This article originally appeared in the June 2022 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.
While mobile credentials have been around for some time, the last six months has brought the term mobile credential full circle, as it is seeing more traction for adoption than that of other cloud-hosted security applications. As an example, Transact Campus, a security integrator and manufacturer in the higher education recently published that they are currently working with more than 100 college campuses to bring mobile access to students.
ISC West brought more of this with almost every reader manufacturer. The topic for the ASSA ABLOY Integrator’s Breakfast was the growth of mobile credentials, and focused around their success stories, including implementations at 7 World Trade Center and the partnership successes with Transact Campus.
The reality is that mobile credential is just one of the drivers for Security as Proptech, which was ranked as No. 8 on the Security Industry Association (SIA)’s list of 2022 Security Megatrends, which forecasts trends affecting security industry businesses.
“We have reached a point where, as an industry, we should be talking about the implications and applications of mobile, mobile credentials, and software as a whole vs. how they may or may not happen – because they have already happened,” explains Lee Odess, General Manager of Latch and Chairman of the SIA Proptech Advisory Board. “Just stick your head in the Proptech community and you will find that the industry has moved beyond whether or not mobile will make an impact or not. It has and we are just starting to see the larger value proposition.”
The Shift Has Begun
Mobile credentials are simply access control credentials that use the security of a phone or mobile device, including wearables, to present the credential to a reader, using either Bluetooth (BLE) or Near Field Communication (NFC) technologies. Built-in security functions like application time out and distance of wearable from mobile device are the current security measures to prevent a mobile device from being stolen and used for entry without the owner’s consent. Thus, it is a more secure access control method than a badge credential.
According to a survey by HID Global in 2019, around 54% of businesses were likely to shift to mobile access control systems by 2022. Mobile credentials are the “easy button” for employee engagement and are becoming a necessity for college campuses.
Mobile credentials are primarily a feature of convenience. The phone is always on the person, so forgetting or losing a credential is minimal. In the few instances a phone is lost or stolen, the credential can be disabled remotely. Even the dead battery poses no problem, as with today’s technologies, even if the mobile device is “dead” there is still enough battery power to present the phone to a reader and gain entry.
Mobile credentials have become big business for not only the credential providers, such as HID, Brivo, dormakaba, Farpointe, STid and others; but also, to the phone manufacturers and for application manufacturers to build custom apps for the credentials.
While the credential itself can be less than a physical credential, a full roll-out may create happier employees and students with a much larger impact to the budget.
This is information a security integrator needs to know and present to the customer. The customer is still going to have consumables; they will just be in the form of 0s and 1s instead of a physical credential.
Implementation Tips
Integrators can approach implementation by focusing on each aspect of the mobile credential experience:
1. The reader: Depending on the customer, readers may need to be upgraded to support mobile credentials. Depending on their access control system they could be proprietary readers or open source readers.
2. The credential itself. While many of the original technologies were BLE only, most credential manufacturers have incorporated NFC as well. The credential is sent to the phone in an instant, and they can typically be sent in batches as well for large-scale credentialing.
These credentials are typically charged as a monthly user license. Where an access badge may cost $1-7 to administer depending on the badge type, the convenience outweighs the recurring credential costs. Every manufacturer has a different mobile credential plan, so planning ahead for implementation and budgeting will be critical.
For most mobile credential solutions, Android devices work out of the box with the credential being sent, downloaded and access granted.
That is not the case with Apple, although it should be noted that there are two ways to use an Apple mobile device or wearable. Some mobile access providers require the user to download an app, where all credential information is held. HID has integrated its mobile access platform into Apple Wallet. Security for the credential is then moved from HID Mobile Access to the Apple Wallet app. The Apple Wallet allows the access control card to act like a “tap-and-pay” function without manually opening the app.
3. The mobile credential interface. This is going to be cloud-hosted, and most – if not all – use a cloud-based REST application programming interface (API) that connects the cloud to the on-premise access-control system or a cloud-to-cloud connection.
This is a basic deployment, but can be much more extensive depending on the rollout. Typically involved are Single Sign-On (SSO) applications such as OKTA, which can require Mobile Device Management (MDM) access.
With Proptech deployments, a third party solution such as Swift Connect or Sharry is typically involved as well to accommodate the many moving access parts that a commercial property management, as well as with many Proptech real estate applications.
Jon Polly is the Chief Solutions Officer for ProTecht Solutions Partners www.protechtsolutionspartners.com, a security consulting company focused on smart city surveillance. Connect with him on linkedin: www.linkedin.com/in/jonpolly.