Access control and access management are vital aspects of running any organization. For the last 70 years or so, businesses, government agencies, and educational institutions have all relied on ID cards as a convenient tool for limiting access to locations, buildings, services, and resources.
From ordinary paper to plastics, laminates, and reinforced substrates, the materials used to create ID cards have steadily evolved. In recent years, novel technologies like smart chips and biometric data have also been integrated into ID cards.
Despite all these innovations, one basic fact has remained unaltered – ID cards retain an independent physical form and have to be carried around in wallets, pockets, or lanyards. But even that is changing rapidly, thanks to the increasing popularity of mobile access control.
In this post, we will try to answer the following pertinent questions:
- What are mobile credentials and how are they related to ID cards?
- What technologies are used in mobile access control?
- Are mobile credentials superior to physical ID cards?
- What impact will mobile access control have on the future of business security?
- Should you consider switching to a mobile access control system?
- Are there any disadvantages or risks associated with mobile access credentials?
A Brief Introduction to Mobile Credentials
There was a time in the not too distant past when a mobile device was used for the basic purpose of calling and text messaging. These days, modern smartphones have evolved to add an ever-increasing list of capabilities – they can do the job of cameras, computers, gaming devices, radios, TVs, health/fitness scanners, and more. Smartphones can even take care of payments, both online and offline, making cash and cards largely redundant.
Mobile credentials technology adds physical ID cards to the growing list of objects that can be replicated on a modern smartphone. Instead of carrying a physical ID card for authorized access, you can now use a digital equivalent installed on your personal mobile devices.
The technology has the potential to replace traditional key cards, fobs, and other forms of photo IDs with magnetic strips/smart chips. Mobile access control systems can be used in offices, customer service areas, educational campuses, and other secure locations where some form of access credentials are necessary.
Mobile Credentials – How Does It Work?
With physical ID cards, the issuing authority/organization uses specialized software to manage access control across eligible individuals. First, the ID credentials are linked to the personal data stored on databases (like employee records or student records). Then, the cards are printed on plastic and physically handed over to the concerned individual.
Mobile credentials work along similar lines. The database management is still based on special software suites, but there is a larger emphasis on remote, cloud-based systems. Users are assigned credentials – often a unique identification number – that are linked to their smartphone. There are two main options in mobile credential implementation:
- Issue company-owned devices with credential software pre-installed.
- Allow employees to download and install the credential apps on their own mobile phones.
There are pros and cons associated with each approach, which we will address in detail in another section. Regardless of the ownership model used, the basic working process remains largely unchanged. Once installed and verified via various measures like fingerprint scans and Two-Factor Authentication, the mobile credentials can be used in the following ways:
- Using the phone like an ID card/badge in front of a reader to gain entry.
- Shaking or tapping the phone to send mobile credentials to nearby readers.
- Using voice commands via the credential app to unlock doors to gain physical access.
The Core Technologies Used in Mobile Access Control
The current smartphone market is dominated by two competing software ecosystems – Apple’s iOS and Google’s Android. Developers usually create separate versions of mobile credential apps for both iOS and Android. Given the sizable customer base on both ecosystems, this is not at all surprising.
Correlating with this, you cannot expect to use just any device out there for mobile credentialing. Mobile access control systems require the devices to have at least one of the following communication protocols:
Near Field Communication (NFC)
With an extremely short operating range, NFC is a feature available on most modern smartphones. A few years ago, you could only find it on top-end Android devices and iPhones, but that situation has changed for the better.
NFC uses the same technology as RFID – or radio frequency identification. RFID has been around for decades and is used in key cards and other forms of smart ID giving touchless access control. You can consider NFC as a modern evolution of RFID.
RFID has a longer effective range of several feet or more, or even hundreds of feet if the chip has an adequate power supply. In stark contrast, NFC operates on next to no power and requires the devices to be in the close proximity of a few inches.
