SCHLAGE 101

• A credential is anything that can identify you to a decision making system or device to gain access
• In access control, a credential can be something you are (fingerprint), something you have (key, card, fob, phone), and/or something you know (PIN code)
• When an electronic credential (example: badge or fob) is presented to a credential reader, the reader sends the credential’s information, usually a badge number to the access control system  for verification
• The access control system compares the credential’s number to its programmed list of credentials, grants or denies the request, and sends a transaction log to a database

Credentials are no longer reserved for just perimeter access control. As more business adopt electronic across control, there is a greater appreciation for the value they provide, namely enhanced security, more efficient management and greater convenience. Today, credentials are used in a variety of interior and exterior applications including:

• Higher education - building entries, offices, classrooms, laboratories, dorm rooms, equipment rooms, IT rooms, parking gates, out buildings, etc.
• Health care - building entries, offices, laboratories, medical supply storage, records rooms, IT rooms, etc.
• Corporate/commercial - building entries, offices, records and storage rooms, shared spaces, amenities, IT rooms, elevators, parking gates, etc.
• Multifamily properties - building entries, resident unit doors, common areas, amenities, parking gates, pool gates
• Retail - primary and employee entries, storage rooms, offices, etc.

• Convenience - Rather than carry a key for each room, a single credential can provide a frictionless experience while users move from one space to the next with ease
• Time and cost savings - Simple creation and deactivation of electronic credentials save time cutting new keys or rekeying locks when keys have been lost or stolen; some solutions allow remote credential management which saves on time spent visiting each door, especially at large properties
• Control - By requiring personalized credentials, system administrators can control who has access to specific doors at specific times
• Visibility - Insights into what's going on inside the building through audit trails help users manage their facility as well as the staff or occupants within it
• Key management - With electronic credentials, facilities can reduce the distribution of mechanical keys and mitigate risks associated with lost or stolen keys, improving efficiency and security
• Future growth - An open architecture credential solution allows end users’ security solutions to evolve along with advancing technology and the changing needs of their facilities

• While electronic solutions have grown in popularity, there are many applications that still require mechanical hardware and successful properties blend the two for a holistic experience
• The article, Back to the basics: Readers and credentials, provides more depth on mechanical vs. electronic and advice for figuring out the needs of each door
• Physical credentials can be contact-based, which requires the credential to be swiped or touched by the reader or they can be contactless, which only requires a certain proximity or range to communicate
• It is recommended to choose a technology that can be programmed by multiple companies to provide future flexibility

• Mobile credentials are software-based and reside on a smart phone; they are secure and feature the latest in encryption technology
• Mobile credentials eliminate plastic waste; they are easy to replace if lost of stolen since they can be issued virtually from anywhere
• There are two types of mobile credentials available in the market, each has a slightly different user experience
• Bluetooth® low energy (aka BLE) credentials utilize Bluetooth communication to send the credential to the reader for authentication
  • In most cases, the user must open the app on a smart phone and select the specific reader for access
  • The typical read range is up to 5', for applications such as parking gates, specific devices can be configured to a read range of up to 30'
  • Many multifamily sites have adopted these types of credentials to deliver No-Tour functionality; eliminating the need for property managers to visit each lock or reader to update access rights
• Near Field Communication (aka NFC) credentials closely mimic a smart card experience for authentication
  • There is no need to open an app to use wallet based NFC credentials, however the phone (or Apple Watch) must be presented in close range to the reader to enable the communication
  • NFC credentials are wallet-based and require integration between technology leaders (Apple and Google) and Campus Card/One Card/Access Control providers
  • Wallet-based NFC credentials can provide increased utilization across multiple applications including POS and vending
  • In the higher education market, mobile student id has been adopted by select colleges and universities
  • To learn more, view the mobile credentials for higher education FAQs

There are many different types of form factors when it comes to physical credentials. From fobs to ID badges, wristbands and mobile phones - each has its own unique set of advantages and disadvantages for users.

Key fobs, ID cards and wristbands 

• Physical credentials carried by users
• Grant access with a tap, swipe or wave
• Common applications: K-12 perimeter security, higher education residence halls, health care high security areas, government buildings and commercial office spaces
  
• Upsides to this traditional model include broad hardware support, low cost, as well as ease of use and deployment
• Downsides include plastic waste, varying degrees of security and time associated with administration and replacement
• When considering this option, look for high-security encrypted credentials that minimize the ability to be replicated and offer multiple storage options beyond access control

Keypads and PIN 

• Used when doors have keypads
• Grant access when users enter the appropriate PIN
• Common (multi-factor) applications: High-level security spaces such as records rooms, data centers, server equipment rooms and more
• The benefit to the user is user convenience, as it does not require individuals to carry something with them
• Possible drawback is creating a potential security risk if the PIN is used as the sole credential
• To solve for this, the PIN can be used in combination with an ID card, fob or wristband, providing greater security with multi-factor authentication

