Using Mobile Data

Condo owners choose technology for their convenience

• By Scott Lindley
• Jun 02, 2022

One of the leading adaptors to mobile access control systems is the multi-family residential industry, an example being the high rise, luxury condominium that Quantuum Energy Products upgraded in downtown Sarasota, overlooking The Bay.

According to Damon Tarquinio, owner of the integrator, "This building had an older access control system they wanted to upgrade. They felt that they could no longer rely on their older key fob system. Their condo board had expressed a desire to move up to a current technology that would also help them future-proof their way of getting into the building."

Making the Move
The condo residents wanted to move to a mobile technology. They were the pushers to the new system.

"These residents walk their dogs a lot," Tarquinio said. "They go in and out of the condo grounds often and always seem to have their phones with them to keep in touch. They don't always want to bring their key fobs with them as usually they are connected to their other keys and don't want to risk dropping them and losing them."

When delicately asked that, as seniors, would they have any problems with a new technology, the refrain seemed to be consistent, "Oh, no, if I have any questions, I'll just ask my grandchild."

Tarquinio then asked what they were presently using and it turned out that they were deploying a system in which Quantuum could simply pull out their old readers and replace only the new mobile system readers. By not having to switch the entire system, only changing the readers, would save the condo owners a major expense.

This brings up an important point for both integrators and their end users when upgrading a system. With one simple question, "What Are You Using Now?" Tarquinio saved his customer many dollars. If the integrator doesn't ask the question, the customer should ask if parts of their present system can be re-deployed. After all, many of these vendors are OEMs, having among their customers, scores of private-labeled units. Several of them feature multiple products. With this as a background, many integrators will often find it easy to select older products that they can integrate simply.

The condominium had the usual access points found with most multi-family projects. To get from the parking garages into the lobby, there were one or more doors to access. The fitness club and pool were connected via an elevator that needed to be controlled. There was the classic entry at the front entry and side exit portals from the building grounds to the outside. But for some of the access points, like the parking garage gates, the old key fob system could not tell them who was where when.

Interestingly, when they were going to put in the new mobile system, Quantuum was also asked if they could easily install a new key fob system that could be as to-date as the using of their smart phones for access.

"For these residents, we were able to answer with a double affirmative," Tarquinio said. "First of all, this system can use smart cards and key fobs – which are more secure than the old technology fobs they were using, in place of their smart phones. And secondly, these fobs do not have the looks of the cheap little plastic pieces typically deployed. They have the classic looks that a proud luxury condominium resident would want to show off."

What Has Led to the Growth of Mobile Access Control?
Until recently, there has been a focus by integrators and customers to assure that their card-based access control systems are secure. As companies were learning how to protect card-based access control systems, along came mobile access credentials and their readers which use smart phones instead of cards as the vehicle for carrying identification information.

While many companies, still incorrectly, perceive that they are safer with a card, when done properly, the mobile can be a far more secure option with many more features to be leveraged. They deliver biometric capture and comparison as well as an array of communication capabilities from cellular and Wi-Fi to Bluetooth LE and NFC.

A special word of caution needs to be emphasized when changing over to mobile systems. Many legacy access control systems require the use of back-end portal accounts.

For hackers, they have become rich, easy to access caches of sensitive end-user data. These older mobile systems force the user to register themselves and their integrators for every application. Door access – register. Parking access – register again. Data access – register again, with each registration requiring the disclosure of sensitive personal information.

Newer answers provide an easier way to distribute credentials with features that allow the user to register their handset only once and need no other portal accounts, activation features or hidden fees. Users don't need to fill out several different forms. Today, all that should be needed to activate newer systems is the phone number of the smartphone.

The Smartphone Itself Provide Protection
As far as security goes, the smartphone credential, by definition, is already a multi-factor solution. Access control authenticates you by following three things.

• Recognizes something you have (RFID tag/card/key)
• Recognizes something you know (PIN) or
• Recognizes something you are (biometrics)

Your smartphone has all three authentication parameters. This soft credential, by definition, is already a multi-factor solution. Your mobile credentials remain protected behind a smart phone's security parameters, such as biometrics and PINs. One cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work.

The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors – availability and built-in multi-factor security verification – are why organizations want to use smartphones in their upcoming electronic access control implementations.

Leading smartphone readers additionally use AES encryption when transferring data. Since the Certified Common Criteria EAS5+ Computer Interface Standard provides increased hardware cybersecurity, these readers resist skimming, eavesdropping and replay attacks.

When the new mobile system leverages the Open Supervised Device Protocol (OSDP), it also will interface easily with control panels or other security management systems, fostering interoperability among security devices.

Likewise, new soft systems do not require the disclosure of any sensitive end-user personal data. All that should be needed to activate newer systems is simply the phone number of the smartphone.

Used in a Wide Variety of Applications
Some functions just naturally lead to the use of smartphone-enabled access control…colleges and universities, where the users are never typically more than a body length from their smartphones whether in the dorm, at class, watching the football game or visiting mom and dad, are prime. The sole benefits are convenience, convenience and convenience.

Their smartphone can help them get into their dorms, attend the special lab course, verify their identity for on-campus tickets and even ride the bus. That's why institutes of higher learning are a sure bet to soliciting mobile access control.

Another prime prospect is anywhere you find large parking lots and structures. With their 15 foot read range, smartphone credentials let drivers easily get reads from well beyond what proximity and smartcards will provide and do it from the confines of their car even when it is raining. Drivers can stay dry and warm or cool when accessing the parking booth at the entrance or self-service boom.

Secure applications such as in medical facilities, access to data rooms and armories are proving to be other great areas for using mobile access. As far as security goes, the mobile credential, by definition, is already a multi-factor solution.

To emphasize, one cannot have access to the credential without having access to the phone. If the phone doesn’t work, the credential doesn’t work. The credential operates just like any other app on the phone. The phone must be “on and unlocked.” These two factors – availability and built-in multi-factor verification – are why organizations want to use smart phones in their upcoming access control implementations.

Plus, once a mobile credential is installed on a smart phone, it cannot be re-installed on another smart phone. Think of a soft credential as being securely linked to a specific smart phone. Similar to a card, if a smart phone is lost, damaged or stolen, the process should be the same as with a traditional physical access credential. It should be immediately deactivated in the access control management software - with a new credential issued as a replacement.

Mobile Access Control for Little Boxes and Cabinets
Now, key management of small format interchangeable core applications such as cabinets and lock boxes is now possible with mobile access when you replace the mechanical locking device with a smart, secure digital technology activated via your mobile device. With specific capabilities in healthcare, retail and commercial, government and learning and higher education environments, mobile access will work anywhere you need.

Access control is critical in healthcare facilities but the cost has always been prohibitive. Because now you can extend electronic access control to anywhere you currently use a mechanical lock with a small format interchangeable core (SFIC). This includes medicine cabinets, linen closets, filing drawers and more.

In retail establishments, an improved and cost-effective way to monitor, manage and trace individual access to inventory, offices records, back-of-house storage and display cases is deploying mobile access control. Improved savings and reduction of administrative effort spent on changing keys or replacing cores due to high staff turnover can be avoided.

Government agencies have many doors and cabinets where sensitive information is kept in offices, files and cupboards in location where there is close proximity to the general public. Wherever there is a smaller space using a digital "key" to protect what is stored inside, it can now be managed with mobile access control.

Writing a year ago, Gartner, the research company, forecasted "The mobile access control market is primed for mainstream adoption, providing product leaders with opportunities to expand into new business areas and service models. Product leaders should build mobile access options into their roadmaps to support emerging customer demand."

This article originally appeared in the May / June 2022 issue of Security Today.