Creating Pathways to Mobile Credentials
By: Jon Polly | Jul 06, 2022
The cell phone has become both a blessing and a curse to many. It is always available, always on, and always there. A recent publication claims that the average person unlocks their cell phone more than 150 times a day. This revelation of technology that has revolutionized the world has made its impact on the security industry as well. While the trend for this was already there pre-pandemic as companies were beginning to incorporate mobile credentials into their roadmap for digital transformation, the process of using digital technologies to create or modify business processes, culture, and customer experiences to meet changing business and market requirements has really taken off. According to a study by 6Wresearch, the Global Mobile Credential Reader market is expected to grow at a compound annual growth rate (CAGR) of 29.2 percent during the 2019-2025 period. The study was completed in 2019, and the CAGR is probably significantly higher now, with the need for touchless or hands-free entrance applications.
Most security integrators are familiar with selling Bluetooth-enabled readers and mobile credentials. Those familiar with this have found recurring revenue and the sale of additional managed services to customers to manage the mobile credentials. Some have even gone the route of writing their own mobile applications, while others rely on the vendor’s mobile application. While this is working for now, the mobile credential may be on the verge of getting a shot of adrenaline, by way of the technology giant Apple.
For the past few years, Apple has been working with access credential company HID to create an integration of credentials between HID and the Apple Wallet; and others are quickly following suit. This removes the need for a proprietary vendor mobile application and the integration occurs inside the Apple Wallet, where all the Apple Pay applications are held. So, why does that matter? Apple is using a page from their original playbook where students were provided Mac computers. Students were raised using the Mac, and as they got to college and into their professional career, the Mac found its way into universities and most major commercial companies. Today, higher education is a key vertical to transition all student transactions to a single card. The problem is, most higher education campuses have found that students will misplace their access card, but not their phone.
The path to mobile credentials is being paved at a fast pace for everyone in the industry, but what does the technology really look like?
BLE has been around for many years and was once crowned as the obvious winner in the communication race. While that was the case, that title may not be as secure as it once was.
The specifics for BLE in the access control is that it operates in the 2.402 GHz to 2.480 GHz range, and can communicate up to approximately 33 feet, depending on interference. This distance is the critical key to BLE’s failure in the mobile credential. Where multiple BLE readers are installed, such as a hallway, there is a constant battle to get the RF field exactly right, so that when the phone enters the hallway, it does not trigger locks to constantly unlock. This can cause an inadvertent security breach, such as a valid BLE credential unlocking a door where someone else entered. While BLE is secure, it is hackable, and can provide an opening. In August 2021, HID released a Public Service Announcement (PSA) stating how the HID Signo reader was susceptible to a Denial-of-Service (DOS) attack using BLE. The reader simply would stop functioning during a DOS attack. The remedy was to turn off or remove BLE readers from public facing openings.
Near Field Communication (NFC)
NFC is being built into both Android and Apple mobile devices, including phones and wearables. There are several advantages of NFC over BLE. The first is that the frequency in which it operates is 13.56 MHz, preventing large data files from being transferred. A second is that NFC has a distance limitation, at approximately 1 inch or less; unlike the 33 feet of BLE. This distance limitation helps NFC communication be more secure. A third advantage is that NFC uses less power, so even if a mobile device is “dead”, it may still be able to communicate to a reader.
To make NFC even more secure, some reader manufacturers have built into the reader a manual action of presenting the phone and then turning the phone from portrait to landscape to ensure access is granted.
UWB technologies are quickly gaining attraction across the security industry. UWB as a mobile credential is no different. Apple is already incorporating UWB into its newest mobile devices and wearables. The Apple Air Tag incorporates both BLE and UWB technologies, where UWB can transmit data rates up to 27 Megabits per second at a range of up to 200 meters (about 656.17 ft). The Air Tag uses BLE to “wake-up” the UWB tag. As a side note, this is also how Apple Air Tags have been used nefariously to stalk someone from approximately two city blocks away.
HID introduced UWB to the security industry at CES 2020, where the newest Signo readers are incorporating the technology to offer the security of NFC, with the effectiveness and distance of BLE. The security comes where the reader enabled with UWB can provide an absolute Real-Time Location of the tag, and while it is “seen” can be limited to not unlock until the preset distance from the reader.
As a further measure of security, UWB operates between the 3.1 GHz and 10.6 GHz frequency, with an accuracy of less than 10 cm (about 3.94 in). While BLE is pervasive in a 2.4 GHz space, the frequencies that UWB operates in make the chance of hacking significantly less, simply because there is so much more bandwidth to cover.
The reality is that every security integrator should have a close eye on the pulse of mobile credentials, and a plan for implementation. More companies are going to shift in that direction as mobile technologies and credentials make it easier for controlling access by providing a digital key. As manufacturers continue to innovate, the migration from BLE to NFC, UWB, or something else, is coming. Customers will look for a partner who can help guide them on the path through digital transformation challenges such as mobile credentials.