Mobile technology is a big part of our everyday life. Yet when it comes to physical security, mobile adoption isn’t so widespread due to various concerns, including hacking and cyberattacks. A proper understanding of mobile technology will help dispel those concerns and assure users that using mobile is quite safe.

It goes without saying that the smart device has dominated the everyday life. We use it to call and message people, check weather and browse the Internet. When traveling in a foreign land, we use it to navigate, and even translate the local language into our own.

That’s why it would seem natural to use the smart device as part of security. For example, using the smartphone to open doors would be much easier and more intuitive than using access cards, which we tend to lose or forget to bring from time to time.

Yet mobile adoption in the physical security arena is not so widespread, due to certain concerns expressed by users. Below are some of those concerns and how they can be addressed by mobile solutions that are secure, flexible and easy to use.

How secure is using mobile?

Security is often cited as the biggest concern for using mobile devices in access control. This is understandable given the hacking and intrusion reports that we read from time to time. Yet there are certain features in the phone and in the access control system that make security less and less of an issue.

First, on the device itself. Nowadays the smartphone already comes with certain security features to minimize identity theft. Some mobile solutions hold the option of adding two-factor authentication using the built-in device security, such as fingerprint, PIN or facial ID on some phones. This is considered industry best practice and adds an extra layer of security, particularly if using biometrics, to ensure the credential cannot be used by anyone other than the authorized credential holder.

Then, more and more access control systems allow secure communications between the device and the reader to prevent security breaches. Authentication methods like a public key-based credential will keep communication secure between the reader and device. The reader will send a random string of data to the phone and, using a private key securely stored in the phone’s key store, the phone will sign the data and send it back to the reader. The reader will use the public key to validate that the digital signature is correct and, if so, will open the door. As a different random string of data is sent to the phone every time, there is no risk of unauthorized entry via replay attacks.

What if we use combined staff ID/access cards?

Some end user entities use the access card as staff ID and are concerned that they need to abandon their staff ID once migrating to mobile. A combined staff ID/access card introduces risks, and using mobile eliminates those risks.

If someone were to misplace their card, it is easy for the person who found it to identify which organization it belongs to and use it to gain unauthorized access to the building. Separate staff ID and access credentials can mitigate this risk, with mobile credentials negating the need for staff to carry two cards. Mobile reader technology can also be used to verify whether someone is authorized to be in a particular area on site. Using a mobile reader, a security operator can read an individual’s credentials, verify their identity against the staff photo on file, and confirm if they have the authority to be in a certain area.

What if I don’t have a suitable device?

Some staff who do not have suitable mobile devices are concerned that they can’t get into the building. Yet, moving to mobile credentials doesn’t have to be an all or nothing solution. It’s not uncommon for sites operating mobile access technology to offer staff the choice between a mobile or card credential to ensure no one is excluded.

Adapted from a&s Magazine