Smartphone: access control in five steps

Access via smartphone can increase user-friendliness for employees. The company, for its part, also benefits, for example through significantly reduced administrative work.

How can companies approach such an implementation in concrete terms? HID Global, provider of secure identity solutions, explains the procedure in five simple steps.

Step 1: Analysis of the existing access control system

First, the current access control infrastructure must be analyzed. How old is the existing system, and specifically the reader devices? Is an upgrade enough or do the readers need to be completely renewed? As a rule, older card readers are neither BLE nor NFC capable. One must check here to what extent the controller supports open manufacturer-independent standards such as RS484 OSDP, Wiegand or Clock&Data. If this is the case, nothing stands in the way of a smooth migration. If an upgrade to a current technology is necessary anyway, one should always make sure when selecting the new system that the card readers have open communication interfaces, ideally an OSDP-RS485 interface, which can also be used for firmware updates. It is important that the new readers are upgradeable, even if you do not want to use mobile access via cell phone directly for the time being.

If there is already an access control system with access cards or key fobs, the goal is not simply to replace an existing solution with a new one. In many cases, this may be the right way to go, but it may also make sense to use smartphones or wearables to supplement existing cards, or to grant convenient access via cell phone only to certain people, such as the management team.

Another important question: are current access control readers capable of supporting mobile access, for example in terms of the required reading range?

Step 2: Which smartphone types should be supported?

After analyzing the existing system, it is necessary to clarify which mobile devices should be supported and which should not. The analysis of the user base helps to design an efficient solution.

How many users should be registered for the mobile access solution? Which areas could benefit most: the parking lot, the main entrance? What different roles and access rights need to be transferred and managed?

The answers vary from company to company. Are there exclusively company cell phones or are employees allowed to use their own devices (BYOD)? In this case, the support effort is significantly higher. Currently, the predominant technologies in smartphones and tablets are Bluetooth Smart and NFC (Near Field Communication), sometimes both simultaneously. Both support short-range authentication, but only Bluetooth Smart can enable both "tap" mode for access by briefly tapping the reader and gesture control. In gesture-controlled access mode - called "Twist and Go" at HID Global - the reader is activated by a twisting motion of the cell phone from a greater distance (up to 6 m).

Typically, Android devices support both Bluetooth Smart and NFC. The iPhone 5s and earlier Apple devices did not support NFC, and the 6 and 6s currently do so only with Apple Pay. So in companies with a large iPhone base, Bluetooth Smart would clearly be the technology of choice.

Step 3: Upgrade the hardware on site

After assessing and analyzing the necessary technologies, companies can plan the installation of new hardware or upgrades to existing readers. If readers need to be replaced, it should be ensured that they are mobile-ready in order to avoid unnecessary follow-up costs such as retrofitting the BLE modules and the associated flashing of the reader. This equips you for the future and the investment is also worthwhile in the long term.

This third step is completely dependent on the results in steps 1 and 2, which must be carried out thoroughly accordingly. Parking garages, main entrances or elevators all benefit from longer range readers supported by Bluetooth Smart. Opening a garage door from a car without having to roll down the window and lean out, or gaining access to a building simply by walking up to it, already represents a very high gain in usability for employees. On the other hand, doors that are close to each other should rather be opened by direct reader contact, so that the wrong door is not opened unintentionally - for example in a long corridor with many readers.

Companies should therefore take the time to specify their requirements precisely: this is the only way to create a cost-effective and secure solution.

Step 4: Identifying the right software

Now it's time to think about the accompanying software. Mobile IDs should be sent, managed and revoked wirelessly. Coding, printing or returning access cards thus become superfluous. This is a huge advantage especially for temporary visitor cards.

The right software enables administrators to batch upload user data and email instructions to individual employees. Mobile IDs are based on cryptographically protected data objects with a modern encryption protocol and algorithms. The portable data objects are unique and each is bound to the device for which it was issued. They cannot be transferred. From the reader's side, communication between the mobile device and the reader is secured by an additional layer of encryption. The screen lock on the mobile device also renders the mobile ID unusable if the device is lost.

The right software should also be open so that it can be integrated into existing applications. This step is especially necessary for large plants to avoid maintaining multiple systems.

Step 5: Mobile ID creation and distribution

Once hardware and software are installed, the final step is to distribute mobile IDs to relevant employees. Mobile Access requires the download of the HID Mobile Access app. This is available free of charge from the Apple App Store or Google Play, so users can download it from there. After installation and an additional check for even more security, the smartphone is ready to act as a digital access control card.

This step must be made as simple as possible for employees. It is important to have a clear approach throughout the mobile ID issuance process. With a cloud-based system, for example, individual Mobile IDs can be easily sent to individual employees: Users receive an email that allows them to activate their digital IDs on their phones. To do so, they simply double-click on the code in the email to confirm. It couldn't be simpler.

"The use of mobile access brings clear added value to companies - both in terms of corporate security and the user experience," notes Markus Baba of HID Global. "Employees no longer perceive access control as a nuisance, and the company's image also improves as a result of demonstrated employee orientation and the use of state-of-the-art IT."