Client wanted to develop an access control system featuring remote data monitoring, extended battery life, and cloud-based device control for seamless user entry and exit data monitoring and better management of user data.
Europe
IoT
We help product teams building access control devices with reliable firmware, good battery life and cloud integration support.
MQTT integration with AWS IoT Core has specific implementation requirements - certificate-based authentication, topic design, QoS level selection, reconnection handling, and message queuing during connectivity loss. CoreFragment has implemented this integration on embedded hardware and knows the patterns that produce a robust, production-grade MQTT connection rather than one that drops events or fails to reconnect after a network interruption.
Remote device control - locking and unlocking doors, updating access rules, monitoring reader status - requires both firmware support on the device and a cloud management layer that administrators can use intuitively. CoreFragment helps you design and build both sides of that remote management capability, ensuring commands flow reliably from the admin interface through MQTT to the device firmware and that status updates flow back in real time.
If your deployed access control readers are experiencing intermittent authentication failures, dropped MQTT events, connectivity issues, or battery performance below specification, CoreFragment can audit your existing firmware, identify the root causes, and deliver targeted improvements. We frequently help clients with first-generation firmware that works well in testing but reveals problems at scale or in varied field environments and we bring the diagnostic experience to find and fix those problems efficiently.
Authentication firmware in an access control system needs to be fast, deterministic, and reliable - every card read must produce the correct result in milliseconds, under all network conditions, without fail. CoreFragment brings the firmware expertise and testing discipline to deliver authentication logic that performs consistently in production, not just in a demo environment. If your product needs firmware you can stake your security products reputation on, we help you build it.
The system addresses three primary use cases. First, user authentication - ensuring only authorized individuals can enter a premises by verifying smart card details against a centralized database. Second, real-time in and out data monitoring - providing administrators with a live, timestamped record of every entry and exit event for visibility and security purposes. Third, remote device control - allowing administrators to manage the access control readers and user permissions from a cloud-based platform without needing to visit each reader location physically.
When a smart card is presented to the reader, the firmware activates the card reader interface, reads the unique identifier of a card, and initiates a lookup request to the cloud database via MQTT. The cloud backend verifies the card ID against the authorized user records and returns an authentication result. The firmware receives this response, makes the access decision - grant or deny and simultaneously triggers the appropriate physical output (door unlock or alert) while logging the event back to the database. This sequence is optimized to complete within milliseconds for a seamless user experience.
MQTT (Message Queuing Telemetry Transport) is a lightweight publish-subscribe messaging protocol specifically designed for IoT devices with constrained resources and unreliable network conditions. It uses minimal bandwidth, has low overhead compared to HTTP, and handles intermittent connectivity gracefully - making it ideal for an access control reader that needs to reliably transmit entry and exit events to AWS cloud even on variable network connections. MQTT quality-of-service levels also ensure that critical access events are delivered and acknowledged, preventing data loss.
Each authorized user is issued a smart card containing a unique identifier. A reader device installed at the entry or exit point detects the card when it is presented, reads the unique ID of a card, and sends it to the backend database for verification. If the card ID matches an authorized record in the database, the system grants access and logs the event — recording the card ID, timestamp, and entry or exit status. This entire process happens in a fraction of a second. The event data is then transmitted via MQTT to AWS cloud, where administrators can monitor it in real time.