Mobile

• Mobile credentials protected and stored on users smartphones
• Grant access when user opens mobile app and motions/taps on door and can also be used beyond to access control when added to the Apple Wallet or Google Pay
• Common applications: Multifamily entrances and common areas, commercial office perimeters, office doors, common areas and amenities
• The benefit to the user is user convenience, as it does not require individuals to carry something additional with them
• Possible downsides are mobile implementation support and connectivity problems    

Mobile (includes Bluetooth® low energy (BLE) and Near Field Communication (NFC))

• Based on latest encryption technology, using phones as credentials
• Eco-friendly; eliminates the need to replace cards or issue new ones
• Increased use of smartphones and apps makes them more common

Smart technology (13.56 MHz or high frequency )

• Most secure contactless option
• Advanced data encryption makes duplication nearly impossible
• Two-way communication between the card and reader provides mutual authentication
• Multiple sectors on the card allow for storage beyond access control, including data storage and cashless vending

Proximity (125 kHz or low frequency)

• Contactless card that doesn’t require physical contact with the reader
• May be read from within a few inches of the reader depending on the reader and card
• Storage limited to card number alone
• Limited security, duplication possible

Magnetic stripe 

• Card credential must be swiped through a reader
• Limited encryption, which is more susceptible to duplication
• One-way communication only, making duplication possible
• Also known as 'mag stripe'

• Multi-factor authentication increases security in sensitive areas by requiring users to provide multiple credentials to gain access
• Could include any combination of the common authentication factors:
  • Something you have (keys, cards, fobs or mobile devices)
  • Something you know (the PIN code for a keypad or a password)
  • Something you are (biometric asset such as fingerprint) 
• Ideal for spaces that require a high level of security to protect private, dangerous expensive materials, goods or information such as:
  • Healthcare - Records room, biohazard areas, pharmaceutical areas, laboratories and more
  • Commercial - Data centers, server equipment rooms, records rooms, and more
  • Higher education - Research labs, records offices, dorm rooms, and more
• For maximum security, we recommend using a multi-factor reader such as the Schlage MTK15 or MTKB15 with smart cards or mobile credentials to reduce risk of unauthorized use and duplication

More security

• Because proximity and magnetic stripe cards are unencrypted, upgrading from one of these legacy technologies to smart card technology or mobile credentials can significantly improve security
• There are devices available for purchase that can copy unencrypted credential information and even YouTube tutorials for cloning proximity cards. There are also the kiosks like Key Me that duplicate RFID credentials
• While smart card technology can be duplicated, it’s far more common with unencrypted technologies like proximity and magnetic stripe cards
• Mobile credentials can use the same level of encryption as smart cards, and in some cases these technologies use more advanced encryption; it’s based on the design of the mobile credential, so it’s important to inquire about the encryption upfront

Utility beyond access control

• Smart cards and NFC mobile credentials have more secured utility beyond access control, they can also be used for vending, secure printing, POS, and more
• Embracing technology for better user experiences can be beneficial and lead to a safe and seamless experience

Encryption is like a technologically advanced handshake. It protects the data being relayed between the reader and credential by essentially taking the information in the chip of the credential, shredding it apart, sending it to the reader and putting it back together. It does this by using a microprocessor and encryption algorithm to protect the data when it is transmitted over the air.

Understanding what you have today and where you want to go tomorrow will help you to plan a migration path—a strategy to upgrade your credential platform.

• Do you have hardware in place that will support the new smart card or mobile technology?
• Do you need to upgrade your readers?
• Does your access control system support mobile?

All of this should be considered as you strategize your transition. 

Here are some possible recommendations to consider when developing a migration path:

• Remember that this will look different for each organization. It should be a personalized approach that fits your needs
• Document your current state and ideal future state, knowing it might not be a direct jump from one to the other
• Involve all the stakeholders upfront. Communication and collaboration are crucial
• Review the pros and cons of upgrading, challenges, possible scenarios and more with your team. For example, a pro for mobile would be it can deliver a better user experience. A con could be the upfront investment in new readers
• Think about future proofing. The interoperability of the credential technology is important to your future choices in hardware and software. Regardless of the technology you choose, it’s important to pick an open, secure platform
• Contact Allegion for assistance

To look at a couple common scenarios that colleges and universities face, read The path to more secure credential technology.

• In this world of acquisitions, mergers, and multiple/remote office locations, large organizations often find themselves burdened by a hodge-podge mix of card and reader access control technologies
• Multi-technology readers allow you to have blended reader populations and blended card populations for an indefinite period of time without compromising the functionality or reliability of your access control system
• Multi-technology readers are very affordable and just as reliable and easy to install as the familiar proximity reader
• Offering performance, security and unprecedented versatility, these products are truly today’s value leader and have become the new standard in reader technology

Like a file cabinet, a smart card can store many different types of information and be used for applications beyond access control. Examples include:

• Secure printing
• Transportation
• Cashless vending
• Cafeteria services
• Logical access

Support for these additional applications will vary by system, please contact your technology, campus card or access control provider for additional details.

