Get Smart About Access Control

To open door locks at Arizona State University, participants present the phones to a door reader just like they do with their existing Sun Card.

At this summer’s Google I/O meeting, attendees were given a sneak peek at Android@Home, a project Google has been working on that will let us control everything in our home right from our Android phones. And, it could be ready this holiday season. If Google gets its way, smartphones will direct the fridge to buy the groceries, command the vacuum cleaner to clean the house and open the front door. The future is coming.

And the future looks promising for smartphones. Smartphone shipments will hit 478 million this year, 370 million by the end of 2014 and soar to 1.03 billion in 2015, according to a new report from IHS. Growth is being driven by all types of vertical markets, particularly security, because of convenience and capabilities. When it comes to access control, keys have gradually been eliminated by more secure and intelligent access-control cards. But now a new era is being ushering in by digital keys and portable digital identity credentials that can be securely provisioned and safely embedded into smart phones.

The key to making smartphones act as, well, keys, is Near Field Communications (NFC), a short-range wireless communication standard that enables data to be exchanged between devices over a distance of several centimeters. NFC is fully compliant with the ISO standards governing contactless smart cards. A mobile phone equipped with NFC technology can be used to carry a portable identity credential and then wirelessly present it to a door reader – just like the current plastic smart cards. The phone is simply waved in front of the reader and the user can open the door.

The most simplistic model for NFC digital keys and portable identity credentials is to replicate existing card-based access-control principles. The phone communicates identity information to a reader, which passes the identity to the existing access control system, which then opens the door. This eliminates the need for keys or smart cards while providing a safer and more convenient way to provision, monitor and modify credential security parameters, eliminate credential copying, temporarily issue credentials as needed and cancel credentials when they are lost or stolen.

A World Where Smartphones are Keys

In a perfect world, says Laura Ploughe, director of business applications and fiscal control for Arizona State University, students and faculty would open all exterior and interior doors with their smartphones. Now a trial is underway that may help Ploughe reach that goal. A group of students and staff are accessing a campus residence hall and selected resident’s rooms using HID Global’s iCLASS SIO (Secure Identity Objects) credentials embedded into a variety of smartphones that are connected to all major mobile networks. The smartphones are replacing existing identification Sun Cards.

“We recognize that students’ social lives revolve around their phones, so it makes sense that we come to them with the tools and technology – their phones – that they are familiar with and connect them to the campus with that technology,” says Ploughe.

ASU manages on-campus housing for approximately 13,000 students living in 34 residence halls. To implement the pilot, HID Global deployed iCLASS SIO readers on secured doors to ASU’s Palo Verde Main hall, and HID technology-enabled Sargent Profile Series electromechanical locks on selected resident room doors. Participants were given NFC smartphones carrying the technology that enables new levels of security, convenience, portability and performance. To open door locks, participants present the phones to a door reader just like they do with their existing Sun Cards. Thirty-two participants are using their phones for residence hall access, and some are also using them with a unique additional digital key and PIN to open individual room doors. The technology also supports over-the-air provisioning and management of digital keys, which simplifies administration of the access control system.

Each user has a virtual identity encrypted on an SD card inside the phone. When the phone is presented in front of a reader, the phone’s NFC sends a frequency to the reader, which decrypts the virtual identify and wirelessly tells the door to open. The encrypted SIO has up to seven layers of encryption for the most secure protection, says Ploughe.

In initial feedback, approximately 80 percent of ASU participants (27 students and 5 staff) reported that using a smartphone to unlock a door is just as convenient as using their campus ID card. Nearly 90 percent said they would like to use their smartphone to open all doors on campus. While the pilot was focused on physical access, nearly all participants also expressed an interest in using their smartphone for other campus applications including access to the student recreation center, as well as transit fare payment and meal, ticket and merchandise purchases.

Of the 25 students and five staff members who participated in the program, less than half had a smartphone beforehand. HID Global supplied a new smartphone – an Apple iPhone 4, a Samsung Android, or a BlackBerry Bold 9650 – and a three-month contract to the participants.

