Your smartphone has become your alarm clock, calendar, camera, and note pad – why not let it replace your key ring too?
Instead of an ID badge or key card, you can now carry a digital credential on your smartphone. This latest option in access control minimizes the costs of physical keys and cards while offering additional identity protection.
The 411 on Mobile Credentials
You need more than just an app on a smartphone to open a door. To start with, your mobile device must be enabled with near field communication (NFC). Similar to RFID but more complex, NFC uses radio signals for two-way communication at 4 inches or less. It is the same technology used on credit and debit cards for contactless payment.
Equipped with NFC, users will then need to download their credential and the accompanying application, says Jeremy Earles, product marketing manager for Ingersoll Rand Security Technologies. For security purposes, the credential is stored in the SIM card or secure element of the phone.
“This creates a firewall between the application and the credential,” explains Peter Boriskin, director of product management for manufacturer ASSA ABLOY. “Otherwise data stored in the application area of a phone can be susceptible to malware or rogue applications.”
When their credential must be verified, users simply launch the app. The software uses NFC to initiate communication with the smart reader, which then processes the identity data just as it would with any other credential.
The digital key can also replicate the look of a traditional ID badge, Earles notes, so it can be used for manual checks by security if a reader isn’t used at a particular entrance.
Call Up These Benefits
Mobile credentials promise several advantages over other access control choices:
- Convenience – Whether you use mechanical keys, badges, or access cards, each option requires workers or students to go into an office and receive their credential in person. Not so with smartphones –
users don’t have to be physically present or even in the building.
All an administrator needs is the user’s phone number and SIM ID, says Boriskin, which can be obtained during HR orientation or student registration.
Office personnel then use a web-based program to issue the credential at any time and from any place.
- Costs – Mobile credentials significantly reduce the costs associated with metal keys or cards – no more printers, blank cards, rekeying, or ink cartridges. This can be a sizable savings for hotels or colleges that must replace keys frequently, says Earles.
A digital credential also won’t end up in the landfill at the end of its life, he adds, providing a more sustainable option with fewer disposal costs.
- Security – Because phones have become so entwined with daily life, people tend to notice within mere minutes if their phone is no longer in reach, Boriskin notes. But with a physical ID card that sits in a purse or back pocket all day without a glance, it could take hours for someone to realize it’s lost.
This time gap creates an opening for someone to improperly access your building. Should a smartphone get stolen or lost, however, the credential can be remotely revoked to prevent a security breach. The same process can be used to transfer the credential to a new phone when a user upgrades, Boriskin adds.
- Identity Protection – Until the app is launched, a mobile credential isn’t accessible – the digital badge won’t display as the user’s smartphone background, for example.
“With smartphones, any identifying information is usually stored behind a password screen,” Earles explains. “If a physical ID card gets lost, however, anyone can pick it up and instantly learn what a person looks like and where he or she works or goes to school.”
If you don’t trust mobile users to have password protection enabled on their phones, you can also require a password to open the app itself as an additional security measure. However, this step may be perceived as a drawback by users if they feel it causes too much of a delay.
- Temporary Access – Mobile credentials can be used for visitor passes, hotel key cards, or temporary access privileges for outside contractors.
As long as guests have an NFC-enabled smartphone, administrators can issue a digital key prior to their arrival and revoke it just as easily.
- Payment Options – As with smart cards, digital ID badges can be tied into any closed-loop payment system, Earles says, a functionality often seen on college campuses and in healthcare.
“This is a great solution if you want to combine access control with multiple functions, such as cafeteria payments, vending machine purchases, or library privileges,” Earles says.
Barriers to Adoption
Much like contactless payment with your debit card, mobile credentials remain an emerging technology that is slowly being tested by early adopters.
For example, because mobile carriers control access to the secure element on phones, manufacturers must work with providers to create a backend infrastructure that facilitates the data transfer so credentials can be stored securely.
But the ease of implementation may ultimately rest with your building occupants.
“You need to evaluate what percentage of your population uses smartphones,” Earles stresses. “Not all smartphones are NFC-enabled either, though you can retrofit some models with a special NFC case.”
At present, carriers such as Android and Blackberry include NFC, but the iPhone has yet to adopt it.
You may want to test out the solution using a targeted group of individuals. If your FM team is already equipped with smartphones and tablets, a digital credential could be an ideal way of pooling all of their keys into one spot.
Dialing the Future
Despite their small market share, mobile credentials are on their way. Whether you switch today or bide your time, keep an eye on your security infrastructure now.
“If you’re doing a technology overhaul with your credential system, deploy options that will allow you to migrate to NFC in the future,” recommends Boriskin. “You don’t want to install readers that can’t adapt down the road.”
Look for smart readers that can verify different credential types. These often use MIFARE Classic, an open architecture protocol that verifies multiple sources of contactless authentication and encryption. This is particularly important if you want to incorporate biometrics as well.
Will digital credentials come to replace all physical keys and cards? The answer depends on if you can envision a future where everyone carries a smartphone.
Whether you’d like to gamble on that scenario or not, you can put your money on digital identification becoming just one of many access control options your occupants will come to expect.
“There’s so much we can do with NFC,” Earles adds. “We’ve only just begun to scratch the surface and see how big the ecosystem can really be.”
Jennie Morton firstname.lastname@example.org is associate editor of BUILDINGS.