Mobile app technology is at the forefront of a transformation in the access control industry, offering greater convenience, security, and flexibility.
Mobile app technology is at the forefront of a transformation in the access control industry, offering greater convenience, security, and flexibility. As advancements in mobile credentials emerge, businesses across sectors are embracing these innovations to modernize their security systems and cater to the evolving needs of users.
Steve Bell, Chief Technology Officer at Gallagher Security, sheds light on the evolution of mobile app-based access control technology. In a recent interview with asmag.com, Bell highlighted the shift from proprietary solutions to open standards and explained how these changes are empowering customers while addressing interoperability and security challenges.
The early days of mobile credentials
The journey of mobile credential technology began during a time when proprietary solutions dominated the market. Each manufacturer developed its own mobile credential technology to meet the needs of its specific systems.
“Manufacturers and credential technology suppliers, including Gallagher Security, each developed their own mobile credential solutions,” Bell said.
This fragmented approach resulted in challenges for customers who sought consistency across devices and systems. Furthermore, the lack of open standards meant that integrating different access control systems was often costly and time-consuming.
Bluetooth technology emerged as the primary solution for the first generation of mobile credentials. Bell explained, “Bluetooth was the only universal option for this first generation as IOS did not allow access to NFC for card emulation. With Android there were significant variations in performance with so many manufacturers involved.”
For Android users, Host Card Emulation (HCE) for NFC credentials provided an alternative. Vendors who adopted HCE often registered NFC protocols to ISO standards to ensure smoother operation and broader compatibility. Bell noted that these early efforts laid the groundwork for mobile credentials to evolve toward the seamless experiences we see today.
From physical cards to digital wallets
The introduction of mobile wallets marked a significant milestone in access control. Platforms like Apple Wallet revolutionized how credentials could be stored and used.
“Apple Wallet and perhaps to a lesser impact Android wallet credential solutions have been the next significant advancement in mobile credentials, providing users with a consistent experience for physical access control to match the experience with credit cards,” Bell said.
These solutions provide a consistent and user-friendly experience, mirroring the convenience of using mobile wallets for credit card payments.
This advancement also resolved many limitations associated with physical cards. Traditional access cards can be lost, damaged, or cloned, creating security vulnerabilities. Digital wallets, however, allow users to securely store their credentials on their smartphones, significantly reducing these risks.
Beyond convenience, digital wallet integration has also simplified access management for organizations. Administrators can issue, revoke, and update credentials remotely, streamlining processes and enhancing security.
The push for open standards
While proprietary solutions and digital wallets improved the user experience, they often tied customers to specific vendors. This lack of flexibility spurred calls for open standards, a development that Bell believes is essential for the industry’s growth.
“Open standard credentials should protect the customers’ control of their system,” he emphasized.
Bell pointed to two key initiatives shaping the future of open standards in access control:
- Public Key Open Credential (PKOC), proposed by the Physical Security Interoperability Alliance (PSIA).
- Aliro, an initiative by the Connectivity Standards Alliance (CSA) based on public key technology.
These initiatives empower customers by giving them control over their systems. Open standards allow customers to choose access control readers and systems that can read their credentials without being tied to a single vendor.
“This should include the choice of which access control readers and systems can read these credentials,” he added. Importantly, customers would also own and control the secret keys required to authenticate credentials, giving them greater confidence in their systems’ security and flexibility.
The role of public key technology
Security remains a top priority in access control, and public key technology has emerged as a critical enabler. By leveraging cryptographic principles, public key systems ensure that credentials can be authenticated securely, even across diverse platforms.
Initiatives like PKOC and Aliro are built on this technology, offering robust protection against cloning, tampering, and unauthorized access. This aligns with growing concerns about cybersecurity threats, especially as access control systems become increasingly connected to other IoT devices.
Public key technology enables secure authentication while maintaining compatibility with a wide range of hardware and software solutions.
This adaptability is particularly important for businesses with legacy systems. Instead of overhauling entire infrastructures, companies can integrate open standard credentials into their existing setups, reducing costs and minimizing disruption.
Overcoming challenges
Despite the promise of open standards and mobile credentials, challenges remain. One of the most significant hurdles is achieving industry-wide adoption. Different organizations often back competing standards, making it difficult to create a unified approach.
Consensus will be critical to unlocking the full potential of mobile credential technology.
Another challenge lies in balancing security with ease of use. While advancements in public key technology have strengthened authentication, they can also introduce complexities for end users if not implemented thoughtfully.
Opportunities for Innovation
The shift toward mobile credentials and open standards is unlocking new opportunities for innovation in access control. Businesses are no longer constrained by proprietary systems, allowing them to explore creative ways to enhance security and user experience.
For instance, biometric authentication is increasingly being integrated into mobile credential systems. Combining fingerprint or facial recognition with digital credentials offers an additional layer of security while maintaining convenience.
Cloud-based access control is another area gaining traction. By linking mobile credentials to cloud platforms, organizations can manage access across multiple locations in real-time. This is particularly beneficial for enterprises with distributed workforces or facilities.
The Future of Mobile App-Based Access Control
Looking ahead, Bell believes the future of mobile credentials lies in the convergence of technology, security, and user empowerment. As initiatives like PKOC and Aliro gain momentum, the industry is moving closer to a more collaborative and customer-centric model.
Interoperability will also play a key role in shaping the next generation of access control systems. By prioritizing open standards, the industry can ensure that customers have the freedom to choose solutions that best meet their needs without being locked into proprietary ecosystems.
Moreover, as mobile credentials become more sophisticated, their applications will extend beyond traditional access control. From managing visitor access in smart buildings to enabling secure transactions in e-commerce, the possibilities are vast.
Conclusion
Mobile app technology is transforming the access control industry, driving innovation and enhancing security. From the early days of proprietary solutions to the emergence of digital wallets and open standards, the evolution of mobile credentials reflects the industry’s commitment to meeting modern security demands.
As advancements like PKOC and Aliro pave the way for greater interoperability, businesses can look forward to a future where access control systems are not only more secure but also more flexible and user-friendly.
For organizations, embracing these changes is no longer a choice—it’s a necessity. By staying ahead of the curve, businesses can ensure their access control systems are equipped to handle the challenges and opportunities of the digital age.