'Badging In' Goes Digital & Higher Security
Once a fairly ‘vanilla’ choice, access control reader and credential options today include an array of more secure mobile, digital and security options to fit every user’s need and budget.
There was a time not too long ago when choosing the card and reader for an access control installation consisted of which proximity reader style from a limited number of suppliers you liked and how many 125 kHz cards or fobs you needed to purchase. But with the rising popularity of mobile credentials, the cost of smart cards coming down to proximity-level and readers undergoing a significant upgrade in security and features with OSDP and other trends, those days are disappearing.
“For many years everybody’s first thought about the access control system started with credentials and readers,” says Richard Goldsobel, vice president, Continental Access, a division of Napco Security Technologies, Amityville, N.Y. “With the advent of mobile credentials, this changes the nature of a credential, moving away from physical to logical.”
Chris Randall, director of sales, Americas, AMAG Technology, Torrance, Calif., says the type of credential isn’t the only thing that has changed about the access control experience. “The definition of a credential used to describe only access cards that opened doors. Today these credentials are also asked to validate identity across multiple platforms, such as time and attendance, visual verification, cyber security and dual authentication … Moving forward the credential is now collapsed into the IoT movement. These credentials are now living within cell phones while asking for the same — if not more — functionality.”
This leads to a whole new outlook about the role of access control readers and credentials, adds Brandon Arcement, director, product marketing, HID Global, Austin, Texas. “Organizations want to give their users new experiences in a trusted environment,” he says. “Their users want the ‘digital cohesion’ of opening doors with their smartphone apps, as well as authenticating to enterprise data resources or accessing a building’s applications and services … These solutions simplify how occupants move through a facility and interact with smart building services.”
Jeff Bransfield, national sales manager, RS2 Technologies, Munster, Ind., says it is not so much the credential that has changed as the experience. “Rather than a simple key fob or card, credentials are now truly centered around a person’s identity, and everything around what that means. The core of the credential hasn’t changed much in that it grants access to an authorized individual; but the technology itself and what it feels like to the end user has evolved far beyond a standard brass key … Credentials now hold the key to so much more than just access privileges.”
Such changes put more responsibility on both the end user and the security integrator to choose wisely, says Lisa Corte, director of product management, access and egress hardware group, ASSA ABLOY Opening Solutions Americas, New Haven, Conn. “A credential used to be just a card that came with the chosen access control system or reader and locksets; there was not much thought put to the credential itself … Today, with the increased capabilities of access control systems and readers, facilities are able to use credentials of choice with access control systems of choice. With this increased flexibility, it’s increasingly important to consider the security of credentials.”
Today’s Credential Choices
Access control credential security awareness is on the rise, as more users are made aware of the issues surrounding the most popular credential technology today: proximity. Even so, with the hold that technology has on the industry, most predict a slow decline rather than a rapid shift in credential choices.
“End users are starting to recognize that technology is as easily copied as a brass key and that is causing them a lot of concern,” Bransfield says. “They are asking questions like, ‘Are we at risk?’ ‘How do we get past this?’ and ‘What credentials are best?’ Considering these concerns is essential in creating a deployable solution that will provide peace of mind.”
Concern about proximity is creating a touch point with users, Goldsobel adds. “In the past year there has been a definite raising of awareness about potential insecurities of proximity… as many prox users and integrators start to hear how you can go to a local store and duplicate a card. The thing is, once that happens it opens a decision point so they understand they need to go to a smart or mobile credential.”
As budgets allow and technology reaches end of life, end users likely will shift from proximity to something else, but it will take time.
“It will be a long time before you see the last prox card because there are so many legacy cards in use,” says Peter Boriskin, chief technology officer, ASSA ABLOY Opening Solutions Americas. “But that is not where the growth is. The unprecedented growth we are seeing with mobile is due to the added value it provides. Prox and smart cards are predominately used only for access control, but mobile also provides convenience and a higher level of security.”
This may be why, while smart cards took seemingly forever to take hold — only reaching maturity when the cost significantly decreased — mobile credentials seem to be on a much faster track.
“The most prevalent change in the last few years is the rise of mobile credentials,” says John Szczygiel, senior vice president and COO, Brivo, Bethesda, Md. “They are not yet dominant, but have come a long way in a very short period of time, especially if you consider that today’s RFID technologies came into physical security about 40 years ago.”
It is more than the decline of prox causing mobile credentials to surge, however. There are plenty of benefits to the technology itself.
“Mobile credentials will trend upwards following the consumer market’s growing adoption rate of users using their smartphones for payments … displaying a QR code for boarding passes and controlling smart devices for their homes,” says David Price, vice president of communications and business development, Camden Door Controls, Mississauga Ontario, Canada.
From smart cards to biometrics and mobile credentials there is no shortage of choices when it comes to moving on from proximity.
“We are on the cusp of the next generation in credential technology for those who choose to evolve,” Price adds. “The possibilities include smart cards, biometrics, mobile devices and also ‘none of the above.’ The current explosion of experimentation with mobile credentials is really interesting.”
Mark Allen, general manager, physical access systems, Identiv, Santa Ana, Calif., predicts this is just the beginning. “In the next five years we will see a continued commitment to end-to-end encryption as end users learn more and, in turn, demand more. We will begin to see older forms of access control credentials, such as proximity cards, phasing out to make way for newer, more secure technologies such as mobile credentials and biometrics.”
Like credentials, readers are also undergoing a shift of their own — much of it also due to security concerns.