While Ploughe says the investment required to roll out a full-scale smartphone electronic access program is significant, she points out that the university deploys 72,000 Sun Cards and at least 22,000 are lost annually. This, she says, adds up to quite a bit of money on card stock and the administrative process involved in replacing lost and stolen cards.

Near Field Far From Perfect

But, in a world where smartphones are keys, what happens if the phone is lost or runs out of power? Ploughe says she is not overly concerned about the former. “When a card is lost, the person may not even realize it right away, but when a person loses a phone, they know it immediately.” Smartphones feature a lockdown mechanism for all personal identity information and door access controls, but is used at the discretion of the participants. As for the latter, Ploughe says she is counting on smartphone developers to figure out a way to keep the phones powered.

Honeywell Win-Pak with Vista integration software was recently installed on classroom doors at East Los Angeles College to create a secure environment for the students, protect the technology inside, and reduce the costs of the brass key and lock system.

Migrating from mechanical keys to smartphones signals are another way mobile phones are helping us minimize the amount of stuff we carry. Digital access means no more keychains filled with so many keys that we can’t remember what they unlock.

However, it could be a little while until smartphones are embedded with the technology to afford keyless entry. The pilot programs at both the hotel and ASU have yet to reach beyond the testing phase because of the immaturity of NFC and that there are no clear NFC standards.

NFC is a very short-range wireless technology designed to pass small amounts of data. It is used in RFID tags and e-ticketing, but the big target, which has so far been ellusive, is to get NFC designed into mobile phones. Once embedded in the phone, users will not have to unlock the phone, launch the app, then press the correct button to unlock a door. A mere swipe of the phone in front of a reader will be all that it takes.

Online and Real-Time

For Miami University, Oxford, Ohio, cell phones are just part of the access control solution. Miami University wanted to electronically manage access privileges on both exterior doors and interior student room doors. “It’s difficult to manage physical keys,” says Larry L. Fink, vice president of Housing and Auxiliaries. So, the goal was to replace mechanical locks and keys and improve security for students, faculty and staff, and enhance ease of access in residence hall rooms and buildings around campus, while simultaneously creating a platform for future system growth and functions.

The university selected an access control solution from the CBORD Group. Ingersoll Rand Security Technologies designed and built the Schlage wireless electronic lock hardware. The system is fully integrated, on-line, real-time, and uses a contactless Smart Card.

Sometimes, implementations can be difficult just by the nature of the project, but Miami added an extra challenge to the project requiring a 90-day summer installation. In the university environment, large access control and security system installations are generally completed in phases, and typically this process spans several years. But, now the university was about to embark on what proved to be one of the largest access control installations of its kind. Software and hardware systems, and devices were installed, configured and brought online for more than 4,200 interior and 325 exterior doors. The project was completed, on time, during the summer.

Students simply tap their card on the contactless reader – no swiping required – for entry to their residence hall room. Access privileges are pre-assigned, in the access control software, and the student ID card takes the place of a key. If a student registers their cell phone with the access control software, they can use a mobile app or text message to open their room door.

The access control software provides many features. For instance, a student can report their ID card lost or stolen via a website, text message, or phone call. Card privileges are suspended immediately and their student room lock is updated instantly.

If a student misplaces or forgets to carry his or her new ID/credential card, a text message can be sent from the student’s cell phone to the access control software to receive instant room access using a feature called “OpenMyDoor.” Students experience greater security and convenience, and this eliminates the need for middle-of-the-night visits by campus residential staff.

If a card is used by someone other than the owner at various readers in an attempt to determine privileges, the card will be turned off and a text message automatically sent to the authorized card holder to notify him/her that an unauthorized person is attempting to use the card.

Staff that need temporary access to secured areas are no longer checking out physical master keys or cards, but are instead granted limited, elevated privileges on their own cards through a feature called “MasterKey.” This feature is available because the locks are always online, and it provides student notification when “MasterKey” privileges are used to access their rooms.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.

ON DEMAND: Apple Mac computer use is growing in the corporate space. Having the solutions and the knowledge base to respond to events that include Mac computers is just as important as their Windows counterparts.