Mobile Devices Ease Access

It's become the new norm. Go to a restaurant most anywhere and instead of being handed a paper or plastic menu, there’s a small stand on the table with a QR code dominantly displayed—encouraging customers to scan it with their smartphone and place their order.

QR codes have been around since 1994 when Masahiro Hara created them to help Denso Wave, an automotive company, track vehicles during the manufacturing process. But it wasn’t until COVID-19 that they really became popular for daily use.

Since the beginning of the COVID-19 pandemic, individuals have been increasingly reliant on technology and their personal devices to order groceries, scan menus, track deliveries, turn on lights, and unlock vehicles and their homes. They are turning to their smartphones for more mobile—and hygienic—solutions. And they are starting to to bring those expectations of convenience to access control, says Peter Boriskin, chief technology officer for ASSA ABLOY Americas.

“A lot of folks are moving to mobile as a way to do touchless transactions and payments for transportation, dining, and Venmo and PayPal; cashless transactions are seen as supporting the notion of social distancing in a seamless and touchless way,” he explains. “As people start to get used to that in their daily life, they’re starting to look at other areas that don’t behave like that. We’re starting to see people say, ‘I can do this at my house. Why can’t I do this at my work?’”

Prior to 2020, the technology existed to provide individuals with a credential on their smartphone that could be used as an authenticator to gain access to a facility. Using a mobile device instead of a separate, physical key or key card was popular with residential end users, as well as the hospitality sector for hotels and vacation rentals.

“When I look at 2019 and prior, the case for doing mobile access on its own was probably not as strong until you added other components to it,” Boriskin says. “The choice of holding up my phone or a plastic card to get into my office—it’s nice if the phone happens to be in my hand, but it wasn’t tipping the scale that you would want to run out a whole mobile infrastructure to do that.”

But as individuals become increasingly dependent on their smartphones, organizations seek to leverage those devices to make interactions more seamless. For instance, universities are interested in mobile-based solutions for vending, dining, and transportation payments. Adopting mobile for access control becomes a much more logical step, Boriskin says.

In a 2019 trends report, The State of Physical Access Control: Impact on the Enterprise, HID Global partnered with ASIS International to survey 1,897 security practitioners and found that users were increasingly adopting mobile credentials.

“Approximately 20 percent of survey respondents indicate they have upgraded to mobile-enabled readers or are in the process of doing so,” according to the survey. “Another 34 percent will upgrade to mobile-enabled readers within the next three years. Overall, 77 percent of those surveyed said that mobile credentials will either improve or somewhat improve their overall access control system.”

Organizations are making these moves and changes to their access control systems while considering the future of building automation.

“The property manager for that high-rise is looking for solutions to manage every aspect of the property: security, HVAC, elevator maintenance, and lighting,” the HID survey found. “All of these systems converge to improve the capacity to manage the building. Decisions are often driven by the objective of being aware of who is in the building and being responsive to that population.”

Mobile credentials are also more secure than other physical cards currently on the market because they cannot be as easily copied or spoofed. For instance, the HID survey found that most common access control technology utilized card credentials that relied on 125 kHz proximity with no way to determine if the credential itself had been compromised or cloned.

“This read-only technology is very economical, but has widely-known security vulnerabilities,” according to the survey. “This technology will keep incidental visitors out but will not withstand anyone with an intent to breach the system.”

Additionally, the process for issuing a mobile credential can be streamlined for the organization, making it both less time consuming and logistically challenging. For instance, new employees do not need to report to a central office to receive a physical key. Instead, security can remotely issue credentials directly to the employees’ devices.

Not only does an issuing process like this minimize traditional logistical hurdles for the security department, it also reinforces social distancing practices by limiting in-person interaction and wait times at a central issuance office.

Additionally, the technology is being developed to issue master key mobile credentials—including ones that are time sensitive, limiting access to critical sites and reducing risk.

“We typically over-provision our users,” Boriskin explains. “We typically give them more access than they need to do their jobs. While it may make their lives more convenient, it does present an unnecessary risk.”

One example of issuing a time-sensitive mobile credential would be in critical infrastructure where an operator could issue a key to an employee scheduled to work a shift at a remote site, such as for a site inspection.

“We have intelligent keys and cylinders that operate very much like a master key system would have, where you can program into the key the times and days that certain individuals can access those cylinders,” Boriskin says. “It allows us to do things in a different way—to give keys that people carry around that do not unlock anything until they have a need to.” n

Megan Gates is editor-in-chief of Security Technology. Connect with her at [email protected]. Follow her on Twitter: @mgngates.