The access revolution – key to smartphone and beyond

Access control. From the humble key to facial recognition, access to offices, labs, data centres, and other secure spaces has evolved significantly over the last few decades. But it’s not something we actively think about, is it? Can you remember the first time you swiped a card? Or used your thumbprint to open a door?

So, take a step back. Depending on which generation classification you find yourself in…many of you would remember wind-down windows in cars. Yes? And along with those wind-down windows, physical keys to open the car doors (most likely each door because central locking came later) and the same physical key to slot into the ignition to start the engine.

Then came the key fob for remote keyless entry – doors unlocked at a distance! What an invention! Smart keys came next, often looking like a card, to take keyless entry to a new level and start the car without a physical key. Today, depending on your brand of motor, you can even start your car from your phone or use biometrics, like your fingerprint, to open and start your car.

Now, back to building access control. We’ve made the same strides here but because it’s more work focused, not a lot of people spend time pondering how far it’s come. But the point is, it has evolved tremendously, making buildings more secure, management far simpler and the user experience much better.

The user experience in access control

While security is always the overriding factor in access control, it is the user that has had a major influence on the evolution of the technology. Back in the day, using physical keys was easy enough but they were easily lost, easy to duplicate and ran the danger of getting mixed up in all the other keys you were likely carrying around.

Voila, the access card. A plastic card with a magnetic stripe that was swiped through a reader. Easy to use, carry around on a lanyard and even better, provided an audit trail to track where you’d been and which doors you’d opened. Add a keypad to this and you’ve got another layer of security. But, in terms of user experience, physically swiping could be a time consumingin and clumsy process. Especially in high traffic areas.

By the 1990s and moving into the early 2000s, RFID came to the fore with proximity readers and Bluetooth. No swiping required. This ‘Prox’ approach used low frequency technology to ensure the data on the card was detected with in proximity of the reader. Access cards branched out into fobs and tags, which were often easier to carry around.

These ‘smarter’ cards included embedded chips and were able to process information and made the step up from being just a token and introduced mutual authentication. This process whereby the reader and card basically authenticate each other proved to be an actual game-changer (a word overused, but in this case accurate) – harder to clone the cards and fake readers were eliminated. They were not, however, foolproof.

Enter the next generation of smart cards. They moved away from using proprietary protocols, which led to security gaps and vulnerabilities. Open protocols or widely adopted standards like ISO or NIST led to better security and card vendors were able to boost the functionality of the cards – making the creation and management of secure identities on the cards a lot easier. At this point, biometrics – fingerprints, facial recognition, hand geometry, etc – made an appearance, adding a layer of security and convenience because physical cards or fobs could still be lost, stolen or misplaced.

The use of open standards also led the way towards where we are now – mobile access and wearables.

Mobile access – a new way forward

With the proliferation of smart phones (in the UK 94% of adults own a smartphone), accessing credentials on them became the next natural step. Using NFC and Bluetooth, this also extends to other smart devices like watches or tablets. Smartphones and similar can either be used to present credentials to an enabled reader, or access can be granted via app. The benefits for users – ease of use, simplicity and very low risk of losing the device. For building management and security teams, mobile access is more secure – the extra layer of hardware-based security on the smartphone makes sure of that.

At Inner Range, we offer a robust, cost-effective mobile access solution (IR Mobile Access) that is designed to reduce issues associated with lost cards and facilitates the use of time and date-specific passes for staff, visitors, contractors, etc.

A unique aspect of our solution is that it prioritises cybersecurity by storing mobile access credential information directly on the hardware controller. This means data is not stored in the cloud, which makes it more resistant to cyberattacks.

What’s next?

The very definition of evolution is that it’s ongoing. So what’s the next evolution of access control? For us, the future is firmly rooted in unified security platforms. Access control isn’t a standalone system – rather a seamless part of a wider security ecosystem, including intruder detection and CCTV, as well as building automation.

For users like security teams or building management, this reduces complexity and increases effectiveness, while end users like staff and visitors are kept secure and are easily able to get to where they need to be.