Communication in NFC happens between devices called readers and tags. NFC devices can act as both, while RFID requires separate readers and tags. The NFC chip inside your modern smartphone is very versatile and can be used for access control, touch-free payments, ticketing, and more.
Bluetooth Low Energy (BLE)
BLE is another wireless communication protocol that is also commonly referred to as Bluetooth 4.0. While it is based on the same 2.4 GHz bandwidth for industrial/scientific/medical use as regular Bluetooth, BLE has significant differences and advantages over its predecessors.
For starters, it uses way less power than ordinary Bluetooth by staying in sleep mode for most of the time. Power is only used when initiating connections – a BLE device can work for 5–10 years on a basic coin-cell battery.
BLE has a shorter effective range than its predecessors, but it is still more than what NFC can handle (up to 100m). It also has a much smaller data-transfer capacity. BLE connects devices much faster than ordinary Bluetooth, taking only a few milliseconds as opposed to 100 milliseconds.
NFC vs. BLE – Which Is Better for Mobile Access Control?
There are no easy answers here. The suitability of a particular communications standard will depend on the use case and other factors. Both NFC and BLE support advanced encryption technologies. While NFC has the power consumption advantage, it has a limited range and lower data-transfer capabilities when compared to BLE.
The one major difference is availability. In the past, BLE had an edge over NFC in this regard as Apple did not support NFC in earlier iPhone models. However, the situation has improved significantly in the last 6–7 years and most smartphones launched since 2016 have both NFC and BLE (except low-budget devices).
WiFi for Remote Access Control
Most mobile access control systems these days use a mobile app/wallet architecture for ID deployment. These apps often come with special features like gesture controls, voice commands, and biometrics. Some of these value-added features use encrypted communications via WiFi since the limited bandwidth of NFC and BLE are often inadequate for the task at hand.
Why Use Mobile Credential Systems in Business?
There are numerous advantages to using a mobile access control system in your business. These can be neatly divided into security advantages, convenience, and cost factors. Let us take a closer look at each to see how switching to a mobile access system can potentially impact your business.
Less Risk of Lost/Misplaced IDs
Mobile phones have become essential tools in our daily lives. Most people cannot go a day without using their phones. Naturally, we take much better care of our phones than throwaway tags and access cards. There is less chance of people losing mobile phones, or forgetting to bring them to work altogether.
Low Threat from Stolen Mobiles
Even if a mobile device with access control gets stolen, it imposes a much smaller threat to your security system than a stolen access card. Using the mobile access credential management system, you can turn off the access privileges of the device remotely. Any unauthorized third party will not be able to gain access to your facilities simply by holding the device near the access control point.
Little Risk of Unauthorized Access
Mobile phones these days have rigorous access control measures built into the device itself. Phones can be locked using biometric data (fingerprints, face scans), passwords, and Two-Factor authentication. All these different layers of security ensure that outsiders cannot tamper with the digital IDs inside authorized devices even if they are in possession of the device.
More Convenient Than ID Cards
A single mobile device can be assigned multiple levels of access privileges. This removes the need to carry multiple ID cards and authentication devices. The convenience of such a feature for your employees is undeniable. Having fewer objects to worry about can be a small boon in these hectic times.
More Control Over Access Management
With smart cards, you don’t have direct access to the privileges assigned to the physical card. But with a mobile access solution, you can do a lot of cool things remotely. For instance, you can quickly revoke the access privileges of a disgruntled former employee after the termination of his/her services. This will effectively prevent them from using their old mobile access control to do any kind of damage to the business.
You could also give temporary access to visiting clients or seasonal employees. Additionally, you can program timed access to certain locations of your facilities. This way, delivery personnel can be allowed secure access for limited durations.
Very Cost Effective
Printing and managing access cards is often an additional expense that your business could do without. This is especially true in industries like hospitality and leisure, where both your clients and employees require access cards. Lost or misplaced cards can cost a small fortune in the long run. By relying on a device that most people already own and use, you can achieve significant cost savings with mobile credential systems.
