For the past several years, there has been a focus by integrators and customers to assure that their card-based access control systems are secure. To give businesses an extra incentive to meet their cybersecurity threats, the Federal Trade Commission (FTC) has decided to hold the business community responsible for failing to implement good cybersecurity practices and is now filing lawsuits against those that don't.

For instance, the FTC filed a lawsuit against D-Link and its U.S. subsidiary, alleging that it used inadequate safeguards on its wireless routers and IP cameras that left them vulnerable to hackers.Many companies perceive that they are safer with a card but, if done correctly, the mobile can be a far more secure option 

Now, as companies are learning how to protect card-based systems, such as their access control solutions, along comes mobile access credentials and their readers which use smart phones instead of cards as the vehicle for carrying identification information. Many companies perceive that they are safer with a card but, if done correctly, the mobile can be a far more secure option with many more features to be leveraged.

Handsets deliver biometric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC. As far as security goes, the soft credential, by definition, is already a multi-factor solution.

Types Of Access Control Authentication

Access control authenticates you by following three things: 

  • Recognises something you have (RFID tag/card/key),
  • Recognises something you know (PIN) or
  • Recognises something you are (biometrics).

Your smart phone has all three authentication parameters. This soft credential, by definition, is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs. Organizations want to use smart phones in their upcoming access control implementations Once a biometric, PIN or password is entered to access the phone, the user automatically has set up 2-factor access control verification - what you know and what you have or what you have and a second form of what you have.                

To emphasize, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors – availability and built-in multi-factor verification – are why organizations want to use smart phones in their upcoming access control implementations.

Smart Phone Access Control Is Secure

Plus, once a mobile credential is installed on a smart phone, it cannot be re-installed on another smart phone. You can think of a soft credential as being securely linked to a specific smart phone. Similar to a card, if a smart phone is lost, damaged or stolen, the process should be the same as with a traditional physical access credential. It should be immediately deactivated in the access control management software - with a new credential issued as a replacement.

one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone.
Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs

Leading readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks.           

When the new mobile system leverages the Security Industry Association's (SIA) Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices.

Likewise, new soft systems do not require the disclosure of any sensitive end-user personal data. All that should be needed to activate newer systems is simply the phone number of the smart phone.All that should be needed to activate newer systems is simply the phone number of the smart phone

Bluetooth And NFC The Safer Options

Bottom line - both Bluetooth and NFC credentials are safer than hard credentials. Read range difference yields a very practical result from a security aspect. First of all, when it comes to cybersecurity, there are advantages to a closer read range. NFC eliminates any chances of having the smart phone unknowingly getting read such as can happen with a longer read range.

There are also those applications where multiple access readers are installed very near to one-another due to many doors being close. One reader could open multiple doors simultaneously. The shorter read range or tap of an NFC enabled device would stop such problems. However, with this said in defense of NFC, it must also be understood that Bluetooth-enabled readers can provide various read ranges, including those of no longer than a tap as well.

One needs to understand that there are also advantages to a longer reader range capability. Since NFC readers have such a short and limited read range, they must be mounted on the unsecure side of the door and encounter all the problems such exposure can breed. Conversely, Bluetooth readers mount on the secure sides of doors and can be kept protected out of sight.

Aging Systems Could Cause Problems

Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions With that said, be aware. Some older Bluetooth-enabled systems force the user to register themselves and their integrators for every application. Door access – register. Parking access – register again. Data access – register again, etc.

Newer solutions provide an easier way to distribute credentials with features that allow the user to register only once and need no other portal accounts or activation features. By removing these additional information disclosures, vendors have eliminated privacy concerns that have been slowing down acceptance of mobile access systems.

In addition, you don’t want hackers listening to your Bluetooth transmissions, replaying them and getting into your building, so make very sure that the system is immunised against such replays. That’s simple to do. Your manufacturer will show you which system will be best for each application. Research shows that Bluetooth enabled smart phones are continuing to expand in use to the point where those not having them are already the exceptions. They are unquestionably going to be a major component in physical and logical access control.

Gartner suggests that, by 2020, 20 percent of organizations will use mobile credentials for physical access in place of traditional ID cards. Let’s rephrase that last sentence. In less than 18 months, one-fifth of all organizations will use the smart phone as the focal point of their electronic access control systems. Not proximity. Not smart cards. Phones!

