Mobile Credentials Own the Road: The Migration to Smartphones for Physical Access Control

Someday, all personal identification may be stored on chips implanted in our bodies. Until then, smartphones as mobile credentials are steadily becoming the access-control technology of choice for physical security.

It’s easy to see why. Customers don’t want to remember, find or keep separate identification and access credentials to enter their home and office. Further fueling mobile’s steady migration to reputable physical security device is cloud computing and the ability to access system management and permissions from nearly anywhere in the world.

The smartphone has other inherent advantages: it is unlikely to be left behind and already has two-factor authentication with passwords, face identification and fingerprint biometrics—also known as traditional security elements of “what you have” and “what you know.” In addition to providing daily access and audit trails, mobile credentials offer new levels of convenience and functionality, enabling residents to request temporary/expiring access for visitors or maintenance and cleaning staff, to control common area access for family members and easily obtain new credentials if they are lost. Think of all the possibilities for rentals, shared workspaces, multitenant markets and other fluid communities or businesses.

The evolution of communication is also driving deployment of mobile access control. While early mobile credentials primarily used near-field communication (NFC), now technology manufacturers are leaning toward Bluetooth Low Energy (BLE), a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group. BLE can operate from a much longer range and provides frictionless access, so users can keep their phone in their pocket to enter. It can operate in background mode continuously without draining the smartphone battery, a major sticking point with Bluetooth precursors.

Tipping point for mobile

It’s too early to predict when mobile credentials will replace identification badges and cards. Limiting factors may include the large base of legacy access-control systems and establishing a workable and affordable migration path for the end-user.

Lisa Corte, product manager—wireless and IP-enabled solutions for Assa Abloy, New Haven, Conn., said it’s a misconception that mobile access has to be costly. For new construction and retrofit projects, there are ways to incorporate the technology that are both manageable and cost-effective.

“While mobile access credentials give end-users ease of access, system owners may also find that they can deploy these technologies for a reasonable cost when compared to other types of credential offerings,” she said. “By removing some of the costs associated with infrastructure, such as server installation and maintenance, and moving that to the cloud, the total cost of ownership can be significantly reduced. In fact, a wireless lock system’s total cost is about half that of a traditional online, wired access-control system. And over the course of a 10-year lifespan, power consumption can be reduced by roughly 25 percent, delivering additional total cost of ownership savings.”

Steve Van Till, president and CEO of Brivo, Bethesda, Md., recounted a 2017 conversation on the topic with former Secretary of the Department of Homeland Security Tom Ridge, who asked him his opinion on how long it would be until mobile credentials took over.

“My reply was that I would like to see it happen within the next five years,” Van Till said. “However, the reality is probably somewhere around 10 years. His prediction was a much shorter time frame—three years.”

Adoption of mobile credentials depends entirely on the market, and Ridge’s comments were a perfect example.

“There are various degrees of migration depending on the vertical market and the audience,” Van Till said. “Some of the high-security government users are pushing it along quickly. They are doing a lot with derived credentials, so you can have a standard credential, and a derived version could be on your smartphone.”

With derived credentials, the cryptographic credential is stored securely on a mobile device, in compliance with Smart Card regulations. This means no need for a dedicated reader and more application flexibility. Corte said the tipping point for mobile credentials versus cards is imminent.

“Facilities of all types are currently requesting information about mobile credentialing for new installations and for upgrades and expansions of existing systems,” she said.

Today’s market is about connectivity.

“Our smartphones are powerful wireless devices, and they are almost always with us—a perfect access-control tool,” Corte said. “As users grow more confident and familiar with the technology, we will see residential use drive greater commercial interest and adoption. If wireless access works reliably for home systems, why not incorporate it into the office? It’s a natural progression of where the end-user wants to go.”

Mobile credentials have become a lifestyle feature.

“The lifestyle users want is to have everything on their phone, including the ability to open doors,” Van Till said. “Whenever we show end-users mobile credentials, they want them 100 percent of the time.”

About the Author

Deborah L. O'Mara

Freelance Writer

Deborah L. O’Mara is a journalist with more than two decades experience writing about security, life safety and systems integration, and she is the managing director of DLO Communications in Chicago. She can be reached at dlocommunications@gmail.com...

Stay Informed Join our Newsletter

Having trouble finding time to sit down with the latest issue of
ELECTRICAL CONTRACTOR? Don't worry, we'll come to you.