Vanderbilt University has earned many distinctions, includingPrinceton Review’s top ranking for colleges with the happiest students. The school’s latest endeavor is taking the plunge and going mobile with access control.
HID and the school recently tested smartphones to open doors at one or more of six possible campus entry points, including one parking garage. Entry points were equipped with mobile-enabled iCLASS SE readers that were configured to work with existing iCLASS smart cards as well as HID Global’s Mobile IDs. Mark Brown, Manager, Commodore Card Office at Vanderbilt University, explained the process.
Why did you decide to do the pilot?
We had seen the NFC pilots in the past but were excited to see a solution that didn’t require additional hardware to work on a wide range of handsets. With an existing iCLASS deployment, this opportunity seemed like a natural progression for us.
What did you hope to get out of the pilot? What were your goals?
We really wanted to see if the solution was as easy to use as it sounded in theory. Unless the alternative to using your card is as easy and convenient then in the longer term I just don’t see people using it. It also had to be secure and easy to administer. The pilot certainly met these goals.
How does the system work if the power goes out?
Our door access is all on battery backup and then fail-over generators so in the case of power failure the users can still get into buildings. (As a side note, says Debra Spitler, Vice President Strategic Alliance for HID: “Please note that when using a smartphone for mobile access, the device itself must have (battery) power in order to start the communication between the smartphone and the reader. Most testers report little to no change in battery life on devices that are supporting the HID Mobile Access App.”)
What has been the reaction from the students who are using it?
They love the convenience – rather than having to dig out their ID cards they just use their phones, which in most cases are already in their hands, to “Twist and Go” as they approach the door. They also like the “cool factor” of being able to open a door with their phone.
What specific actions are you or HID taking to ensure smartphone security with this endeavor?
The handsets can allow a variety of security options from within the Mobile BLE app. With our wireless network students are required to use a PIN/passcode to lock the device so this also increases security. (Spitler adds: “Mobile Access offers many layers of security. Two such examples include the fact that mobile IDs are stored in an area of the device that has been designed for the storage of sensitive information. In addition, we are not storing the credential directly, but rather Seos SIOs (Secure Identity Objects). These are NIST Suite B encrypted and are tying the diversified key (no master key) to the device, so that it will not work on another device. Also, the transaction between phone and reader is not dependent on NFC or Bluetooth Smart security. HID encrypts the data on top and also employs tamper detection, so that we know if sniffing attempts are being made. In addition, the device can be set up with a passcode, so that if lost, it cannot be used to enter the building.”)
What other applications do you see this project being applicable for? Where do you see is security with your university headed with mobile phones?
Parking gates are a great use of the “Twist and Go” feature because of the way the range can be defined when the reader is programmed. Also office suites and meeting spaces are ideal especially as we don’t require staff to display their ID cards, but they rarely go anywhere without their phones! In terms of other applications other than physical access control, we would love to see readers available for vending, point of sale, laundry – in fact, anywhere there is currently a card reader.