In the physical access control world, the key that has traditionally been used to open doors is called a “credential”. In commercial buildings, where multiple people need to go through multiple doors to access the shared facilities, there was clearly need to manage credentials for different levels of access.
Let’s first define a “credential”. In the physical access control world – a credential is essentially either a physical/tangible object (e.g. metal key, entry badge) or knowledge (e.g. code) or a some unique identification of the individual (retina scan, facial recognition or fingerprint). Credentials can be assigned to doors/access points to authorize entry. In the earlier days, you would be given a key to every door that you were authorized to unlock – key for your office, for your gym, for the secure file closet or for the lab where you were the teaching assistant. As an employee would leave the organization or happen to lose the keys, the facilities team would go through gyrations of re-keying locks to ensure only authorized access to shared commercial facilities.
Credentials, then moved from the physical keys to the access cards with magnetic strips that stored the access credentials as serial keys. Every door was assigned the serial keys that could unlock the door. The assignment of keys could be changed at any time giving you the flexibility in managing access control for each door. Good solution – but they had to do this for every door in the building, which meant in most cases it did not get done meticulously for commercial buildings where the problem got magnified – n doors x p people = np credential and door combinations. Solution – let’s put this on the local network and manage from a single application interface.
Great – but you just moved into your 2nd building, another office or warehouse away from your downtown office. How do you solve this multi-location access control credential issue? Answer – let’s put this on the Cloud or what is also known as ACaaS (Access Control as a Service). The beauty of the cloud-based access control systems was that all your buildings could now be managed remotely, could scale with any number of buildings that you wanted to add, and could scale for unlimited number of people (credentials). Access levels could be defined logically (instead of physically) by grouping doors across locations or by grouping users by roles. Rule based access control systems became feasible – entry to all labs across departments (in different buildings) is allowed for students between 7 am to 6 pm, while faculty staff has 24 hour access.
Now that the credential management has moved to the cloud, the next logical move was to put these credentials on the Smartphone. Getting a card or a badge issued, required a trip to the facilities department, form to be filled and authorized and then a card with your access credentials would get issued. What if you had temporary employees? Or you had a ton of contractors working for your organization? Or even the maintenance person who needed access to your remote facilities? At $8-12 per access card or a fob, it’s a sizable expense for large enterprise besides the latency of getting an access card issued for the contractor or the maintenance crew. Solution: everyone carries a mobile phone (clearly the convergence device for many essential apps of a user’s life), so why not converge our access credentials into the Smartphone? The credentials can be delivered through an App – over the web or through the phone line and can be revoked when needed. The device hosting the credential is secured with fingerprint or code access – providing dual authentication. The user credential are authorized for a list of doors, and by clicking on the appropriate door in the App, the door is unlocked.
I am excited to announce the availability of Cloudastructure SmartKey that works with Cloudastructure ACaaS to deliver this capability for Smartphone based Access Control for our customers. Read more.