Versions Compared

Old Version 3

changes.mady.by.user Chad Fay

Saved on

compared with

New Version Current

changes.mady.by.user Chad Fay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Iframe
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/Credentials.png
width253
frameborderhide
titletriple_unlock_technology
alignmiddle
height248
longdesctriple unlockTriple Unlock Technology

When a credentialed user approaches the reader and enters the overlapping Bluetooth range of both the phone and the reader, the reader makes a handshake with the mobile phone (in listening mode), which allows sustaining the connection to be sustained. The reader waits for a trigger event to activate the unlock process. The trigger event could be a hand wave in front of the reader, touching the reader, or pressing the unlock button on the phone app.

In addition to mobile, Avigilon Alta also supports other credential formats for unlocking entrances via the reader: physical cards/badges, physical key fobs, as well as and the option to enter a keycode (on the keypad reader only.)

Given all of the different access capabilities and the underlying technologies they rely on, there are optimal reader and mobile app settings and installation and environmental considerations to ensure a reliable unlock experience.

The purpose of this document is to review the various factors that may affect the unlock experience and provide guidance on what you as a customer or installer should consider when architecting your Avigilon Alta access control deployment.

Mobile Device Considerations

A variety of factors can affect a device’s compatibility as well as performance when used as a mobile credential. These include, among other things, the type of phone, settings, configurations, and current state. The below section will cover requirements and considerations that should be taken into account when exploring mobile credentials.

Basic compatibility requirements

Mobile credentials can be used with Android or iOS devices, and the smartphone must be running a version of the OS that is supported by the approved app, available in the Apple App Store, and the Google Play Store (please refer to the guidance in the App store to see the current supported OS versions). The device must also have LTE, Wi-Fi, and Bluetooth capabilities.

Configuration and current state

In order to To use one’s phone as a credential, it must be powered on. If it has zero battery or is powered off, one should not have the expectation expect that the phone can be used to unlock an entry via the Avigilon Alta Access control system. Secondly, the Alta access application must be installed on the phone for unlock to work. In addition to having the app installed, the user must be issued a credential by the administrator, and the credential must be provisioned on the App installed on the phone. Third, the phone must have Bluetooth, Wi-Fi, and/or LTE capabilities turned on, and the app must be given explicit permission to use Bluetooth, Wi-Fi, and/or LTE capabilities when installing the app. Without these radios enabled and permissions granted, the phone will not be able to be used as a mobile credential. For example, if a user has their phone in airplane mode with Bluetooth, Wi-Fi, and LTE disabled, their phone will not be able to send out a signal to the reader.

Note that there is a function called “Visitor Pass” Guest Pass which can be issued one-off to allow guests access to a reader through their mobile device. The user is sent a web link to click on their device via the browser running on the smartphone (this assumes access to the internet) that allows them to use a reader to unlock an entrance by sending a command over the internet.

...

In some circumstances, the Android version of the Avigilon Alta mobile app can use NFC on Android devices as an additional authentication method. However, you need to confirm that the version of the mobile app you are running is one that does support NFC and that the phone supports NFC to be able to take advantage of this authentication method. At this time, NFC is not yet supported on Apple devices.

  • Restrictions and permissions on the phone

If your organization uses a mobile device management system that restricts capabilities on the phone, such as enabling or disabling Wi-Fi or Bluetooth, or limiting the installation of apps and credentials, it may limit the ability to use tools needed to make the mobile credentials work.

Performance Variables

One of the reasons that we developed our Triple Unlock technology was to compensate for the variations in performance of any single factor. This reduces the reliance on one technology, such as just Bluetooth or just Wi-Fi, and eliminates the risk of having a single point of failure. While it is well known, it is worth stating that LTE coverage in certain regions, cities, or even buildings or areas of a building, can vary greatly and impact the ability to send and receive communications on the LTE network. Similarly, Bluetooth capabilities vary across Apple and Android, and different versions of phones. Thus, there is a variable range in how Bluetooth may function on different devices, and as a result, may be unreliable at times. Finally, Wi-Fi performance depends on the strength of the Wi-Fi signal, the phone’s ability to connect to the Wi-Fi network, and the strength of the overall network connection. Sometimes Wi-Fi networks are well-connected and highly performant, and sometimes they are not.

...

Performance data from our end users show that Android smartphones (across a wide variety of manufacturers) prior to before 2023 have demonstrated less effective Bluetooth performance than comparable year iOS phones when looking at a 5-year period.

Readers

Just like with mobile phones, there are a variety of factors that affect reader performance, the type of credentials that a reader can use, and the ability of the reader to communicate with a mobile device. These factors include settings, proximity to other readers, connectivity, and type of reader.

...

The ability of the reader to connect to and communicate with the credentialed device impacts the performance of mobile credentials. This can be negatively impacted by poor LTE signal, weak or unreliable Wi-Fi, or Bluetooth interference. Physical obstructions can also impact connectivity, such as a wall or pillar blocking the line - of - sight to the phone. 

There are some Some things that can be done to mitigate these issues. For example, if your location has a poor LTE signal, you could consider an LTE booster to improve the signal. Wi-Fi connectivity may be improved by installing a Wireless Access Point closer to the readers. Additionally, set the read range to the longest distance, ensure a clear line of sight between the phone and the reader, and ensure there are no other readers in close proximity.

...

If multi-factor authentication is required, this can be achieved using a keypad reader (keycode plus physical or mobile credentials). Or, a secondary reader can be connected to an Avigilon Alta reader. For example, connecting a biometric reader would enable you to require a fingerprint and a physical or mobile credential to access.

  • Environmental Conditions

As touched upon above, the location of your reader has a lot to do with the performance of mobile credentials. Certain locations may have poor Wi-Fi or connectivity, which reduces your ability to use multiple options for unlocking. For example, a parking garage may have no Wi-Fi or LTE single, so it must rely on Bluetooth. In these deployment scenarios, you may want to consider whether it makes sense to support physical credentials for access.

General Recommendations

In most situations, we recommend users wave their phone close to the reader instead of relying on their hand to trigger an unlock. This allows organizations to achieve a balance between security and convenience while creating a more consistent unlock experience. Using a phone to activate the reader allows you to set the BLE range to low, reducing issues that may be caused by another mobile credentialed user in close proximity. Longer range BLE settings (those that would support waving a hand in front of the reader instead of a phone) are best reserved for entrances that require a lower security posture, like general lobby entrances or parking gates. 

Additionally, training users to wave their phone in front of a reader creates a consistent approach that maximizes the use of all connection types – Wi-Fi, LTE, Bluetooth, and NFC (currently only available on Android). This reduces the reliance on one technology and ensures the most reliable unlock experience.

A note on personal choice

In some circumstances, individuals may be unwilling or unable to install the mobile app on their smartphone. If you think this may be a concern in your deployment, we recommend conducting a survey or an audit amongst end-users to determine the likely adoption of mobile credentials. It may also make sense to evaluate your organization’s use of mobile phones in your environment, and what options may be available for offering the mobile app. Many organizations end up offering end users the choice to install the Alta Access mobile app or be issued a physical credential. 

Furthermore, as mentioned earlier, in the process of installing the app, the end user must choose to allow the app permissions on their phone for it to function properly. And, the end user must choose to turn on various settings on their phone: LTE, Bluetooth, and Wi-Fi, and they must choose to leave their phone on in order for it to work. 

The fallback for all situations is a physical credential. Avigilon Alta supports a variety of encrypted and unencrypted keycards and fobs, which are always viable options in cases where mobile credentials are not a good fit for users or the environment.