Selecting the most effective credentials for your organization can be challenging as many considerations should be reviewed to help make the right decision. There's no one-size-fits-all solution. The goal is finding the right balance between both security and convenience for each organization. Key factors include:

• User experience - There are many different types of form factors when it comes to physical credentials. From fobs to ID badges, wristbands and mobile phones - each has its own unique set of advantages and disadvantages for users
• Type of credential you want - Today, more organizations are using advanced forms of credentials that include both physical ID cards and mobile credentials
• Additional uses you may want for your credential - Security and IT professionals are faced with a myriad of choices when it comes to credentials as functionality can go well beyond access control. In many cases, a single credential can be used for secure printing, point of sale, cashless vending, public transportation and more
• Future growth - It’s important for key stakeholders to analyze how their credential platform can deliver the most value for their organization, now and in the future

Read the article, Four things to consider when choosing your credentials to learn more.

Often overlooked or underestimated, the key to flexible security lies in open architecture. Unlike traditional systems that are only compatible with a specific brand or version of software, open architecture allows systems to be compatible with both existing and future software from third party providers.

Open vs. closed: Why does it matter?

• Technology is moving so quickly that it’s really important to have the ability make changes over time as your needs change and new features and capabilities become available
• Open architecture systems provide a solid platform on which integrators and end users can build solutions that meet today’s needs without restricting future options
• This level of flexibility not only protects the end user’s financial investment in a security system, it also protects the integrator’s relationship with clients by providing a wide range of fully customizable options that can be used to address any future challenges
• Creates ability for flexible systems that allows you to pick and choose the right components to tailor that overall experience, rather than a one-size-fits-all approach
• Can allow companies to easily transition to shared spaces by assigning individuals access to specific openings throughout the building; those authorizations can then be adjusted or rescinded at any time, as needed

• Interoperability enables various technology systems to communicate and exchange and interpret information
• This permits the credential to work with existing or different software, hardware and applications beyond access control
• Open, interoperable credential technology should be built on an industry standard like MIFARE technology by NXP, for example
• Unlike proprietary solutions, choosing credential technology that is open and widely known allows for more platforms with which it can work seamlessly
• Advantages include freedom, uninterrupted experience, control over costs, security and future proof

Learn more about the value of interoperability in higher education.

• Video Series: Intro to Access Control
  
• Article: Back to Basics: Readers and Credentials
• Article: Electronic Access Control Beyond the Perimeter
• Article: Four things to consider when choosing your credentials
• Article: Four common credential migration scenarios
• Guide: Credentials Security Guide
• Interactive tool: Allegion in Action

Don't see what your are looking for? Click on the "+ Need more help" below.

• Schlage Mobile Bluetooth® Credentials
• Schlage Mobile Student ID
• Multi-Technology Credentials using MIFARE® DESFire® EV
• Schlage 13.56 MHz MIFARE® DESFire® EV Smart Credentials
• Multi-Technology Credentials using MIFARE Classic®
  
• Schlage 13.56 MHz MIFARE Classic® Smart Credentials
• 125 kHz Proximity Credentials

Don't see what your are looking for? Click on the "+ Need more help" below.

• Schlage Custom Encryption Key Service
• CardTrax™ Account Tracking Service
• Custom Artwork Service

You can contact Allegion Customer Service (Sales Support) or Technical Support (Product Support) by phone or by email.

To contact by phone: call 877.671.7011

PRESS Option 1 for Customer Service then select your specific product category:

• Mechanical Locks & Keying Systems by Schlage, Falcon or Dexter PRESS 1
• Electronic Locks, System Components, Biometrics, Readers or Credentials PRESS 2

PRESS Option 2 for Technical Support then select your specific product category:

• Mechanical Locks & Keying Systems by Schlage, Falcon or Dexter PRESS 1
• Electronic Locking Products AD, CO, NDE, LE, Control, Express, Engage, Multi-Family Solutions, ISONAS Hardware or Pure Access Software PRESS 2
• For AD, CO, PIM, Express, BE367/FE210 and all legacy related locks like CM and King Cobra, PRESS 1
• For ENGAGE related products including NDE, LE, Control, CTE and Gateway, PRESS 2
• For ISONAS Hardware and Pure Access Software, PRESS 3
• Readers and Credentials, Biometrics or System Components such as Maglocks or key switches by Schlage or Locknetics PRESS 6

PRESS Option 3 to reach your local sales office, you will be directed based upon the area code from which you are calling

EMAIL CONTACT:

Sales Support (Customer Service for all Product Categories and Regions) - support@allegion.com

Technical Product Support:

• Mechanical Locks & Keying Systems-Schlage, Falcon, and Dexter - mechanical_locks_techprodsupport@allegion.com
• Electronic Locking Products - AD, CO, NDE, LE, Control, CTE, Schlage Express, and Multi-Family-Schlage electronic_lock_techprodsupport@allegion.com
• ENGAGE, NDE ,LE, Control, CTE and Schlage  Multi-Family Engage.Tech.Prod.Support@allegion.com
• Isonas  Isonas.Tech.Prod.Support@allegion.com
• Readers, Credentials, Biometrics, System Components - Schlage, XceedID, Locknetics - readers_credentials_biometrics_techprodsupport@allegion.com