Brivo Mobile Pass Opens Any Door by Smartphone

By: Brian Rhodes, Published on Sep 25, 2015

One of the major trends in access control are 'mobile' credentials.  

NFC and BLE have been fighting for the title but neither has really has taken off.

Now, Brivo has announced a new way of doing this that sidesteps the hassle, and claims to work with any door, any reader, and the majority of all smartphones in seconds.  

In this note, we examine Brivo Mobile Pass, explaining how it works, what it costs and what potential security risks it has.

*** ** *** ***** ****** in ****** ******* *** 'mobile' ***********.  

*** *** ******* **** ******** *** the ***** *** ******* has ****** *** ***** off.

***, ***** *** ********* a *** *** ** doing **** **** ********* the ******, *** ****** to **** **** *** door, *** ******, *** the ******** ** *** smartphones ** *******.  

** **** ****, ** examine ***** ****** ****, ********** *** ** works, **** ** ***** and **** ********* ******** risks ** ***.

[***************]

No ****** ******

****** ***** ****** *********** that ******* ******* ******* and ******** ***********, ***** just ***** * ***** that ******** ***** ********** app.

***** ****** ***** **** their ****** ** ******** the ***, ********** ** the **** ********** ******* Brivo's ***** *******, *** essentially ******* *** '****** unlock' ******* ** *** door ******* *** *** interface. **** **** ** be **** ********* ** operator ******* *** *** essentially ** ******* / added ** *** ********** user.

** **** ***, *** user ******** *** ****** and ***** ******** *** does ********** ******* *** management ******** *******. 

App ***** ********

*** ***** ***** ***** shows the ***** ********:

************

*** ******** **** ***** with *****'****** ******* **.* ******* *** *** *** third *******.

***** ****** ******

************** *** ****** * mobile **** ** ** individual **********. ****** *** ******* like ****** ** ***** in *** ******, *** users *** ***** ***** cards ** ******** ** mobile **** ** **********. A ****** **** ** good *** *** ****** of *****, *** *** be ********* ** **** only ** ******* ***** or ** ************* *****. However, **** **** * mobile **** ** ****** (by *** ** ***** invite **** *****'* ********** software), ** ******** * pass.

*********** ****

***** **** ****** ****** will ** ********* ** *** and ******* ********* ******* but *** ***** ****** systems **** *******, ****, etc.

Mobile **** **** **********

***** ***** ****** ***** with * '****' ****** passes. ********** ****** *** available ** $** *** ***. Given **** **** ** effectively ~** ***** *** user, **** ** ****** inexpensive ********** ******** ** issuing ****** ***** ***** *** 10x ** **** **** the ****** ****.

******** *****

****** ****'* ******* **** is *** **** **** not **** ** ** near * **** ** unlock **, ****** *** and ***. *** *******, with *****'* ****** ****, a **** ***** **** any **** ** *** time **** ******** **** they *** ********** ***, regardless ** *** *** away **** ***. ******* this ******* ************* ** on *******, *** ******* that ************ *********** *** gain ********** ****** ** a ********** ****. 

*** ****** *** ** avoid **** ** *** issues *** ** ******* users ** ****** ***** of *** ****, *** is ******** ** *** is *****-******* ******* **** location.  ***** **** **** are ******* ** ****:

"** *** **** *******, ***** ****** **** **** *********** ********** features ***** *** ******* the ****** **** ** be ****** * ********* ******** of *** **** (***** GPS) ** ** *** local **** *******. "

*******, ***** **** ** added, ***** ****** ** cautious.

*** ***** **** ** for ***** *** ** not **** * ******** for ***** *****. ** such cases, anyone ******* ** ******** those ***** ***** **** *** Brivo ****** *** *** unlock *** **** **** phone had **** **********.

****

Comments (31)

Avatar

Billy Guthrie

09/25/15 05:58pm

If anything were to takeoff from a smartphone and CA (Card Access) credential perspective, I would vote for BLE as the technology is already built into the phone. Integrating BLE alongside a proximity reader would be low cost in my opinion. Essentially, you would install an app on the phone that would be authenticated during the enrollment process. The app would take the IMEI number and convert it to a CA Credential. Once in range of the BLE network, the phone would join the network; when presented a couple of inches to the reader in where the received signal strength were to be anywhere from 0dBm to -5dBm it would transmit the CA Credential encrypted via BLE.

