Needless to say, mobile phones are increasingly used as keys to open doors, due to the convenience factor. So how does the mechanism work? How secure is it?
Needless to say, mobile phones are increasingly used as
keys to open doors, due to the convenience factor. So how does the mechanism work? How secure is it?
More and more, mobile credentials are gaining popularity among users. A recent report by MarketsandMarkets suggests the mobile user authentication market size is expected to grow from US$0.55 billion in 2015 to US$1.7 billion in 2020, at an estimated compound annual growth rate of 24.9 percent.
That the mobile device is close and personal to the user is a major growth driver. “Mobile credentials are more likely to be brought with you than a card that could be forgotten at home. Because of its importance, it is unlikely to be given to another person. The added security of unlocking the smartphone adds additional security against misuse,” said a recent
technology note by Kintronics.
How mobile credentials work
Amid mobile credentials’ growing popularity, it would be nice to know how the technology works. According to Kintrnics, a mobile credential is an authorization token much like a proximity card or keyfob. “The ID number is held in your smartphone instead of a card. Just like other types of credentials, it contains a unique number that can be used as the electronic key to open a door with an electric lock. The smartphone can connect to a door reader using Bluetooth, NFC, or even WiFi. Bluetooth (BLE) is the most common type of communication used in the security market,” it said.
When Bluetooth is used, the
door reader is continuously looking for the smartphone that’s running the mobile app, and when the two devices are in range, they transfer the device name, device class, list of available services and additional significant information required to identify the user uniquely, Kintronics said.
“Each smartphone includes a unique 48-bit address which can be used as the key. This identification number is like the ID number that is provided by the card credential. The smartphone app controls the transfer of the identification number to the door reader. The ID number is transferred from the door reader to the controller where it is compared to the list of users. If the ID number is accepted, it will unlock the door,” it said.
Security of mobile credentials
According to the note, using a smartphone with
biometric authentication can improve door access security. “We have known for a long time that biometrics provides a more secure way to open the door than using a card credential that someone carries. The card can be lost or given to someone else. It is less likely for the mobile smartphone credential to be misused in this way. Since some smartphones have embedded biometrics, it can be used to increase the security of door access systems,” it said.
The communication between the mobile device and the reader has become more secure, too, said Kintronics as it cites its own solution.
“The latest Bluetooth enabled door readers, such as the ones used by Hartmann Controls door access control system, include many advanced
security features and modes of identification. Besides using the security provided by Bluetooth spread-spectrum communication, the system uses encryption and obfuscation methods to protect the app in the smartphone, and the data stored in the door reader,” it said. “The encryption process protects data from hacking. It makes it difficult to read the data without knowing the key. Obfuscation adds another level of security. This involves using a puzzle or other challenge that locks the key itself from the hacker. Additional protection is provided by using multi-factor authentication and maintaining security audits.”