As mobile app-based access control continues to gain momentum, security systems integrators find themselves at the forefront of deploying these advanced solutions.
As mobile app-based access control continues to gain momentum, security systems integrators find themselves at the forefront of deploying these advanced solutions.
The shift towards mobile credentials and real-time monitoring is transforming the way industries manage access control, membership, and visitor systems.
Recent insights from leaders at Suprema and Gallagher Security highlight advancements in encryption, user authentication, and cloud-based integration that are shaping the future of mobile access control.
The rise of mobile access control
Mobile app-based access control systems are becoming essential in sectors ranging from fitness centers to unmanned stores.
Hanchul Kim, CEO of Suprema, emphasizes the growing demand for these technologies.
"There is a continuously growing demand across various sectors for implementing access control and membership/visitor management systems based on mobile application," Kim explains.
Suprema’s response to this trend is CLUe, an open cloud integration platform. CLUe enables real-time monitoring, membership, and visitor management across multiple locations. It supports diverse authentication methods, including QR codes, facial recognition, fingerprint scanning, and RFID cards.
By using standard REST APIs, CLUe simplifies integration with third-party systems and ensures efficient access control operations. This approach makes device installation and system management more seamless, benefiting integrators and end-users alike.
Advancements in mobile credentials
One of Suprema's standout innovations is Template on Mobile (ToM), which integrates facial authentication with mobile access.
"This innovative solution integrates facial authentication with mobile access, allowing users to securely store and manage the biometric data required for authentication directly on their smartphones," Kim says.
ToM eliminates the need to store sensitive biometric data on central servers. Instead, biometric data is stored securely on the user’s device, reducing the risk of data breaches while enhancing convenience. For systems integrators, this approach offers a selling point: robust security combined with user-friendly functionality.
Encryption and data security
As access control becomes more mobile-centric, securing data and credentials is paramount. Both Suprema and Gallagher Security prioritize robust encryption standards to ensure system integrity.
"By utilizing AES-256 encryption, Suprema ensures that data exchanged between mobile devices and access points remains secure, preventing credentials from being intercepted during transmission," Kim says.
Suprema’s commitment to security extends to compliance with global regulations, such as GDPR and NIS 2. Their cloud solutions are certified to CSA STAR Level 2 standards, providing integrators and customers with confidence in data protection.
Meanwhile, Steve Bell, Chief Technology Officer at Gallagher Security, outlines their approach to encryption and authentication. Gallagher’s Mobile Connect App leverages the FIDO Universal Authentication Framework (UAF).
"FIDO uses only public key base authenticators, mitigating the risks of symmetric key-based credentials," Bell explains.
FIDO-based credentials are stored securely in the device’s key store, ensuring that public key credentials cannot be cloned or compromised. This architecture eliminates the need for shared secrets across readers, enhancing overall system security.
The evolution of mobile credentials
The integration of mobile credentials with widely used platforms such as Apple and Google wallets adds another layer of convenience. Bell points out that these credentials often rely on MIFARE DESfire or similar standards, such as HID’s SEOS.
While they simplify the process of updating credentials over the air, robust key management in the readers remains critical.
"The CSA Aliro open credential standard and the PSIA PKOC credential standard specify public key-based credentials which mitigate any issues with the shared secret being in all readers," Bell adds.
These advancements allow integrators to offer solutions that are not only secure but also easy to manage and deploy.
Cloud integration: simplifying access control
The shift to cloud-based access control solutions is another game-changer. Suprema’s CLUe platform exemplifies this trend, offering integrators the ability to manage systems across multiple locations via a centralized platform.
This approach reduces the complexity of managing disparate systems and facilitates third-party integrations. Kim underscores the operational benefits of cloud-to-cloud server-level integration.
"CLUe simplifies device installation, third-party integration, and system operations, making access control operation highly efficient and cost-effective," Kim says.
Cloud-based solutions also enhance scalability, allowing businesses to expand their systems without significant additional costs.
The privacy-first approach
With privacy concerns on the rise, end-users and businesses alike are demanding solutions that prioritize data protection. Suprema’s Template on Mobile exemplifies this privacy-first approach by ensuring that sensitive biometric data remains in the hands of users.
Similarly, Gallagher’s use of public key-based credentials reflects a commitment to minimizing security vulnerabilities. These technologies align with growing regulatory requirements, ensuring compliance while maintaining user trust.
What it means for systems integrators
For systems integrators, these advancements offer a wealth of opportunities to deliver cutting-edge solutions. The move towards mobile and cloud-based systems not only simplifies installation and maintenance but also provides end-users with unparalleled convenience and security.
Suprema and Gallagher Security’s innovations in encryption, mobile credentials, and cloud integration set a new benchmark for the industry. By adopting these technologies, integrators can address customer demands for secure, scalable, and user-friendly access control systems.
As Bell succinctly puts it, "Public key credentials have the advantage that any entity that knows the public key (or related certificate) cannot make a clone of that credential and there is no shared secret that needs to be loaded into each reader."
This level of security, combined with the operational benefits of mobile and cloud integration, positions systems integrators to lead the charge in modernizing access control solutions.
The role of open standards in modern access control
Open standards are playing an increasingly critical role in the evolution of mobile app-based access control. These standards provide a framework for interoperability, ensuring that different systems and devices work seamlessly together.
For systems integrators, the adoption of open standards can simplify deployments and reduce compatibility issues, making it easier to meet the diverse needs of clients.
These standards enable systems to operate with a higher level of security by eliminating the risks associated with shared secrets, such as cloning or unauthorized access. Furthermore, open standards ensure that integrators are not locked into proprietary ecosystems, giving them the flexibility to choose the best tools and solutions for their projects.
For clients operating in environments with multiple access control systems, the use of open standards can enhance scalability and future-proof their investments. As industries demand increasingly complex integrations, open standards will continue to drive innovation and streamline operations for systems integrators.
Addressing client concerns: balancing security and user experience
One of the primary challenges in mobile app-based access control is finding the right balance between security and user experience. Clients often prioritize ease of use, but this cannot come at the expense of robust security measures.
Suprema and Gallagher Security have developed solutions that address these concerns, offering a blend of convenience and protection.
Suprema’s Template on Mobile (ToM) is a prime example of this balance. By allowing biometric data to be stored securely on the user’s smartphone, the solution removes the need for centralized storage while enhancing accessibility.
Kim emphasizes the importance of this approach: "It provides the convenience of accessing facilities using only the user’s smartphone, combined with facial authentication for enhanced security," Kim says.
Gallagher Security’s use of FIDO-based authentication further demonstrates how security can be achieved without sacrificing user experience.
By storing credentials securely in the mobile device’s key store and integrating biometric or PIN-based two-factor authentication, Gallagher ensures both safety and ease of use.
For systems integrators, educating clients about these technologies is crucial. Demonstrating how advanced encryption, user-friendly interfaces, and open standards can coexist will help build trust and encourage adoption. By addressing client concerns proactively, integrators can position themselves as partners in navigating the complexities of modern access control.
Conclusion
Mobile app-based access control is no longer a futuristic concept -it is a present-day necessity. As the demand for secure, scalable, and user-friendly systems grows, systems integrators must stay ahead of the curve.
With innovations like Suprema’s Template on Mobile and Gallagher’s FIDO-based credentials, integrators have the tools to meet customer expectations while addressing critical security challenges. The future of access control is here—and it’s mobile, encrypted, and cloud-integrated.