Mobile Credentials (BLE / NFC / Apps) Guide

Author: Brian Rhodes, Published on Nov 14, 2017

One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards.

In this guide, we examine:

  • 4 key management problems
  • 2 practical problems for users
  • BLE vs NFC vs Apps Comparison

[Note: This tutorial was originally published in 2014 and substantially revised in 2017]

Mobile Credentials Are Slick

At a basic level, using mobile phones or tablets as credentials to open doors has a big cool factor. Take this simple demo of one setup below:

In simple terms, instead of ringing a card, fob, PIN, or fingerprint at a reader, a user flashes a phone and the door is unlocked.

Based on the rather personal value of phones, the idea that they accompany users like keys, wallets, or ID cards and they are protected (ie: not easily lost or misplaced) items make them good potential card replacements.

Management Problems

However, the transition is not a simple one, especially for commercial access control. A range of credential and access control management issues crop up not often issues with traditional credential methods. These include:

*** ** *** ******* ****** ** ****** *** *** **** few ***** *** **** *** ******** ** ****** ****** *** access *****.

** **** *****, ** *******:

  • * *** ********** ********
  • * ********* ******** *** *****
  • *** ** *** ** **** **********

[****: **** ******** *** ********** ********* ** **** *** ************* revised ** ****]

Mobile *********** *** *****

** * ***** *****, ***** ****** ****** ** ******* ** credentials ** **** ***** *** * *** **** ******. **** this ****** **** ** *** ***** *****:

** ****** *****, ******* ** ******* * ****, ***, ***, or *********** ** * ******, * **** ******* * ***** and *** **** ** ********.

***** ** *** ****** ******** ***** ** ******, *** **** that **** ********* ***** **** ****, *******, ** ** ***** and **** *** ********* (**: *** ****** **** ** *********) items **** **** **** ********* **** ************.

Management ********

*******, *** ********** ** *** * ****** ***, ********** *** commercial ****** *******. * ***** ** ********** *** ****** ******* management ****** **** ** *** ***** ****** **** *********** ********** methods. ***** *******:

[***************]

***** *** *****

****** ******, **** *********** ****, *** ******* *** - *** the **** ** * ****. *** *** **** ** *********** a ***** ** **** ******, ********* ******** ********* *** ******** updates ***** * **** ******* **** *********** *** *********** **** to ******** **** ******. ** * **** ****** ** ** lost, *** ******** ******** * $** ***** ** *******, ***** if * ***** ****** ** ** ****, ******* **** *** hundreds ** ******* ** ******* **.

**** ** *******

** **** *****, ********* **** *** ** ****** ******** ******. Therefore, '***** **** *** ******', ** *** **** ***** ******** their ******** ****** *** ********** **** ******** ******** ********, **** how ********** ******* ******** ** ********** ** ******* ** *** phone ****** *** ******* ** ****** ******** ************ *** ******* management ********* ** ******** *******.

******* ******* *******

******* *********** ***** ** **** ******* ** *** ***** **** is ******? ** ******* ************* ****** *** ************** ** *********, even ** **** ****** ***** **** ********* ** * ******? Or **** ********* ************ ******* *******? ****** ***, *** ******** leaves * *** ****** ** ** *********** *** ********* ****** if ****** *********** *** *** ****.

******** ********** ***********

****, ****** ******* *********** **** *** ** ****** ** *** physically *********** **** ********* ***** ** **** ****, ****** *********** must ** ******** *********** ** * ****** **** *** ****** unseen. ***** *** * *** ********* ****, *********** *** ****** for ****** ******** ******* ** *** * ****** ***** ********** is ***** *********** ** *** ***** ******** ** * **** that *** ****** ** *********** ** **** *********.

Practical ********

*** ** ******** ** '****' ********** ******, *********** ******* ******* cards ** **** *** ****** ******* ****** '****' ******** ****** as ****, *********:

******* ** ** ******* ***

****** ******** ***** **** *** ***** ******* **** *** ****'* picture, ****, *** ***** ***** ******** *******, ***** *** **** often ****** ** ******** ** ******. ***** * **** *** be **** ** ******* * ******* **** * *****'* ****** on *******, *** ****** ****** ** ********* ********** ** * glance **** * ******* ** **** *** ****.

