A Word of Caution

Avoid portals in your mobile access control implementation

  • By Scott Lindley
  • Aug 01, 2019

A special word of caution needs to be emphasized when changing over to mobile systems. Many legacy access control systems require the use of backend portal accounts.

For hackers, they have become rich, easy to access caches of sensitive end-user data. These older mobile systems force the user to register themselves and their integrators for every application with each registration requiring the disclosure of sensitive personal information.

The bookkeeping can be confusing. Who signs you up? Who is in charge of security? Does the end-user have responsibilities?

Oftentimes, these portals include hidden fees. What are these? One-time or annual fees? Are the rates fixed through the life of the system? Who’s responsible for paying? It can become both an integrator and end-user nightmare.

Even Governments Agree

For the past several years, there has been a focus by integrators and customers to assure that their card-based access control systems are secure. To give businesses an extra incentive to meet their cybersecurity threats, the United States Federal Trade Commission (FTC) has decided to hold the business community responsible for failing to implement good cybersecurity practices and is now filing lawsuits against those that don’t.

Likewise, in Canada, data protection and cybersecurity are governed by a complex legal and regulatory framework. Failure to understand this framework and take active steps to reduce risks, or the impact of such risks when they materialize, can have serious legal and financial consequences for an organization.

In Europe, the Network and Information Security Directive (NISC) is the main strategy taken to harmonize continent-wide provisions on cybersecurity. As such, the European Union Agency for Network and Information Security (ENISA) is its center of expertise. The main goal is to set high standards of cybersecurity to be respected by each European Union (EU) member state.

Now, as leading international companies are learning how to protect card-based access control systems within these relatively new standards, along comes mobile access credentials and their readers which use smart phones instead of cards as the vehicle for carrying identification information. While many companies still incorrectly perceive that they are safer with a card, when done properly, the mobile can be a far more secure option with many more features to be leveraged. They deliver biometric capture and comparison as well as an array of communication capabilities from cellular and WiFi to Bluetooth LE and NFC.

Nonetheless, these portals yield a major caveat emptor with switching over to mobile access control. Newer answers provide an easier way to distribute credentials with features that allow the user to register their handset only once and need no other portal accounts, activation features or hidden fees. Users don’t need to fill out several different forms. Today, all that should be needed to activate newer systems is the phone number of the smartphone.

Why the Problem Has Been Portals

Too many providers seem to design systems around the way their legacy products are created, not in the way that is logical for the solution. Take, for instance, widgets. Wouldn’t it make sense to take advantage of the way that the Apple iOS 12 delivers them? Add 3D touch, Widget and Auto-Unlock all into the Wallet App? Create increased user convenience, not manufacturer’s expediency.

For instance, what if the newly improved Widget let the user make up to three mobile access control credentials as widgets. This saves time by allowing quicker access to credentials supporting divergent building systems such as payroll, parking and cafeteria systems accessible directly from the smartphone’s home screen.

With 3D Touch, a new pressure-sensitive feature, the user could simply push on the Wallet App to select from up to three of the most commonly used mobile credentials. Each user chooses their own combination. For example, a delivery driver may gain entrance to the van parking area while the vice president gets access to the boardroom.

Alternatively, Auto-Unlock could let a user select a certain MAC as their favorite. Once designated, a little star appears in the upper right corner of the mobile credential. As the favorite, it is transmitted immediately whenever the Wallet App is selected.

Don’t Forget How Products Get Sold Either

Smart phone credentials are best sold in the same manner as traditional 125-kHz proximity or 13.56-MHz smart cards—from the existing OEM to the integrator to the end users. In this distribution mode, integrators will find smart phone credentials will be more convenient, less expensive and more secure. They can be delivered in person or electronically. They are quicker to bill with nothing to inventory or to be stolen. End-users will find, in most cases, soft credentials can be easily integrated into their existing access control system. Distribution can also be via independent access control software.

When mobile credentials are sold from OEM to integrator to end user, it avoids setting up multiple accounts and eliminates sensitive personal information from being available for hacking. By removing these and additional intrusive information disclosures, vendors also eliminate privacy concerns that have been slowing down adoption of this technology. They are also protecting themselves from the wrath of governmental standards organizations.

This article originally appeared in the July/August 2019 issue of Security Today.

Featured

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.