Mobile credentials used for access control


In early 2021, LEGIC launched its new “Credentials as a Service” platform, LEGIC Connect Go. The trusted service consists of a high-availability, 24/7 cloud service that communicates with smartphone apps and LEGIC Security Modules embedded inside resources such as electronic doors, shared vehicles and industrial machines. The service is a “plug-and-play” version of LEGIC Connect which is a globally deployed service used for access control in the corporate, hospitality, education, and government sectors.

The service is targeted at services providers who do not want to deploy their own 24/7, high-availability cloud service for delivering mobile credentials to their users. Based on a LEGIC-provided trusted service, LEGIC Connect Go enables the easy implementation of smartphone app-based access to office equipment, park houses, industrial tools, shared vehicles, etc. 

Trending: mobile services

LEGIC Connect Go is addressing the growing trend of service providers to enable people to access almost any service via their mobile phones. This provides convenience as everyone owns a smartphone. It also eliminates the need for users to carry around smartcards or transponders which are easily forgotten or lost. LEGIC Connect Go also supports traditional smartcard processes and value chains, making it easy to extend existing smartcard-based services with a mobile app.

Another important benefit is that it allows services to be utilized without having to physical touch a shared console; the end-user only touches his/her smartphone to authenticate themselves and use a service. This provides the ultimate in hygiene, especially relevant in these times of COVID.

Easy Engineering: How does it work?

LEGIC: With LEGIC Connect Go, services benefit from mobile credentials created and uploaded in advance. Providers can then provision or sell the respective credential token to users as fits their service, e.g., as QR code or deep link via email or text message. 

Afterwards, providers can go offline and leave it to LEGIC Connect Go to automatically deliver mobile credentials on-demand. The software service is available 24/7, whenever and wherever authorized end-users request them.

Plug & Play access with a mobile app 

With LEGIC Connect Go, for example, makers of contactless locks for private homes and apartments can sell their NFC/Bluetooth enabled locks not only with physical smartcard keys, but also with ready-to-use QR codes that give users instant smartphone access to their homes or offices. The lock maker requires no 24/7 service, LEGIC takes care of it for them.

E.E: What were the challenges that you encountered?

LEGIC: Creating LEGIC Connect Go was a complex design challenge as it requires three different service elements to work seamless together. On the software side, LEGIC must provide a secure, high-availability cloud service that is able to provide mobile credentials to end-users on a 24/7 basis. In order to prevent unauthorized access, end-to-end encryption had to be deployed. The entire system must be regularly audited in order to provide customers with confidence that only authorized users can access their services. 

The second software element provided by LEGIC is a mobile SDK that had to be developed for both Android and iOS smartphones. Service providers then create their own apps based on the SDK which allows end-users to receive mobile credentials and interact with their services via a secure, branded interface.

A bullet-proof hardware security module is required

Finally, a Security Module based on the LEGIC SM-6300 completes the end-to-end system. The LEGIC Security Module is based on an ARM processor integrated with a secure element for storing highly sensitive encryption keys, as well as an RF transceiver, all in a tiny 8 x 8 mm package. Through symmetrical encryption, the Security Module communicates with the end-user’s smartphone via Bluetooth or NFC to authenticate and grant permission to use a service. The module is typically embedded in end-devices such as electronic door locks, IT equipment, park house entry gates and POS terminals.

Example customer for LEGIC Connect Go: Y Soft

Founded in 2000 in the Czech Republic, Y Soft is a global provider of intelligent enterprise office solutions. The company’s print management platform, YSoft SAFEQ, is used by global customers to aid in reducing print infrastructure and overall print services costs. A key feature of YSoft SAFEQ is secure access to printers through smartphone-based authentication. Using contactless readers to authenticate staff is a convenient feature which is becoming increasingly important to customers.

Leveraging smartphones for increased convenience and security

As security is a top concern for Y Soft and mobility is increasingly desired by users, Y Soft sought to develop a way for smartphones to replace traditional ID cards. The smartphone has the inherent advantage of being able to provide a second layer of security – only the owner knows the PIN or can provide biometric data to unlock the phone.

At the same time, the COVID pandemic introduced a new area of demand: hygiene and elimination of the need for users to touch the printer to authenticate and retrieve print jobs. The smartphone coupled with a smart phone reader and LEGIC Connect Go would provide the answer. YSoft MFX Mobile Reader™ is the resulting solution.

Deploying mobile credentials with LEGIC Connect Go

Y Soft turned to LEGIC for assistance in the automated distribution of mobile credentials, the first layer of security. Leveraging LEGIC Connect Go, Y Soft was able to develop a smartphone app, YSoft Mobile Connect™ which uses a 24/7 high-availability service backend for credential distribution provided by LEGIC. Coupled with a reader that supports Bluetooth and NFC, the YSoft MFX Mobile Reader™ provides the accuracy, security, hygiene, and mobility that customers require. Click here to watch the explanatory video.

With LEGIC Connect Go, Y Soft partner resellers can grant or sell registration keys (YSoft Connect ID™) to users via PIN, QR or bar code. LEGIC Connect Go automatically delivers mobile credentials linked to the registration keys on-demand. The high-availability service is available 24/7 and can deliver credentials whenever and wherever authorized end-users request them.

With YSoft MFX Mobile Readers embedded with the LEGIC SM-6300 Security Module, employees and visitors can be instantly authorized to securely print documents at the printer of their choice using only an iOS or Android smartphone-app.

E.E: What are your estimations for the end of the year?

LEGIC: Mobile credentials-as-a-service is a growing market which serves the general trend towards smartphone-based control of virtually anything. Already widely deployed for access control in offices and hotels, the technology is easily applicable to many man-machine interactions such as booking a parking space or locker, as well as for rental cars and shared vehicles. 

According to Gartner, 20% of organizations have already migrated to smartphone-based access control in place of smartcards; in 2016 it was only 5%. According to Markets&Markets the market for mobile credentials has already surpassed 1.7 billion USD as compared to 550 million USD in 2015 – a CAGR of 25%. 

The drivers of this growth are: 

Convenience: no need to carry a separate smartcard to access services

Security: smartphones provide biometric authentication which is not natively supported by smartcards

Combination with other smartphone apps: for example, a smartphone-based hotel room key app can easily be combined with customer loyalty offerings such as discounts to hotel restaurants and other hospitality services.

LEGIC Connect Go

Carl Fenger, Technical Communications Manager at LEGIC Identsystems AG

Binzackerstrasse 41, 8620 Wetzikon, Switzerland