door of their dormitory, at the gates to their parking lot and to login to the computer network’s data system. Then, at lunch, soft credential would also be available for use at the cafeteria or the vending machines.
Students could check out books while janitors select the tools they need. All are separate mobile access credentials stored securely in one location - the wallet application on the user’s smartphone, with each mobile credential supported by its own respective school system.
Soft, mobile, smartphone-based access control credentials now work the way you want. Every educational administrator needs to get on board.
Scott Lindley is the general manager at Farpointe Data.
18 campuslifesecurity.com | MARCH/APRRIL 2021