Using the open LEAF standard, the US company helps campuses own their own encryption keys
As higher education grapples with new options for access control and security on campus, issues surrounding credential technologies, reader technologies, future proofing, and open standards are forefront. CR80News caught up with Rich Price, Director of User Experience at WaveLynx Technologies to learn about the company’s work in these areas. WaveLynx builds standards-based access control readers and related products.
WaveLynx Technologies was founded in 2012 by serial entrepreneurs Mike Conlin and Hugo Wendling. Their goal was to create a truly open, interoperable line of physical access readers and credentials. They launched their initial line of readers in 2016, and since then have experienced 100% year-over-year growth.
Describe WaveLynx and the company mission?
Price: We exist to empower access control end-users to resolve security threats with secure and open tools so they can be in control. Our mission is to build advanced access control products and design transition plans that support legacy, current, and future technologies.
We did this by contributing to security industry standards and implement them in our products, and cultivating strategic partnerships that result in open solution ecosystems. We helped to pioneer the standards-based LEAF platform that delivers credential interoperability, empowering choice via an agile data model, custom cryptographic keys, and an open ecosystem. We have successfully streamlined the process for generating and managing end user owned unique encryption keys and can easily scale.
We were recently awarded ISO 9001 certification for our production facilities ensuring that we continue to adapt and respond to market needs while striving for excellence at all times. WaveLynx is committed to success through innovation and open standards.
Tell us about the current product and service offerings.
Price: WaveLynx offers a full line of advanced access control products. At the core, our line of Ethos Readers offer multi-technology support for prox, smart cards and mobile credentials. They offer patented OSDP Auto-Detect and Prox Filtering. They also feature OSDP File Transfer for remote updating of firmware, reader configuration and encryption keys making them ideal for transitions away from unsecure access ecosystems. We provide a range of smart credentials including MIFARE DESfire Ev2 and Ev3 based cards and key fobs as well as MyPass Mobile Credentials. Our Cc Custom Keysets are cryptographic keys that facilitate secure interoperability and put end-users in control. Our custom encryption key clients can own their keys while benefiting from WaveLynx’s robust key management services.
What is in development or on the horizon for WaveLynx?
Price: We recently launched MyPass Mobile Credentials, offering a secure, yet simple mobile credential solution to the market. MyPass Mobile Credentials are available for download today at no charge. We believe the mobile adoption rate has been hindered by cumbersome subscription fees, complex enrollment processes and limiting factors. MyPass Mobile Credentials are access control system agnostic, simple and quick to activate and comes with no financial risk as it is free. As the market continues to adopt mobile credentialing – we call it ‘mobile distancing’ in today’s environment – WaveLynx is working on a Mobile LEAF solution, which will enable unlimited interoperability, promote customer-owned unique encryption keys and run on Near Field Communication (NFC) across all mobile platforms.
Can you give us the elevator pitch for the LEAF protocol?
Price: LEAF began as one man’s concept for driving secure, interoperable encrypted credential technology into the market and it has evolved into a growing consortium of manufacturers who are aligned with those same ideals. The LEAF name represents several things today:
- It’s a specification defining a smart card data structure made available to all manufacturers who can choose to enable their devices to read a LEAF DESFire EV2 card
- It’s a consortium of manufacturers who have indeed adopted it and as the consortium expands
- LEAF becomes a standard for smart, secure credentials.
You can find the growing list of manufacturers and devices that are LEAF enabled at LEAFIdentity.com.
How is the WaveLynx model different for the higher education market?
Price: At WaveLynx, we empower choice for end users, thereby placing them in control of their destiny. We create secure and open access control systems by providing campus end-users with standards-based and agile technologies, consultative guidance, and customer-centered support. This empowers the campus to transition away from unsecured and proprietary legacy systems at their own pace and within their budget constraints.
Campuses are complex environments in need of one card, multiple application solutions. Our Cc Custom Keysets and the LEAF data model enable a single credential to facilitate the secure storage and retrieval of access control data as well as campus and custom application data such as POS, transit, biometric, and user rights.
What has LEAF and owning your encryption keys allowed UGA to do with current projects on campus?
Price: UGA has been in the driver seat for creating an open and interoperable LEAF-enabled campus. They alone control who is included in their program because of their end-user owned encryption keys. UGA shares their unique keyset with the manufacturers of their choice, and only then can those manufacturers enable transactions using a UGA-issued credential. Recently, UGA allowed Coca-Cola and snack vending to enable their readers with UGA’s LEAF keyset, thus enabling the vending machines to read the LEAF Campus Application data from the UGA student ID cards.
Update: U. of Georgia’s LEAF-enable card program
Last year, CR80News covered UGA’s card system and their decision to build a card ecosystem from scratch based on the LEAF standard. To get an update, we caught up with Bill McGee, UGA’s Director of IT for Auxiliary Services and member of the OneCard Oversight Committee.
Now that another year has passed, are you still convinced that owning your own keys is a step worth taking?
McGee: Owning our keys has allowed us to make many decisions on how we move our program forward. The advantage is we are not locked into a single vendor. We are able to work with others to get the best possible solutions for UGA by working with all vendors we choose.
Have you migrated additional functions beyond access control to contactless?
McGee: Yes, our 450 vending machines will be enabled this summer. We are also in progress to add contactless to the POS system for payment and commuter meal plans so the student can tap and there is no exchange between the student and cashier.
Are you happy with the performance of the DESFire EV2 credentials?
McGee: Very happy. The read range is better than EV1 and faster. We can also buy cards from any vendor to get the best price and we have WaveLynx encode them in the US.
Do your credentials still feature a barcode and mag stripe, or have you reached a point where those legacy technologies can be phased out?
McGee: Yes, we plan to continue to print the barcode and have the mag stripe for the next two years to ensure any legacy systems can access the card.
How have the WaveLynx card readers performed on campus?
McGee: We have installed nearly 2,000 card access readers with no major issues. Since they are produced in the US by WaveLynx, they can address any issues we encounter in real time.