********** ***********

*** *** ***** ** ********* ****** **** *** ** ***** with * ****** ***** ****** ** ****** *********. **** ******** as ***** ** ******* **** *** ****** **** ******, *** their ******* ** ******** *********** ******** ** ********* ********** **** or *****:

******, ******* *****, ********* *********, ******** ********, *** **** *****-******* demands *** ********* ****** **** *****. ***** ***** *** **** to *********** ********** ** ***** ********** ** ******* ***** **** with

Three ***** ****** *******

** ***** ** *******, ***** ****** ******* ** ****** *********** are **** ** ******:

  • *** (********* *** ******)
  • *** (**** ***** *************)
  • *** ***** ***********

**** *** * ****** ** ******** ******* ********* **** *****, frankly ********** *** **** **. **** ** **** ******:

BLE (********* *** ******)

***** * ******** ****-******* ** *** ****** *********** ******, *** is *** *** **** ****** ****** ****. *** ****** ** due ** *** ******** ********* ********* ** *** ** ****** phones, *** ********* * ****-******* ************* **** ***** ******* ********** of ***** **** ** ***********.

******* *** ******* ** **** *** ********* ***** *** **** or *** **** ******** ** ***, *** ************* ****** ****** money ** ******* *** ********* **** ********** ** ******* ****.

** ***** ** **********, *** ******** ****** ***** ** ********, so **** ***** ********* *** * *********** *** ******* ********* of ****** ********** *******.

*** *** ****** *** **** ****** ****** ** ****** *************, given ******** *********** ********* ********** *** ***/** *** ********* *****. Many ******** ***** ******** **********,****, *********, *** ***** ********** *** *** ** ******* ***********, including *******:

** ******* *** ******* ** ****** ** *** *** *** ****** ** ****** ***********.

NFC (**** ***** *************)

**** *** ****** ****** *******, *** *** *** ****** *********** giant *** ****** ******* ** ***** *** ** ***** **********/********** credential ****** ** ******. ***** ************ *******'* '***** *** **' ****** ********** *** ******* ** **** ***, *** *** *********** **** to **** *** **** ****** ** ***.

** ***** ** *********, *** *** *******, ********* ************ *** limitation ** ***** ***** ** *** * **********. **** ** NFC **** *** **** ******* ** ** ****** **********, ** can ** **** ** * ******* **** *** ***** ********* by *******.

*******, *** **** ** *** ** **** ** ***** **** manufacturer ********* ** *** *** ******. ***** *** *********** *********** adoption **.** *** ****** ******* **** **** ********* ****** ** demand/ *******, ** **** ******** **** ****** *** *** ***.

** ***** ** **** *** **** ******* *** *** **'* closest ********** ****** ***, *** ***** ***** ********* ***********:

*** ******* ********** ** *** *** ****** *** **** ******* as ******* *** *** ******* ***********. ******, ***'* *********** *** a ******* ******** ** *********** ****** ***'* *** ******.

App *****

** ******** ****** ** ***** ** *** ** ***** ** software ** ******* * **** ****** ******** ****** **** **** the ***** **** * **********. *** *** ****** ***** *** seen ** ******* ********-***** ********* *************, *** *** ***** **** ********** ********* ********,*****, ********, *** ******.

***** **** ******, ****** ****** ******* ** **** ******* **********, but ****** ******** ********* **** ********* **** ***********. **** ********* requires *********** *** *********** **** **** ** ***** ** ********, and **** ******** **** ******** ******** ****** ****** ****** ******* firewalls ** **** ***********. *** ***** *******, ** ** *** expect ** *** * ****** ****** ** ***-***** ****** ***********, but ** ******* * ************** ***** ***** *** ***** **.

Comments (21)

You can add compatibility to the comparison chart. Almost all devices now have BLE but NFC is a relatively wild distribution with differing adaptations of the NFC protocol as well as the dependency by Phone manufacturers and Telecoms provides allowing those devices to function and how.

