College campuses have been some of the most ardent champions of access control. In 2021, most campuses have electronic access control installed in at least some of their buildings, including assembly halls, gyms, classrooms — and of course, dormitories and other student residence areas. While many industries are just now adopting electronic access control, campuses have been using physical access credentials like proximity cards, magnetic stripe cards, and smart cards for decades.
Companies are finding a way to cut costs and keep their employees safe through their smartphones. More and more businesses are using their phones instead of an access card or key fob to enter a building. This is allowing companies to save on card costs, which can quickly add up.
There are 2 technologies that allow mobile access, Bluetooth Smart and NFC.
Bluetooth Smart is able to operate both at close range and from a distance, supports both iOS and Android, and has low power consumption. Environments with mixed device populations and those that require activation from a distance are best served by this communication standard.
The NFC standard, operating in HCE mode, is a good choice for close-range applications (less than 10 cm or direct contact with a “tap”) that do not include iOS devices in the mobile population.
A mobile access solution should be designed with security as a first priority. Managing sensitive identity data on mobile devices requires a holistic view of end-to-end security. Some of the questions to consider are:
- How are Mobile IDs generated?
- How are they managed over the entire lifecycle?
- How can Mobile IDs be securely stored on mobile phones?
Attacks can come in many ways so mobile IDs must be encrypted to prevent manipulation. All Mobile IDs and user information should be protected by cryptographic operations. Applications that manage Mobile IDs should run in a dedicated sandbox, ensuring no unauthorized apps can access or modify data.
We recommend banning jail-broken or rooted devices from business use. If a phone that is being used for mobile access is lost, stolen or compromised, it is easy to remove the access. If the device is found again it can just as easily be re-activated.
It is very important to have a policy in place that if a phone is lost it be reported. This policy should already be in place in the event a card or key fob goes missing. To further reduce the impact of a stolen device, devices can be configured to engage only with readers when the device is unlocked. You want to use trusted back-end services to protect your access control system.
You will need new readers to implement this solution, but it will save you money on cards and make life easier for your employees.
About Security Instrument
From Fortune 500 to local SMB’s throughout the Tri-State area, Security Instrument integrates custom security systems to meet the needs of commercial clients.
Security Instrument is Delaware’s largest full-service independently-owned security firm with over 75 employees serving thousands of customers throughout Delaware, Pennsylvania, New Jersey and Maryland.
309 West Newport Pike
Wilmington, DE 19804
28340 Lewes Georgetown Hwy.
Milton, DE 19968