products. With this as a background, many integrators will often find it easy to select older products that they can integrate sim- ply.
The condominium had the usual access points found with most multi-family proj- ects. To get from the parking garages into the lobby, there were one or more doors to access. The fitness club and pool were connected via an elevator that needed to be controlled. There was the classic entry at the front entry and side exit portals from the building grounds to the outside. But for some of the access points, like the parking garage gates, the old key fob system could not tell them who was where when.
Interestingly, when they were going to put in the new mobile system, Quantuum was also asked if they could easily install a new key fob system that could be as to-date as the using of their smart phones for access.
“For these residents, we were able to answer with a double affirmative,” Tar- quinio said. “First of all, this system can use smart cards and key fobs – which are more secure than the old technology fobs they were using, in place of their smart phones. And secondly, these fobs do not have the looks of the cheap little plastic pieces typically deployed. They have the classic looks that a proud luxury condo- minium resident would want to show off.”
WHAT HAS LED TO THE GROWTH OF MOBILE ACCESS CONTROL? Until recently, there has been a focus by integrators and customers to assure that their card-based access control systems are secure. As companies were learning how to protect card-based access control systems, along came mobile access cre- dentials and their readers which use smart phones instead of cards as the vehicle for carrying identification information.
While many companies, still incorrect- ly, perceive that they are safer with a card, when done properly, the mobile can be a far more secure option with many more features to be leveraged. They deliver bio- metric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC.
A special word of caution needs to be emphasized when changing over to mobile systems. Many legacy access control sys- tems require the use of back-end portal accounts.
For hackers, they have become rich, easy to access caches of sensitive end-user data. These older mobile systems force the user to register themselves and their inte-
grators for every application. Door access – register. Parking access – register again. Data access – register again, with each reg- istration requiring the disclosure of sensi- tive personal information.
Newer answers provide an easier way to distribute credentials with features that allow the user to register their handset only once and need no other portal ac- counts, activation features or hidden fees. Users don’t need to fill out several differ- ent forms. Today, all that should be need- ed to activate newer systems is the phone number of the smartphone.
THE SMARTPHONE ITSELF PROVIDE PROTECTION
As far as security goes, the smartphone credential, by definition, is already a multi-factor solution. Access control au- thenticates you by following three things. • Recognizes something you have (RFID
tag/card/key)
• Recognizes something you know (PIN) or • Recognizes something you are (biometrics)
Your smartphone has all three authenti- cation parameters. This soft credential, by definition, is already a multi-factor solu- tion. Your mobile credentials remain pro- tected behind a smart phone’s security pa- rameters, such as biometrics and PINs. One cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work.
The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors – availability and built-in multi-factor secu- rity verification – are why organizations want to use smartphones in their upcoming electronic access control implementations.
Leading smartphone readers addition- ally use AES encryption when transferring data. Since the Certified Common Crite- ria EAS5+ Computer Interface Standard provides increased hardware cybersecu- rity, these readers resist skimming, eaves-
Photon photo/Shutterstock.com
dropping and replay attacks.
When the new mobile system lever-
ages the Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security manage- ment systems, fostering interoperability among security devices.
Likewise, new soft systems do not re- quire the disclosure of any sensitive end- user personal data. All that should be needed to activate newer systems is simply the phone number of the smartphone.
USED IN A WIDE VARIETY
OF APPLICATIONS
Some functions just naturally lead to the use of smartphone-enabled access con- trol...colleges and universities, where the users are never typically more than a body length from their smartphones whether in the dorm, at class, watching the football game or visiting mom and dad, are prime. The sole benefits are convenience, conve- nience and convenience.
Their smartphone can help them get into their dorms, attend the special lab course, verify their identity for on-campus tickets and even ride the bus. That’s why institutes of higher learning are a sure bet to soliciting mobile access control.
Another prime prospect is anywhere you find large parking lots and structures. With their 15 foot read range, smartphone credentials let drivers easily get reads from well beyond what proximity and smart- cards will provide and do it from the con- fines of their car even when it is raining. Drivers can stay dry and warm or cool when accessing the parking booth at the entrance or self-service boom.
Secure applications such as in medical facilities, access to data rooms and armories are proving to be other great areas for using mobile access. As far as security goes, the mobile credential, by definition, is already a multi-factor solution.
To emphasize, one cannot have access
26
MAY/JUNE 2022 | SECURITY TODAY
ACCESS CONTROL