I also noted in a test we did, the cost of the token was not well established. It was suggested by one manufacturer that 6-8$ a token which is basically the cost of a card personalized for an individual. I believe these tokens should be in the 1$ range or less and that will make it extremely interesting for the market.

Finally the provisioning mechanism is another issue. For a few people its fine, but when you start considering 100s or 000s of recipients how do you provision and also integrate with internal provisioning systems.

I understand you wanted to cover highly secured credentials in this report and of course those in the technology edge are NFC and BLE as well as customized apps based solutions. However, there's a more extended mobile based credential usage. This is using QR codes and millions of people use it when boarding a plane, train, etc. Of course it is not intended to have the same security integrity of the described technologies, but it's more usable, flexible, easy to send to the credential holder and easy to read by a scanner and by a video camera as well. The initial lack of security can be accepted if the use is restricted to one access only or a short time period validity. We at Axis are promoting that to be used with cameras at the access point or more adapted wioth video door stations, adding this credential verification to the main purpose of the door station for assisted access granting.

Axis is promoting QR codes for access control credentials?

We are conscious of the security limitations it may have since a QR code can be easily replicated. However in certain applications it is really useful since it is easy to send to a mobile device and used in frot of a surveillance camera or video door station. This is being promoted for those who need to have access during a known short time period such as visitors, deliveries, maintenance operators without the process to hand over a token. Of course if you have a camera and a security center, you could just open the door remotely, but for that a dedicated call center is needed. Instead, if the risk is not high and you trust the recipient, it's very flexible to just send (or make it available on line with previous login) the QR code and limit its validity for the desired time window (or just one access service). Of course if ¡we talk about permanent credentials we would not recommend that at all.

Isn't it an access control usage when applied to boarding gates?

Anyway, it is not intended to present the QR code as a real access control method in the way we all understand access control for security, but looking at the title of the report it just says "Mobile credentials"

Given the very narrow parameters that QR codes 'might' be a fit for visitor management systems, I am confident in keeping it exclusive from this report that is clearly addressing more general mobile-based access control credentials.

Sorry, what do you mean by "narrow parameters"?

Very interesting use of QR codes given the trend to merge access control with VMS systems.

Been a long time since I've seen Lisa Lake....not sure she's on Facebook, but thanks for bringing back the ol' memories.

Memories for sure... right out of the original Lenel OnGuard...

Good article, but it is not clear here or in the NFC vs BLE article that HID's mobile device solutions do now include BLE as well as NFC. iClass SE readers can be ordered to support either, both, or neither.

Great Article :)

Mobile phone credentials may not be a revolution but they will certainly be the evolution.

rbl

A quick question regarding NFC - is the reader reading the UID on the phone.

If so, what's the chance that there are duplicates?

Can you get Corporate 1000 / Elite key style NFC on devices?

HID uses the device endpoint ID in generating the mobile credential, but only the mobile credential data is read by the user. I don't know the possibility of devices existing with duplicate endpoint IDs, but I think credential duplication due to this would be almost impossible. If a phone is wiped or the Mobile Access app is deleted and re-installed, a new credential needs to be issued to the phone, even though the device remains the same.

I believe HID mobile credentials can be ordered in most formats. All operate similar to Elite cards as the readers and mobile credentials are end-user specific.

Mobile Credential Example

A quick question regarding NFC - is the reader reading the UID on the phone.

For HID my understanding is that a token is tied to a specific device, but it is the user's registration/account that is provisioned. Users can generally use different NFC devices with the same login. Is that your question?

Can you get Corporate 1000 / Elite key style NFC on devices?

You need to upgrade readers to use NFC, and those credentials do not emulate older card formats.

is there any statistics on adoption levels?. I know its cool and it will be the way forward for many, but have any surveys projected the up take level over the next years.

it seems even slower than IP cameras , but we all know where that went!

Bluetooth credentials still have a ways to go yet IMO. We have not had any real traction to this yet. On our office front door we have an HID Bluetooth reader and it seems like every couple of days it won't read the credential and have to end up using my fob. One day I walked up and my Apple watch started buzzing constantly and saying trying to connect, or at least something like that, but never unlocked the door. Every time when my phone won't unlock the door I always say "Why would i sell this if it doesn't always work here".