Undisclosed #1

09/25/15 06:22pm

Additional passes are available at $15 for 100. Given that this is effectively ~15 cents per user, this is fairly inexpensive especially compared to issuing iClass cards which can 10x or more than the mobile pass.

It seems you can look at this as "inexpensive", or "rather pricey for enabling an HTTPS call".

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #1 | 09/25/15 06:27pm

Harsh and funny.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 07:12pm

Remind me, does your company give away software for free? :)

Undisclosed #1

In reply to John Honovich | 09/25/15 08:21pm

Remind me, does your company give away software for free? :)

Yes.

The VMS client software is free.

The virtual matrix software is free.

The mobile app is free.

The mobile gateway package is free.

The stand-alone player for exported video is free.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 08:25pm

"is free"

Let me correct that. "Is included in the price of the software license."

In all seriousness, charging small amounts for software that replaces physical devices (in this a card) is reasonable.

Vlad Craciunescu

09/25/15 06:24pm

There is also the HID Mobile Access which works with both BLE and NFC , but they sell a reader for that, albeit not that expensive one...we just started with that and it looks good so far.

Undisclosed Integrator #3

In reply to Vlad Craciunescu | 09/26/15 01:05am

Unless you have an Iphone

Undisclosed #2

09/25/15 08:10pm

Now, Brivo has announced a new way of doing this that sidesteps the hassle, and claims to work with any door, any reader, and the majority of all smartphones in seconds.

Any reader, or just the ones that are already integrated into Brivo?

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 08:13pm

"The solution only works with Brivo's OnAir version 11.1 systems and not any third parties."

Undisclosed #2

In reply to John Honovich | 09/25/15 09:36pm

I didn't know Brivo made a reader.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 09/25/15 09:39pm

Mobile Pass doesn't use a reader to work.

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 09:40pm

The reader choice is irrelevant here. That's the point.

Undisclosed #2

In reply to John Honovich | 09/25/15 09:44pm

Gotcha both.

In this way, the user bypasses the reader and cards entirely and does everything through the management software instead.

Keefe Lovgren

IPVMU Certified | 09/25/15 08:58pm

I am really surprised by the results of the poll, over half feel that mobile credential is a bad idea is interesting. I would be curious to know why most people feel it is a bad idea vs. good idea.

infinias has had this as a product for some time now and we have several sites that utilize it and love it...

John Honovich

IPVM | In reply to Keefe Lovgren | 09/25/15 09:02pm

Keefe, good feedback!

There's only 23 votes so far so too early to be statistically meaningful. It may very well end up being split but usually IPVM polls stop fluctuating when they get 50 - 75 votes.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:08pm

Thanks Keefe. Correct me if this is wrong, but with the infinias solution, you need to be joined to a local wifi network that the controllers are part of, right?

The Brivo solution does not need wifi/ uses a cellular network since the management portal lies in 'the cloud', not on a local server.

Keefe Lovgren

IPVMU Certified | In reply to Brian Rhodes | 09/25/15 09:27pm

Brian,

It can be either WAN or LAN. I personally have only setup customers on LAN access but other techs here have set up WAN access for sites.

Keefe Lovgren

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:31pm

from the infinias mobile credential page:

Mobile Credential works with infinias Intelli-M Access 4.0 (or higher) software to provide a smartphone based credential that can be used in one of two ways on a person by person basis. Either by requiring the smartphone be on the corporate network directly via WiFi, thus requiring proximity to the building, or via any internet connection allowing use of Mobile Credential from anywhere a data connection can be made with the smartphone. In one installation, some people can be required to be in proximity to the building (within WiFI range) while others can use their Mobile Credential from anywhere at the administrator’s discretion.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:44pm

Interesting. Thanks for bringing it up!

Undisclosed #2

09/25/15 09:59pm

For example, with Brivo's Mobile Pass, a user could open any door at any time from anywhere that they are authorized for.

I could see this being used from inside the building as well, to let people in, instead of going to meet them. Whether that is desirable is another matter.

Wondering what the latency/reliability issues are with the Internet and the cloud deal. Being locked outside a building for any length of time because the cloud/Internet connection is down I imagine is a memorably bad experience.

Of course they have this issue with their current systems, but now they are adding another seperate internet connection over 4G to the mix.

Avatar

Ethan Ace

IPVM | 09/25/15 10:04pm

Wondering what the latency/reliability issues are with the Internet and the cloud deal. Being locked outside a building for any length of time because the cloud/Internet connection is down I imagine is a memorably bad experience.

