Mobile Credentials: Access in a New Age

By J. Matthew Ladd

For the majority of individuals, the mobile phone is the go-to accessory. Along with car keys and nowadays, a Fitbit or some other activity tracker, a smartphone is the one thing people can’t be without.

It has already replaced the watch and the camera and is rapidly taking over for credit cards, so it stands to reason that the more that can be accomplished via the smartphone, the more efficient people will be, including using the smartphone as an access control credential. A smartphone, unlike an access card, is less likely to be forgotten at home in a purse or a pair of pants or left on the desk at work or in the dorm.

Operating much like the usual access card, a mobile credential uses Bluetooth technology to “talk” to the reader to verify and authorize a user’s credential. But the twist is that it’s the smartphone that is driving the transaction, typically using an app to receive secure information via a cloud-based server that tells the reader what to look for and, if the information is correct, validates the process.

Since this is a cloud-based operation, not a static one, the authorization code updates continually, making for an even more secure transaction.

As with any newer technology, questions do come up about the integrity of using a personal smartphone for access control. But as we’ve all seen, confidence in the cloud as a secure environment continues to grow, addressing some of the data-related concerns. Also misplaced phones, just like missing access cards, can be taken offline so someone else can’t use the credential.

What companies, schools or government agencies don’t have to deal with any longer, however, is the costly process of issuing individual cards since the information is carried on the phone, nor do card users have to go through the monotonous routine of finding and swiping a card or punching in a code.

It is estimated that there will be 196 million smartphone users in the United States in 2016. With so much intelligence residing within the phone that people carry with them all day and every day, end users are eager to add mobile credentialing to the long list of operations they can now perform.