Can you imagine the service calls for this? I can... Arrrggghhh.

Do users every express concern that they could be near the door and have it unlock due to proximity when they did not intend to enter?

With HID Mobile Access this is not really a problem because it requires either a deliberate gesture or holding the phone up to the reader to unlock. We have one customer with two readers in an elevator vestibule about 10' apart, and we did have to adjust the BLE read range down to prevent users from inadvertently unlocking both doors.

There are other mobile device reader technologies that do allow passive activation from farther away, so you would have to be careful to enable passive activation only on doors where this would not be a concern, and keep other doors requiring deliberate activation.

Thank Dan

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Private School IT Manager Surveillance Interview on Feb 22, 2019
This IT manager describes himself as the "oft-maligned IT person" whose "opinions may not always be appreciated by the integrator crowd." But he is...
Outdoor Camera Mounting Hardware Guide on Feb 21, 2019
Mounting cameras outdoors can be challenging, requiring understanding different types of equipment and methods. In this guide, we teach this...
HID Favorability Results 2019 on Feb 21, 2019
HID favorability results were strong, in the 2019 IPVM integrator study of 200+ integrators, with a net +62% and low negativity as the table below...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Security Installation Tools Guide - 22 Tools Listed on Feb 19, 2019
In this guide, we cover 22 tools that security installers frequently use. This is one part of our upcoming Video Surveillance...
Cisco Meraki Cloud VMS/Cameras Tested on Feb 13, 2019
Cisco Meraki says their cameras "bring Meraki magic to the enterprise video security world". According to Meraki, their magic is their management...
Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
Bandwidth vs Low Light Shootout - Avigilon, Axis, Bosch, Dahua, Geovision, Hanwha, Hikvision, Uniview, Vivotek on Feb 08, 2019
Nighttime bandwidth spikes are a major concern in video surveillance, but do all manufacturers' cameras perform the same? Are some more consistent...
Dahua Intercom Tested on Feb 07, 2019
Video intercoms are a growing market with video surveillance manufacturers expanding into this niche. IPVM is continuing its series of video...
HID Launches Origo To Fix Mobile Credential Problems on Feb 05, 2019
HID is releasing Origo, an overhaul of its mobile credential platform, this time drastically restructuring the way it is priced and packaged. HID's...

Most Recent Industry Reports

Outdoor Camera Mounting Hardware Guide on Feb 21, 2019
Mounting cameras outdoors can be challenging, requiring understanding different types of equipment and methods. In this guide, we teach this...
HID Favorability Results 2019 on Feb 21, 2019
HID favorability results were strong, in the 2019 IPVM integrator study of 200+ integrators, with a net +62% and low negativity as the table below...
First US State, Vermont, Bans Dahua and Hikvision on Feb 21, 2019
The first US state, Vermont, has issued a ban on a number of Chinese and Russian manufacturers including the world's 2 largest video surveillance...
ADI 'SAVE BIG' On FLIR And Hikvision Examined on Feb 20, 2019
One is a major US defense supplier. The other is owned by the Chinese government. But you can "SAVE BIG" on both at ADI. In this note, we...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Security Installation Tools Guide - 22 Tools Listed on Feb 19, 2019
In this guide, we cover 22 tools that security installers frequently use. This is one part of our upcoming Video Surveillance...
Sales Cuts At Rasilient on Feb 19, 2019
Over the past 2 years, video surveillance storage specialist Rasilient has expanded its workforce significantly, aiming to build its own branded...
Exacq Raises VMS Software Pricing Twice in Less Than a Year on Feb 18, 2019
Most VMSes regularly release new features, but rarely increase their prices. For the 3rd time in 4 years, and 2nd time in 8 months, since being...
Axis IR Multi Imager Camera Tested (P3717-PLE) on Feb 18, 2019
Axis has released their first IR multi imager, the P3717-PLE, a repositionable model listing 360° IR illumination and flexible positioning,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact