Page 70 - Security Today, April 2022
P. 70
information.
New solutions provide an easier way to
distribute credentials with features that allow the user to register their handset only once, with no other portal accounts, activation features or hidden fees required. Users no longer need to fill out several different forms. Today, all that should be needed to activate newer systems is the phone number of the smart phone.
The Smartphone Itself Provides Protection
As far as security goes, the smartphone credential is already a multi-factor solution by definition. Access control authenticates you by following three things:
• Recognizing something you have (RFID tag/card/key)
• Recognizing something you know (PIN)
• Recognizing something you are
(biometrics)
Your smartphone has all three
authentication parameters. This soft credential is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone's security parameters, such as
Secured Access
26 campuslifesecurity.com | MARCH/APRIL 2022
biometrics and PINs. One cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors—availability and built-in multi- factor security verification—are why organizations want to use smartphones in their upcoming electronic access control implementations.
Leading smartphone readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks.
When the new mobile system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security
devices.
Likewise, new soft systems do not require
the disclosure of any of the end user’s sensitive personal data. All that should be needed to activate newer systems is simply the phone number of the smartphone.
Used in a Wide Variety of Applications
Some functions just naturally lead to the use of smartphone-enabled access control. Colleges and universities—where the users are never typically more than a body’s length from their smartphones whether in the dorm, in class, watching the football game or visiting Mom and Dad—are prime. The sole benefits are convenience, convenience and convenience. Their smartphone can help them get into their dorms, attend the special lab course, verify their identity for on-campus tickets and even ride the bus. That's why institutions of higher learning are a sure bet to soliciting mobile access control.
Another prime prospect is anywhere you’d find large parking lots and structures. With