Why Campuses Want Mobile Credentials

By Brooke Grigsby

Such credentials can help to break down silos, improve access-control system efficiencies, reduce costs and more.

Ed. Note: This article was previously posted at  Campus Safety after its original publication by  Security Sales & Integration.

Many schools are currently looking to modernize their student-identity programs and integrate new technologies like mobile credentials. Students, the ultimate "customers," are demanding access to more locations and amenities—but with fewer physical cards and keys. However, an overabundance of legacy systems predominates, and cost is a major factor at all times. Fortunately, new solutions, such as mobile identity management and access control, enable a flexible, dynamic and contactless approach that satisfies the needs of students, institutions, security managers and IT departments.

Access Convergences on Campuses
Although it's common knowledge, it's worthwhile to focus on how K-12 schools, especially universities, consist of a set of interconnected physical environments. These include classrooms, athletic facilities, common areas, dining areas, libraries and dormitories. Overlaying these physical spaces is a parallel set of virtual environments, such as library-management systems, laboratory equipment checkout software, laundry payment systems and many others.

For years, these physical and virtual environments operated more or less in silos, particularly regarding security and access control. A student might have a key for her dorm room, an ID badge to let her sign a book out of the library, a stored value card for doing the laundry and so forth. This is starting to change. Security and access control in educational institutions is now converging. The people who manage these different areas of campus life are interested in bringing the silos under a unified access-control mechanism. Some want this convergence. Others feel pressure to make it happen due to budget pressures and demands from students and other stakeholders.

The convergence in access control also stems from a recognition that the institution will be better off if it has integrated awareness and control over the access privileges of students, visitors, employees and vendors. It's costly and complex to oversee access control for these different groups, each of which has its own access requirements and time horizons. For example, a vendor making a delivery might require access for a few hours, whereas a professor might have continuous access for a decade.

End users find it inconvenient to have to keep track of badges, keys, fobs and ID cards. It's also easy for administrators to make mistakes that affect security, such as neglecting to switch off access rights to a former employee, resulting in potential safety and theft risks. The IT department is part of the convergence story, too. As most, if not all, access and security-related systems run on standard computer hardware and operating systems connected via common campus networks, it's natural that IT would play a role in their operation. In addition, many stakeholders across security, IT and administration want interoperation among access-control systems and nonphysical systems.

For example, admins might want access-control privileges to be defined by user roles as set out in an identity and access management (IAM) platform like Microsoft Active directory, or they might want a single ID card to allow a student to sign out a library book, pay for laundry and park a car. This is a matter of software and data integration. A related expectation is that stakeholders will have access to comprehensive data about access control and end-user behavior, with the capacity for data analytics, visualization, reporting and alerting.

Cost, Compliance, Physical Security Mix
Technology and convenience are not the only drivers of convergence in access control. Another issue is cost. Educational institutions are always trying to trim budgets, and the silo approach can be expensive to run. Consider the people and facilities required to run badge-production offices. Badges, fobs and keycards cost money. If they are lost or stolen, there's an administrative process to replace them that comes with a cost. Unified, integrated systems tend to be less costly to manage.

Compliance is a new factor in this situation. Federal and state laws intended to halt the spread of the coronavirus have created mandates for educational institutions to limit the number of people gathering in any one place. Schools must document that they are complying with these regulations, and these rules may not go away for some time. Schools are also subject to laws governing consumer data privacy, such as the California Consumer Privacy Act. While the educational institution may not be bound by the regulations, its vendors typically are, so the institution may feel compelled to stay on top of any personally identifiable information that is going from the school's systems into that of a vendor.

Physical security also matters in this context. Campuses are growing more sensitive to student and employee concerns about their physical safety. Incidents ranging from assaults to shootings and violent protests have made schools aware that they need to get better at tracking who is coming and going—and where people are, in the event that something dangerous happens.

Dynamic Identity Issuance
A new approach based on mobile identity management and access control offers a clean solution. Known as dynamic identity issuance, it creates a core system that generates access credentials that work across virtually any physical or digital system on campus. Since it's mobile, it can be readily adopted by students and staff members alike.

Administrators use a centralized identity-issuance solution to create unique user identities. These identities allow selective access based on rules that depend on a user's role (for example, student, vendor or employee). The system leverages existing access-control infrastructure, such as door readers, to detect users' identities on their mobile devices. Typically, the door reader can be fitted with a sensor that detects a user's smartphone identity credential while retaining its ability to work with its legacy card format. It's a contactless approach—there is no production of a badge or card. Access privileges and revocation of privileges occur over the air.

The mobile approach enables users to have one device, which they likely already own, to serve as a universal means of access control. One's smartphone opens doors to dorms, classrooms, laboratories, gyms and cafeterias, delivering freedom of movement. However, it's also trackable—the system can optionally monitor when people come and go from physical spaces. This is a big advance over legacy access-control systems, which generally can't tell when or if someone has left a space.

The use of standards is one of the keys to success for dynamic identity issuance. With standards such as REST and IEEE 802.11.15, the many siloed access-control systems, as well as other digital systems, can communicate and interoperate. This opens opportunities for accepting payments and other types of transactions that add to convenience and revenue for a campus. For example, the same identity credential that opens a library can buy a soda at a vending machine, charging it back to the student's account automatically.

In addition to potential revenue generation, a dynamic identity-issuance approach should result in a financial savings for an institution. Fewer siloed access-control systems means fewer administrators. It is also possible to eliminate the badge office, with its personnel and equipment, since there are no cards or fobs to buy, nor any administrative billing procedures for lost or stolen cards. Dynamic identity issuance solves many current access-control problems, and the ability for the technology to leverage existing infrastructure is definitely a selling point. There is no "rip and replace." It can be deployed incrementally.

Brooke Grigsby is the director of marketing at  Safetrust. The photo, from Adobe, is by Bull Run.