Mobile Access Credentials Received a Major Boost During the Pandemic
The underlying technologies behind mobile access control have been around for more than a decade now. Both NFC and BLE were launched sometime around 2011. While technology does take some time to mature, it is undeniable that we have had the capabilities to switch to mobile access for quite a few years now.
While the benefits of mobile are real, it was the COVID pandemic that gave many businesses and organizations across the spectrum a pressing incentive to make the switch, or at least adopt the technology partially.
With a physical card, you have to either pick it up at the office or have it delivered to your address. Since the virus threat increased the demand for zero-contact processes, the demand for mobile access credentials has also gone up. You can safely send the authorization via the internet to the assigned user.
This kind of flexible arrangement is ideal for hybrid offices, where many employees switch between work-from-home privileges and on-site work. Instead of assigning permanent IDs, you can simply activate their access credentials for the specific days when they come to the office.
Mobile devices using NFC or BLE can open doors without any physical contact between the user and public surfaces. This also significantly reduces the risk of viral transmission. Even if the pandemic is slowly subsiding, the importance of bio-security can no longer be ignored. Contactless ID and access solutions on mobile devices will continue to play a major role in the future of access control.
Are There Any Disadvantages to Mobile Access?
While it has a lot of potential in offices, schools, universities, and customer service areas, mobile access credentials are not perfect. There are some not so insignificant vulnerabilities in the system, especially from a business security perspective.
Device Compatibility Challenges
While almost everyone has a smartphone these days, they are not all created equal. You cannot realistically expect all your employees to own the latest model or even a fully secure and updated mobile phone. To maintain optimal security, you need to enforce certain device standards. This may require the business to provide mobile credential devices, which is not as affordable as a “bring your own device” (BYOD) model.
Privacy Concerns
Employees may not like the idea of having company apps running on their personal devices. If the access control system comes with features like location tracking, this can raise significant privacy concerns.
Power & Network Limitations
While NFC and BLE are low-power communication technologies, they still require a smartphone with at least some charge for access validation. Further, some features also require internet, which may not be ideal in locations with poor network connectivity. With traditional ID cards, you don’t have such limitations.
High-Security Environments
Modern smartphones have cameras and other data capture technologies which can be used for surveillance and IP theft. In certain high-security corporate facilities, you have no option but to ban the use of any kind of smartphone. Mobile credentials are totally incompatible with such situations that involve sensitive data.
What Are Some Ideal Use Cases for Mobile Access Control Systems?
From the list of potential weaknesses, it is quite clear that mobile credentials may not be suitable for all types of businesses, especially as a total replacement for traditional ID card-based security systems. However, the technology still has tremendous potential, especially when used alongside an ID card system.
Mobile devices can play a highly complementary role in traditional access control situations. When the credentials only give access to low-security spaces, especially for a limited time period, using a physical card is often unnecessary. Here are some potential areas where you can swap ID cards for mobile access:
- For clients at hotels, clubs, spas, and other service areas
- Students at schools, colleges, and universities
- Visitors and lower level/WFH employees in offices
In these conditions, the security requirements are relatively relaxed and can be perfectly handled by a mobile credential system. You can consider using traditional ID cards with high-level security and anti-counterfeiting measures for other locations in your business.
Choose the Leader in Mobile Access Control Solutions
We still have a long road ahead in achieving perfect security with a mobile access control solution. The technology is still evolving and we can expect encryptions and other security features to improve with time. At some point in the future, every business or institution will be able to seamlessly transition from physical ID cards to smartphone access control systems.
In the meantime, you should carefully consider the needs and security demands of your business before contemplating a switch to mobile access solutions from your existing access control systems. It is always a wise idea to consult an expert in security solutions first.
Elliott Data Systems has decades of experience in providing credential security, facility security, and digital security services to enterprises, government agencies, and educational institutions in the Mid-South region. For a free demo on the latest mobile advanced access control system, contact our experts using the link provided here.