Of course they have this issue with their current systems, but now they are adding another seperate internet connection over 4G to the mix.

What do you mean they have this issue with current systems? What issue?

Undisclosed #2

In reply to Ethan Ace | 09/26/15 12:43am

I assumed there was at least some loss of functionality in their current cloud based offering due to Internet or cloud service unavailability.

But I see now that to be denied access at the door in such a case shouldn't happen because credentials are stored locally.

So you are correct, this possibility would be an entirely new issue for them.

Wayne Jared

Qumulex | 09/27/15 04:53pm

infinias' Mobile Credential was launched in 2013 with the view that there was a better way to use a smartphone for access control than just reproducing the old card/reader interaction, we think it's great that Brivo has joined us.

The article stated you can do a 'manual unlock', and it's very easy to use that as shorthand for what the app does. But, that's not what we do, we've been very careful to make sure that our technology is secure from both an encryption perspective and what goes on the phone to be hacked or spoofed. With Mobile Credential the phone doesn't know how to do a manual unlock, it only knows how to present a credential to the system and let the system do all the decision making. I would imagine Brivo has done something similar as well.

The documentation quoted is accurate, in an internal installation, you can choose to give some users the internal IP and limit them to wifi proximity to the building (more secure), and others a public IP, allowing them to grant access from anywhere. On the cloud solution we're announcing at ASIS, this will of course only have the public IP option.

What doesn't come out very well with infinias, and we need to get better at publicizing this, is that you can implement all sorts of other functionality through the infinias mobile credential app - lock down, first in, arming, etc. via our rules engine, this is stuff we teach our certified guys in training.

John Honovich

IPVM | In reply to Wayne Jared | 09/27/15 05:09pm

"With Mobile Credential the phone doesn't know how to do a manual unlock, it only knows how to present a credential to the system and let the system do all the decision making."

Wayne, and what decision making does the system do? In other words, if I am an employee at a company who uses Infinias and has mobile credential enabled on my phone. I can't do an unlock?

Wayne Jared

Qumulex | In reply to John Honovich | 09/28/15 02:27am

John,

It's a bit about semantics but is important. 'momentary unlock' typically means a remote unlock, usually from the management software. But that also means who went through the door is effectively anonymous. We (and I'd guess everyone else) logs that someone executed the momentary unlock but have no way of knowing who actually went through the door. So momentary unlock in that context is not really that secure. There has been video posted of one of our competitors (not Brivo) on YouTube showing a smartphone hack that momentary unlocks every door in a system, so the notion of phones doing a mometary unlock certainly makes me uncomfortable.

When the phone acts as a credential, then a credential is presented, and access is granted based on the request. i.e. 'Does Bill have access to this door at this time?'. That request/grant is logged so you know who went through the door, or at least who presented their credential. There is nothing on the phone of value beyond the credential. Disabling or changing someone's permissions is immediate and what's on their smartphone becomes unusable and of no consequence without any need to push or wipe anything on the smartphone.

We find that people confuse an app like this in one key way: Most users of Mobile Credential have no rights to log into the software and therefore no rights to perform any actions in the system other than use their credential. Thus we don't build any management-like features into it.

John Honovich

IPVM | In reply to Wayne Jared | 09/28/15 11:31am

Wayne, I still don't understand what you are claiming to do. How do you ensure that the person who 'momentary unlocks' a door using a mobile credential is at the door at that exact time?

Undisclosed #2

In reply to John Honovich | 09/28/15 03:30pm

How do you ensure that the person who 'momentary unlocks' a door using a mobile credential is at the door at that exact time?

IMHO, he's saying that Mobile Credential doesn't do a "momentary unlock".

Instead, the system does a credentialed open, like it would with a rfid card, the main difference being that the credenditial goes thru the cloud to get to the system instead of the reader.

A "momentary unlock" from the management software, on the other hand, only logs the operator who remotely performed the unlock, not who it was opened for. It also does not require that the system has determined whether access should be granted to the requester. It's a long distance "buzz-in".

Neither method though "ensures that the person who 'momentary unlocks' is at the door at that exact time.", since when using the Public version you could be anywhere around the world, but

That request/grant is logged so you know who went through the door, or at least who presented their credential.

tl;dr

'Momentary unlock' logs only the operator performing the unlock and does not require the system determine whether access should be granted to the actual requestor. So "no way of knowing who" in this case.

Mobile credential logs the person requesting the unlock and insures they have presented a valid credential. Here you know at least who requested and possibly entered, though you can't be sure they are actually at the door or passed thru the door on the unlock.

Brad Silvernail

09/27/15 04:59pm

Disclosure - We are a Brivo Dealer. We tried Brivo Mobile Pass on Friday afternoon. I think the solution is very intriguing and pricing is not a barrier. The speed performance was nearly instantaneous - almost no lag. Also, the entry in the activity log captures each use in detail.

Will we offer it to customer - yes. Initially perhaps for multi-tenant situations - lots of churn - where not having to get the user a physical object could be beneficial. Or perhaps as guest passses. Later for other customers with "higher" security concerns, maybe when the geo-fencing feature is available.

One feature I like is not having to leave NFC and Bluetooth on my phone all the time - just one more battery killer.

I could image a small installation at some point in the future where we didn't even put card readers on all the doors!

Undisclosed #2

In reply to Brad Silvernail | 09/27/15 05:04pm

Will we offer it to customer - yes. Initially perhaps for multi-tenant situations - lots of churn - where not having to get the user a physical object could be beneficial. Or perhaps as guest passes.

Sending someone an email good for one-entry between 1:00PM and 1:30PM is interesting.

Bill Sowar

In reply to Undisclosed #2 | 09/30/15 04:31pm

Very powerful tool when combined with video/intercom solutions. Now if someone calls me and I'm not around my computer I can pull up the mobile app, verify on video they are actually at the door and let them in or not. (I would only give this to local admins to limit shenanigans and tom- foolery)

- Love that you can customize the door names/colors/icons so they make sense for the user.

- Geofencing should be an option not a requirement. If I am an Admin in NY I should be able to open a door in Dubai. The logs show who opened the door, so there is still an audit trail if people are just randomly popping doors all over the world.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...
Proxy Access Control Tested on May 09, 2019
Silicon Valley Access Startup Proxy raised $13.6 Million in May 2019, focusing on mobile physical access control. Beyond the fund raising, Proxy...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

Hanwha Wisenet X Plus PTRZ Tested on Feb 14, 2020
Hanwha has released their PTRZ camera, the Wisenet X Plus XNV-6081Z, claiming the "modular design allows for easy installation". We bought and...
PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body. The hackers...
IPVM Conference 2020 on Feb 13, 2020
IPVM is excited to announce our 2020 conference. This is the first and only industry event that will be 100% sponsor-free. Like IPVM online, the...
Bosch Dropping Dahua on Feb 13, 2020
Bosch has confirmed to IPVM that it is in the process of dropping Dahua, over the next year, as both IP camera contract manufacturer and recorder...
BluB0X Alleges Lenel, S2, Software House Are Dinosaurs on Feb 13, 2020
BluB0X is running an ad campaign labeling Lenel, S2, Software House, Honeywell, AMAG and more as dinosaurs: In a follow-up email to IPVM,...
London Live Police Face Recognition Visited on Feb 13, 2020
London police have officially begun using live facial recognition in select areas of the UK capital, sparking significant controversy. IPVM...
Converged vs Dedicated Networks For Surveillance Tutorial on Feb 12, 2020
Use the existing network or deploy a new one? This is a critical choice in designing video surveillance systems. Though 'convergence' was a big...
Monitoreal "Completely Autonomous" Home AI Tested on Feb 12, 2020
Monitoreal claims to allow users to "see the things you want (people, vehicles, animals) and ignore the things you don’t”, using AI to distinguish...
Cisco Video Surveillance Is Dead, Long Live Cisco Meraki Video Surveillance on Feb 11, 2020
A dozen years ago much of the industry thought that Cisco was destined to dominate video surveillance. They stumbled repeatedly, failing. Now it is...
BICSI For IP Video Surveillance Guide on Feb 11, 2020
Spend enough time around networks and eventually someone will mention BICSI, the oft-referenced but only vaguely known standards body prevalent in...

What IPVM Is

The world's leading authority on video surveillance, with 200,000+ visits monthly.

  • Articles on cameras, video analytics, VMS, and trends
  • Tests showing actual performance and problems
  • Courses in surveillance, access control, etc
  • Camera Calculator for designing systems

Dedicated To Independence

We're dedicated to staying independent and objective. We're the only industry source to refuse any and all advertisements, sponsorship, and consulting from manufacturers. Why?