Moving to tokenless physical access control
09 January, 2017
category: Biometrics, Contactless, Corporate, Government
Smartphones: A gateway to tokenless physical access control
While biometrics continue on the road to adoption, smartphones are the most likely candidate for a first generation of frictionless physical access control systems.
“Everyone has a phone, and they’re only going to become more and more powerful and capable. So it makes perfect sense to think about how we can use this to help solve problems in everyday life, including security,” Cusack says.
In addition to phones, the wearable market – such as smart watches – are offering opportunities for a place to store the credential, or to work in concert with a mobile device to enable access. Bluetooth Low Energy tends to be the preferred way of communicating with mobile devices because it allows for a definable distance, and it can work in many different applications. A Bluetooth reader could challenge a mobile device to determine whether to grant access. Or a person could walk up to a door and hold up a phone, and then the system would ask the person to enter a PIN on the phone to gain access. A PAC system could also combine both scenarios to create multi-factor authentication.
One example of an existing mobile system is Brivo Mobile Pass, a cloud-based digital credential system that allows users to unlock doors with their smartphones. Instead of using a local reader at the door, Mobile Pass communicates with Brivo’s cloud system through a cellular network, or through Wi-Fi if available, and remotely commands the door to open up with a tap of a button.
Brivo launched Mobile Pass about a year ago and made it available to its existing customer base so that they didn’t have to change out their reader equipment. Later this year, Brivo plans to introduce a Bluetooth capability for the app.
Hardware upgrades necessary
The transition from plastic to virtual has to be planned out and managed, Focke says. That means educating users on how to use virtual credentials. “Most customers can’t just flip a switch and say, ‘OK, next week, we’re doing it all virtual,’ because there’s an installed base of plastic cards that have been issued to all the employees, and you can’t do it all at once,” he says.
Transitioning to frictionless access will involve a greater shift in terms of hardware than software. “The majority of our players are already working with credentials, readers, electronic locks and biometrics,” Mooney says. “So I don’t think it’s going to be a significant leap on the software side.”
Upgrading or changing out readers will be a necessary first step to enabling systems on the front end. “What you want to do is get a reader that still reads the old cards so that people transition – go from card to virtual credential – easily,” Focke says.
Companies would also need to change out their back-office integration systems to upload credential information to the physical access system.
Because of the logistical challenges of installing a new system, companies that are offering cloud-based products should have a much easier time getting these products to customers than companies offering traditional, on-premise systems, says Brivo’s Van Till.
Because of the logistical challenges of installing a new system, companies that are offering cloud-based products should have a much easier time getting these products to customers than companies offering traditional, on-premise systems
Improved standards could also help enable tokenless systems to make different systems and readers interchangeable. Right now, one vendor’s PAC system can work only with that same vendor’s readers. Focke says a Security Industry Association standards committee is in the works to develop a standard similar to its Open Supervised Device Protocol (OSDP) to cover virtual credentials.
Early adopters of tokenless physical access control systems
Tokenless physical access control systems more than likely will go into use in some types of businesses before they do in others.
Property managers are one group that’s shown a great deal of interest in these kinds of features, as their tenants like the feeling of high-tech amenities. “These kinds of things, like entering a building with your phone, are perceived as very flashy amenities, and they’re very attractive to prospective tenants,” Van Till says.
There’s also a strong uptake in the university market. “Students are really keen on using a virtual credential, as opposed to always having to remember their student ID when they enter and leave the dorms,” he says.
Property managers have shown a great deal of interest as their tenants like high-tech amenities; entering a building with your phone is very attractive to prospective tenants
Because using Bluetooth will require a new hardware installation, new buildings are another likely destination for tokenless systems. “A lot of people who already have a system that works with cards just aren’t going to feel that it’s worth spending thousands of dollars to have this feature added to their system,” Van Till says.
Smaller companies are also more likely to go full bore into the virtual credential world simply because of their small scale, whereas larger companies tend to stick with trial runs so they can test out the technology in one part of the building, Focke says.
Looks won’t change
So how different will the physical access control systems of the future look? Probably not that different. From the outside, it’s likely that the systems will look similar to how they do now with just a reader near the door. Or, there might be no visible equipment at all because readers can be hidden behind walls or above ceilings. Alternately, a user might not see a reader, but a symbol or sticker on the wall to indicate that there is a system in place.
Because they will rely on “smart” devices, tokenless systems could come equipped with more features that leverage their intelligence. Those features might include sensors that can collect data, both for the physical access control system and other uses.
“They have power and they have intelligence,” Cusack says of the readers. “And so it’s natural to think about how to take advantage of that for other applications as well.”
Not everyone is ready to go charging into tokenless access just yet. Allegion is trying to promote the benefits of upgrading systems while still trying to make sure that its customers have everything they need to handle their current access control system. “We still have a large portion of the end user community that potentially may not be using electronic access control at all,” Mooney says.
With physical access control systems dominated by cards and readers for the past three decades, biometrics has always tried to make inroads, yet the price has been high and adoption has been slow. “But now it does seem like a very exciting time as we look at different types of credentials and the whole identity management space,” Focke says.