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Safety In Smart Cities: How Video Surveillance Keeps Security Front And Center
Safety In Smart Cities: How Video Surveillance Keeps Security Front And Center

Urban populations are expanding rapidly around the globe, with an expected growth of 1.56 billion by 2040. As the number of people living and working in cities continues to grow, the ability to keep everyone safe is an increasing challenge. However, technology companies are developing products and solutions with these futuristic cities in mind, as the reality is closer than you may think. Solutions that can help to watch over public places and share data insights with city workers and officials are increasingly enabling smart cities to improve the experience and safety of the people who reside there. Rising scope of 5G, AI, IoT and the Cloud The main foundations that underpin smart cities are 5G, Artificial Intelligence (AI), and the Internet of Things (IoT) and the Cloud. Each is equally important, and together, these technologies enable city officials to gather and analyze more detailed insights than ever before. For public safety in particular, having IoT and cloud systems in place will be one of the biggest factors to improving the quality of life for citizens. Smart cities have come a long way in the last few decades, but to truly make a smart city safe, real-time situational awareness and cross-agency collaboration are key areas which must be developed as a priority. Innovative surveillance cameras with integrated IoT Public places need to be safe, whether that is an open park, shopping center, or the main roads through towns Public places need to be safe, whether that is an open park, shopping center, or the main roads through towns. From dangerous drivers to terrorist attacks, petty crime on the streets to high profile bank robberies, innovative surveillance cameras with integrated IoT and cloud technologies can go some way to helping respond quickly to, and in some cases even prevent, the most serious incidents. Many existing safety systems in cities rely on aging and in some places legacy technology, such as video surveillance cameras. Many of these also use on-premises systems rather than utilising the benefits of the cloud. Smart programming to deliver greater insights These issues, though not creating a major problem today, do make it more challenging for governments and councils to update their security. Changing every camera in a city is a huge undertaking, but in turn, doing so would enable all cameras to be connected to the cloud, and provide more detailed information which can be analyzed by smart programming to deliver greater insights. The physical technologies that are currently present in most urban areas lack the intelligent connectivity, interoperability and integration interfaces that smart cities need. Adopting digital technologies isn’t a luxury, but a necessity. Smart surveillance systems It enables teams to gather data from multiple sources throughout the city in real-time, and be alerted to incidents as soon as they occur. Increased connectivity and collaboration ensures that all teams that need to be aware of a situation are informed instantly. For example, a smart surveillance system can identify when a road accident has occurred. It can not only alert the nearest ambulance to attend the scene, but also the local police force to dispatch officers. An advanced system that can implement road diversions could also close roads around the incident immediately and divert traffic to other routes, keeping everyone moving and avoiding a build-up of vehicles. This is just one example: without digital systems, analyzing patterns of vehicle movements to address congestion issues could be compromised, as would the ability to build real-time crime maps and deploy data analytics which make predictive policing and more effective crowd management possible. Cloud-based technologies Cloud-based technologies provide the interoperability, scalability and automation Cloud-based technologies provide the interoperability, scalability and automation that is needed to overcome the limitations of traditional security systems. Using these, smart cities can develop a fully open systems architecture that delivers interoperation with both local and other remote open systems. The intelligence of cloud systems can not only continue to allow for greater insights as technology develops over time, but it can do so with minimal additional infrastructure investment. Smart surveillance in the real world Mexico City has a population of almost 9 million people, but if you include the whole metropolitan area, this number rises sharply to over 21 million in total, making it one of the largest cities on the planet. Seven years ago, the city first introduced its Safe City initiative, and ever since has been developing newer and smarter ways to keep its citizens safe. In particular, its cloud-based security initiative is making a huge impact. Over the past three years, Mexico City has installed 58,000 new video surveillance cameras throughout the city, in public spaces and on transport, all of which are connected to the City’s C5 (Command, Control, Computers, Communications and Citizen Contact) facility. Smart Cities operations The solution enables officers as well as the general public to upload videos via a mobile app to share information quickly, fixed, body-worn and vehicle cameras can also be integrated to provide exceptional insight into the city’s operations. The cloud-based platform can easily be upgraded to include the latest technology innovations such as license plate reading, behavioral analysis software, video analytics and facial recognition software, which will all continue to bring down crime rates and boost response times to incidents. The right cloud approach Making the shift to cloud-based systems enables smart cities to eliminate dependence on fiber-optic connectivity and take advantage of a variety of Internet and wireless connectivity options that can significantly reduce application and communication infrastructure costs. Smart cities need to be effective in years to come, not just in the present day, or else officials have missed one of the key aspects of a truly smart city. System designers must build technology foundations now that can be easily adapted in the future to support new infrastructure as it becomes available. Open system architecture An open system architecture will also be vital for smart cities to enhance their operations For example, this could include opting for a true cloud application that can support cloud-managed local devices and automate their management. An open system architecture will also be vital for smart cities to enhance their operations and deliver additional value-add services to citizens as greater capabilities become possible in the years to come. The advances today in cloud and IoT technologies are rapid, and city officials and authorities have more options now to develop their smart cities than ever before and crucially, to use these innovations to improve public safety. New safety features Though implementing these cloud-based systems now requires investment, as new safety features are designed, there will be lower costs and challenges associated with introducing these because the basic infrastructure will already exist. Whether that’s gunshot detection or enabling the sharing of video infrastructure and data across multiple agencies in real time, smart video surveillance on cloud-based systems can bring a wealth of the new opportunities.

