Market Trends: Mobile access control today—where are we?
YARMOUTH, Maine—Access control is one of those areas in commercial security that just screams for smartphone compatibility. People seldom leave their home, car or office without their phone in tow, and scanning a prox card or identity badge seems so, well, 2006.
For the past five years at least, security software vendors have been proclaiming a mobile-first strategy, focusing on creating products that exploit the capabilities of smartphones and tablets. And the industry has seen some innovations in administrative apps that untether security managers from their desks.
But the widespread ability to open doors with smartphones, particularly in large enterprises, has been vexingly slow to gain traction. A key reason is that people are using a wide range of Android and iOS devices. Bringing a reader to market that is compatible with all mobile equipment has proven elusive.
Near Field Communication (NFC) chips found in Android phones and iPhones were initially thought to be promising technology for mobile access control, but that’s failed to happen. “NFC isn’t really going to market because Apple won’t make the iPhone NFC chip available to outside vendors— they want to keep it exclusively for ApplePay,” said Scot MacTaggart, security system product manager at PSX, a regional integrator based in greater Philadelphia.
Bluetooth now appears to be the more likely transmission standard, but problems persist because of the many flavors of Bluetooth in cell phones. “I don’t know of a card reader that can handle all versions of Bluetooth,” said MacTaggart, “The technology is fragmented, there are still a lot of moving parts to manage, and you really can’t simply download an app and instantly expect your phone to interact with a card reader.”
One of the biggest players in access control is Brivo, which says it has eight million people using its cloud-based platform. Brivo uses local, encrypted wireless networks to run its Brivo OnAir access control system. “[Our wireless system] is much more convenient than a card—everyone’s carrying a phone anyway—and it’s more secure than even a proximity card, which doesn’t have a second means of authentication like a PIN,” said Brivo CEO Steve Van Till.
Brivo Mobile Pass, the company's digital credential product, allows users to unlock doors with their smartphones and is available as a feature to all Brivo OnAir platform users. “Customers light up when they first see an access control app on their smartphone,” said Van Till. “It has become a must-have feature since we’ve released it.”
Because Brivo Mobile Pass uses a cloud-based API, customers do not have to replace their current card readers, said Van Till. Instead, employees or other users simply select the door they wish to open from an authorized “favorites” list on their phone’s app. A key Mobile Pass feature enables employers to require users to be on the corporate wireless network to operate its functions.
Van Till said that once companies start deploying mobile access control, they can realize a range of new benefits. Employees can easily send messages and photos to security departments and see who is in their offices and who is not. “Plus, there’s a huge opportunity for notifications—security alerts, elevators being repaired, fire alarms being tested—all those things related to facilities management and security.”
There’s another advantage to Brivo’s subscription-based cloud platform, said Van Till. “Our integrators don’t have to sell another client-server platform or install any physical device—the Brivo Mobile Pass feature is right there and easy to turn on. It’s an easy sell.”
S2 Security, a Massachusetts-based manufacturer of security management systems, takes a different approach to mobile access control. Rather than provide a cloud platform, it markets the Web-based S2 Netbox, which provides credential-based access control, along with event monitoring, intrusion detection and video applications.
“We think that selling a small solid-state appliance like NetBox is a better approach,” said S2 CEO John Moss. “We’ve designed it to be driven with a Web browser with no need for a thick client. You can deploy a NetBox controller in the cloud, but you don’t need to. If you put your server in the cloud and install your remote panels in the field, you can have what looks like cloud-based access control.”
S2 has developed its mobile applications extensively, including introducing a mobile “threat level escalator” panic button as part of NetBox, so that teachers, for example, can trigger a lockdown. The Mobile Security Officer (MSO) application, also included as part of NetBox, allows a security officer to open a door for someone who forgot their card, or check the credentials of an unknown person in the building. MSO also enables security staff to take photos with a smartphone or tablet and issue badges without specialized equipment.
In 2016, S2 has enhanced NetBox for smartphones by redesigning the user interface, introducing a new Photo ID system, and tightening integration with its Magic Monitor digital signage and Net VR video products. “By integrating text, video and graphics with the electronic signage a company might have throughout its buildings, you can now display emergency messages or weather and traffic notices, and gain new functionality from the security system,” said Moss.
S2 plans to add new features to its mobile offerings later this year, said Moss. “We’re looking at body cams to acquire video at the edge and using geo-location for security officers that rove from place to place,” said Moss. “People use mobile devices completely differently from desktops—they are personal and always with you—so that opens up a range of exciting opportunities.”
AMAG Technology, an international provider of security solutions, previewed the latest version of its phone credentialing application Symmetry Access Control, at ICS West in April.
“Today, you send a credential from the phone to the card reader that can read not only Bluetooth, but also proximity and Mifare cards,” said AMAG president Matt Barnette, “but down the road we’re expecting to enable the smartphone to send a signal directly to the server through the cloud and unlock a door without any locally-installed back-end system—we’re calling that frictionless local access.”
Barnette sees the future of mobile access control as one in which card readers won’t be necessary. “In perhaps four or five years, a phone won’t need to communicate with a card reader—a WiFi or cellular connection to the server would validate and send a signal to a door to unlock,” said Barnette.
AMAG recently launched Symmetry Guest, a mobile-enabled feature of its Visitor Management System that allows a visitor pass to be emailed. The recipient flashes the barcode on the phone—similar to an airline boarding pass—at a tablet near a reception station, and a card reader-compatible pass is printed with no need to wait in line and be manually signed in.
"Mobility and flexibility will streamline operations around the visitor experience without compromising security policy and procedure," said AMAG Technology, SVP of sales, Kurt Takahashi, in an email interview.
At the upcoming ASIS conference in September, AMAG will officially launch a new reader, which will use encryption and Bluetooth credentialing. “The feedback has been tremendous, and several very large organizations say they’re ready to buy now,” said Barnette. “A big reason is the cost of credentialing: It’s easy to overlook the costs of cards, printing, and staffing badging stations. A basic prox card credential costs about $12 or $13 including labor, whereas a digital credential costs nothing.”
Barnette concedes that mobile access control still has a ways to go before it matures. “We are at the front edge of access control and smartphones, and there’s a lot of confusion about how all this works, especially how a phone’s Bluetooth is delivering the access card credentials,” he said. “As more card readers are migrated to Bluetooth, you’ll see less use of cards and greater reliance on using your phone to get through a door.”
Right now, the expense of moving to Bluetooth card readers is preventing some large organizations from deploying mobile access control, said MacTaggart. “Changing a reader to accept Bluetooth can be an expensive upgrade. Many of our large clients see smartphone access as something they would like, but the smaller, more nimble companies are the ones that are actually doing it—[because] they have many fewer card readers installed.”