Smart access control — one credential, every door.
Physical access control is what a building does with the credential a person already carries. Done well, the same FIDO2 / DESFire credential opens the gate, signs into the laptop, badges into the office, and pays for lunch. Done badly, every door has its own panel running its own protocol on its own database with its own keys in its own firmware.
What we build
Card-as-badge
FIDO2 + ISO 14443 Type A in one ID-1 card. Tap-to-unlock + tap-to-login on the laptop. See OnePass Card.
Reader / panel firmware
SAM-protected reader-side state machine. No issuer keys in panel firmware. Signed firmware updates with anti-rollback.
Issuer / KMS integration
Personalisation flow that pulls from the issuer’s identity-management system. Auditable; standards-aware.
When the door is the second factor
Many enterprises are evolving past “badge in, password at desktop”. With a FIDO2 OnePass Card, the same tap that opens the door logs the user into the workstation — passwordless — and badges them into the elevator system. The credential is physically present, hardware-bound, and never reveals a secret.
Migrating from legacy 125 kHz / MIFARE Classic?
The hardest part is the issuance flow, not the readers. We have done the migration twice over — happy to share the playbook.