Which new buzzwords reflect the security industry’s trends?
Which new buzzwords reflect the security industry’s trends?

As an industry, we often speak in buzzwords. In addition to being catchy and easy to remember, these new and trendy industry terms can also reflect the state of the security market’s technology. In short, the latest buzzwords provide a kind of shorthand description of where the industry is - and where it’s going. We asked this week’s Expert Panel Roundtable: What new buzzword(s) rose to prominence in the security industry in 2020? (And how do they reflect industry trends?)

Biometrics Provides Industries With Security, Access Control And Data Protection
Biometrics Provides Industries With Security, Access Control And Data Protection

Several major players vigorously employ biometric recognition technologies around the globe. Governments use biometrics to control immigration, security, and create national databases of biometric profiles. Being one of the most striking examples, the Indian Aadhaar includes face photos, iris, and fingerprints of about 1.2 billion people. Financial institutions, on their part, make use of biometrics to protect transactions by confirming a client's identity, as well as develop and provide services without clients visiting the office. Besides, biometric technology ensures security and optimizes passenger traffic at transport facilities and collects data about customers, and investigates theft and other incidents in retail stores. Widespread use of biometrics Business, which suddenly boosted the development of biometrics, is an active user of biometric technology Business, which suddenly boosted the development of biometrics, is another active user of biometric technology. Industries choose biometric systems, as these systems are impossible to trick in terms of security, access control, and data protection. Being in demand in business, these three tasks are also relevant for the industry. However, the use of biometrics at industrial sites is discussed unfairly seldom. Therefore, it is the face identification that is the most convenient there, as workers often use gloves, or their hands may be contaminated, and the palm pattern is distorted by heavy labor. All these features make it difficult to recognize people by fingerprints or veins and significantly reduce identification reliability. Therefore, industries seek facial recognition solutions. Thus, let us demonstrate the application of face recognition technology at different enterprises, regardless of the area. Facial recognition use in incident management Facial biometric products are known to automate and improve the efficiency of security services by enriching any VMS system. These systems provide an opportunity of instantly informing the operator about recognized or unrecognized people, and their list membership, as well as save all the detected images for further security incident investigation. Furthermore, some sophisticated facial biometric systems even provide an opportunity to build a map of the movements of specific people around a site. Besides, it is relevant not only for conducting investigations but also in countering the spread of the COVID-19 virus. Identifying and tracking COVID-19 positive cases Therefore, if an employee or visitor with a positive COVID-19 test enters a facility, the system will help to track his/her movement and identify his/her specific location. It will also help to take the necessary measures for spot sanitary processing. Thus, the introduction of biometric facial recognition at the industrial enterprise can improve and speed up the incidents’ response and investigations without spending hours watching the video archive. Access control system to secure physical assets The right access control system can help industries secure physical and informational assets The right access control system can help industries secure physical and informational assets, cut personnel costs, and keep employees safe. Facial recognition systems may enrich access control systems of any company by providing more security. As biometric characteristics, by which the system assesses the compliance of a person with the available profiles in the database, cannot be faked or passed. The human factor is also reduced to zero, due to the fact that while identity documents can be changed, the inspector can make a mistake or treat his/her task carelessly, be in collusion with an intruder, the biometric system simply compares a person in front of the camera with the biometric profiles database. Biometric facial identification software For example, RecFaces product Id-Gate, a specialized software product for reliable access control to the site, checks the access rights by using biometric facial identification alone or in conjunction with traditional IDs (electronic passes, access keys, etc.), which means that there is almost a zero probability of passing to the site by someone else's ID. The access control system’s functionality allows one to strictly account the number and time of all the facility’s visitors and also track their movement. When unauthorized access is attempted or a person from the stop list is detected, Id-Gate sends an automatic notification to the access control system and operator. Enhanced data and information security Even despite the division of access to different industrial enterprise areas, the security service needs to provide independent information system security. Employees with the same facility access rights may have different access rights to data. However, in that case, a personal password is not enough, as an employee may forget it, write it down and leave it as a reminder, tell a colleague to do something for him/her during the vacation, or just enter it at another person’s presence. Password-free biometric authentication systems make the procedure user-friendly and secure Password-free biometric authentication Password-free biometric authentication systems make the procedure user-friendly and secure. Such systems usually provide an option of two-step verification when successful password entry is additionally confirmed by biometric recognition. Hence, it is particularly relevant due to the current lockdown in many countries. To sum up, the application of biometric technologies solves several issues of the industry, such as: Optimizes and partially automates the work of the security service, as it provides reliable identification and verification of visitors/employees, reduces the amount of time spent on finding a person on video and making a map of his/her movements, without spending hours on watching video archive in case of investigation. Provides a high level of reliability and protection from unauthorized access to the enterprise and the information system. Provides a two-step verification of the user/visitor (including password and biometric data) and almost eliminates the risk of substitution of user data/ID.