The common communications standards used for mobile phone credentials are BLE (Bluetooth Low Energy) and NFC (Near Field Communication)
Key differences between these two smart reader technologies are highlighted below
BLE-Enabled Readers
- Operating Distances: BLE-enabled mobile readers have a programmable, high-speed, encrypted transmission with selectable ranges between 2 and 30 feet, making them ideal for hands-free Electronic Access Control applications. Some BLE apps also can communicate from inside a pocket or purse when the app is open, making it much more convenient than NFC
- Device Availability: All smartphones are Bluetooth-enabled. App-based solutions use a smartphone to trigger a door event directly
- Installation: Although Bluetooth readers are generally mounted on the doors' secure sides, outdoor readers are available if a specific application requires them
NFC (Near Field Communication) Enabled Readers
- Operating Distances: NFC-enabled mobile readers allow for the contactless exchange of data via wireless technology over short distances and are the same technology used to enable contactless payments. This typically requires tapping or twisting the phone on or near the terminal. Closer proximity prevents interference from other devices communicating from farther away
- Device Availability: NFC is only available on Android devices or limited to Apple Pay on iPhones
- Installation: Since NFC readers have such a short and limited read range, they must be mounted on the unsecured side of the door and encounter all the problems such exposure can breed
How are mobile credentials changing the landscape of access control?
With the increased use of mobile phones to replace the functionality of plastic stores and bank cards, it’s a natural progression to include access credentials in that mobile phone virtualisation. Not needing to carry physical credentials such as tags or cards combined with the remote provisioning of mobile credentials makes it appealing to all stakeholders involved.
Remote provisioning also plays into people's post-Covid awareness of contact with surfaces and other people, enabling frictionless or contactless onboarding of users. Issuing credentials remotely is particularly beneficial when physical card hand-over would be difficult or inconvenient. Examples include visitors or colleagues from other sites or, when hotel guests arrive, it could enable a reception-less hotel operation.
Consider the cost benefits
Other main benefits of contact-free access control systems are cost implications — deploying mobile credentials on users' smartphones via cloud-based solutions removes any need to purchase plastic cards or pay for their printing and investing in costly credential infrastructure. Replacing, cancelling and reissuing a mobile credential is in many instances essentially costless and enables a business to reduce its use of non-recyclable plastics. Lastly, the security of mobile credentials improves on traditional card-based access control.
Losing a plastic key card sometimes goes unnoticed, heightening the threat to site security due to a longer reaction time from the security manager to disable the card. A missing mobile phone is likely to be noticed more quickly, allowing access permissions to be swiftly cancelled or amended over the air as everything happens instantly inside the credential app. Even if a missing phone is not spotted immediately, almost every device now has a built-in failsafe such as biometrics, fingerprint or face ID screen-locks, stopping any casual thief from using a phone's mobile keys.
How do companies leverage the investment taken in the existing access control system to make it work with smartphones?
A common question installers get asked is about the challenges of switching standard electronic access control systems for mobile access control systems — especially for businesses which may not have a large or specialist in-house security team. In many cases, there will be no disruption to existing doors or door operators and no drilling around the door. Depending on your client's existing brand and the type of keypads or readers and access control panels, a rip-and-replace strategy might not be required. Many smart readers are designed with mobile credentials in mind and can be easily upgraded to allow for mobile access.
It's also worth mentioning that often plastic credentials co-exist alongside mobile credentials seamlessly, so during the upgrade, the reader can be configured to only read credential types as desired by the client, allowing for a smooth transition to full mobile access.
When implementing mobile access, what are some of the things to consider before deciding on which type of reader to invest in?
Before advising your client, it's worth noting that the architecture that underpins a mobile access control solution comprises more than smartphones. System elements also include - mobile reader selection, transaction security, mobile app integration and potentially back-end integration.
A few things to consider before deciding upon a particular technology are:
- Is the objective to combine the use of mobile devices and smart cards, or to transition to using only mobile devices?
- Addressing and evaluating the various access control scenarios needed at a specific site
- Outlining which of these scenarios mobile access control is expected to play a role in
- How to ensure security, privacy and convenience for all access scenarios (access to doors, data and cloud applications)
- The number of users the system will serve
- The different roles and access rights which need to be assigned and managed
- New processes or policies that might need to be established?
- How mobile access controls would be integrated with back-end systems
- Areas which need to support mobile access: for example, parking garages, main entrance doors, elevators, office doors, and computer server rooms
- Which communications standard(s), BLE vs NFC, would be appropriate for user applications
- The mechanism of securing over-the-air communication between servers, mobile devices and readers
- How you would ensure that your client's investment in mobile can be leveraged well into the future