For many years reader manufacturers have focused on multi-technology readers that allow for credential upgrades without having to change out the readers. With the popularity of mobile credentials, adding Bluetooth capabilities has become commonplace.
“The biggest trend on the reader side is absolutely the ability to support multiple credentials at once to allow for a seamless transition from lower security credentials to higher security card formats and mobile credentials,” Corte explains.
“Organizations are coming out with transition readers … that help an organization migrate from prox to smart cards to mobile when they are ready,” Randall says. “These readers help the company transition when either budget allows or when they are ready to upgrade. The readers also allow users to use cards or their phone as a credential.”
Unlike cards or biometrics, mobile credentials come with a challenge — namely, how to ensure the reader only lets the authorized person in. Some of this is handled on the credential end. (For example, HID has five different methods of configuring their mobile access solutions, from tap to twist-and-go to apps and widgets). But readers are also being employed to prevent tailgating, Boriskin says.
“We are beginning to introduce ultra wideband technology to readers, which allows us to know if a credential holder is just walking by a door or is actually walking toward the door with intent to enter.”
Brivo will be introducing a reader/control panel that supports what Szczygiel calls “fluid access,” enabling users to show positive intent to enter a space with a mobile credential.
The other significant trend in access control readers is the growing acceptance of SIA’s Open Supervised Device Protocol (OSDP), which replaces the less secure Wiegand protocol, Boriskin adds. “OSDP is to Wiegand what smart cards are to prox. Wiegand is fast and convenient but also less secure. OSDP is gaining traction because it provides a higher level of security in processing information from the credentials back to the system.”
Jason Ouellette, head of ACVS technology business development, global building technologies and solutions, Johnson Controls, Milwaukee, adds, “OSDP is becoming table-stakes for readers today and we see this being a requirement for any reader in the future to protect the customer’s investment to the door because it provides a higher level of security while addressing an open standard for door functionality.”
OSDP is also in the process of becoming an IEC international standard. Tony Diodato, CTO, Cypress Integration Solutions, Lapeer, Mich., and co-chair of the SIA OSDP Working Group, explains, “SIA’s OSDP is over the ‘earlier adopter’ stage and headed into a growth phase boosted by imminent acceptance as an international standard, as well as the emergence of compliance testing facilities. It enables installers and integrators to finally secure and supervise the connection between reader and control panel as well as provide a means for enhanced features and interoperability among manufacturers.”
Like mobile credentials, OSDP brings advantages on its own, as well. “It is a gateway to enable credentials and readers to rapidly evolve over the next five years, no longer constrained by previous architecture,” Diodato says.
Eric Green, senior global product manager, Honeywell Building Technologies, Atlanta, says, “Today, we’ve been seeing that every new job entering this field requires support for OSDP, as it brings needed security and capability to our industry,” he says. “We expect to see more reader manufacturers beginning to support some of the advanced features, including firmware downloads, messaging, conditional LED response and more.”
Scott Lindley, general manager, Farpointe Data, San Jose, Calif., agrees. “If a new system leverages [OSDP] it also will interface easily with control panels or other security management systems … Today OSDP fosters interoperability among security devices. It also adds sophistication and security benefits through features such as bi-directional communication and read/write capabilities. In other words, OSDP helps ensure that numerous manufacturers’ products will work with each other.”
Another often-overlooked trend, Lindley says, is the accelerating use of long-range readers for applications such as gates and barriers using long-range transmitters.
Vandal resistance is an increasingly popular request, says Garrett Kaufman, president, Essex Electronics, Carpinteria, Calif. “The reader trend lately for special ruggedized and vandal-resistant readers is big,” he says. “Prior to specialty manufacturers like Essex the basic plastic reader was the only choice available. Now with purpose-built readers they can meet the demand for durability and application.”
Of course, access control cards and readers need to work as a team, functioning as a smooth process that allows the user to have as much convenience as security. Increasingly the intersection of those two concepts is prompting the security industry to come up with some creative solutions.
For example, Goldsobel notes that while many manufacturers have come out with mobile credentials and readers, they don’t necessarily mix and match. Napco recently developed an app for Continental Access that helps with this problem. “Once a physical credential is assigned or made up you can enter it into the Continental system and the mobile app logs it in and knows what user you are [and your permissions].” This gives users the option to have a mobile credential at a system level, he explains, predicting that others may start to consider similar solutions, “if access control companies start to understand that they are really the central entity and just because it is a digital world doesn’t mean they have to necessarily rely on those mobile credentials.”
AMAG and others are aiming to make the transition to OSDP easier, as well. “The wholesale conversion to OSDP for an existing enterprise end user is a heavy lift,” Randall says. “It includes new readers, likely new panels and for some customers new wiring. The Symmetry Blue Reader can establish OSDP communications over Wiegand wire when an OSDP-capable panel is installed.”
HID is doing something similar with its upgrade kit, Arcement says. “It brings Bluetooth and OSDP capabilities to installed readers that don’t currently support these technologies. The upgrade kit is a simple plug-in module and the HID Reader Manager mobile app can upgrade readers to include both Bluetooth and OSDP support.”
However, Lindley cautions that it is important to remember the lessons of past mistakes. “About five years ago, every campus just had to have students and employees use their smartphones as their credentials. However, what was learned was students and employees had different types of phones and they were a nightmare to incorporate … The problem wasn’t with the new technology, it turns out; it was how the industry tried to retrofit their old system into the new solution.”
As these trends progress, no doubt security manufacturers and integrators will continue to devise new and better ways of incorporating them, while maintaining their best functionality and security.