DMP CMC-2 Conekt Bluetooth Mobile Credential Reader
The DMP CMC-2 is a Bluetooth mobile credential reader designed for smartphone-based access control integration into existing DMP Conekt-enabled systems. It eliminates the operational overhead of managing physical proximity cards and key fobs by authenticating users directly from their mobile devices via Bluetooth Low Energy (BLE). This approach reduces credential replacement costs, lowers lost-card incidents, and simplifies user onboarding — users provision themselves through the Conekt Wallet app without IT involvement. It's best suited for organizations seeking a bridge between legacy DMP infrastructure and modern mobile-first access policies.
Key Features
- MIFARE DESFire EV1 Encryption: Military-grade cryptography. Prevents cloning and unauthorized credential duplication, meeting financial-sector and government-facility compliance standards.
- Bluetooth Low Energy (BLE) Protocol: Wireless communication eliminates reader wiring complexity at each door. Battery drain on user devices is minimal (passive listener model).
- Conekt Wallet App Provisioning: iOS and Android support. Users self-provision credentials without hardware issuance; admins manage access rules and expiry centrally via DMP control panel.
- DMP Native Integration: Works exclusively with DMP Conekt-enabled readers and access control panels. No third-party VMS or API gateway required; authentication logic runs natively in DMP firmware.
- Dual Credential Fallback: Supports MIFARE DESFire alongside standard proximity cards on the same reader, allowing phased migration from card to mobile without replacing hardware.
- Smartphone Platform Agnostic: Works on any iOS or Android device capable of running Conekt Wallet; no proprietary hardware lock-in beyond the reader itself.
- Standard Access Control Wiring: Reader installation uses conventional DMP door-control circuit; no new network infrastructure or PoE+ upgrades needed.
Operationally, the CMC-2 shifts credential management from physical issuance to software provisioning. Users activate the Conekt Wallet app, enroll their device, and receive instant door access — no laminate delays, no card stock inventory. From an administrative standpoint, credential revocation happens with a single command in the DMP access control panel; there's no residual card circulating on a user's keychain or desk. This is particularly valuable in high-turnover environments (hospitality, healthcare, contract labor) where lost cards and forgotten fobs create compliance friction.
The BLE wireless protocol is range-limited to approximately 10-15 feet depending on reader antenna and ambient RF interference — sufficient for typical doorway mounting but inadequate for long-corridor or perimeter gate deployments without intermediate relay readers. Credential provisioning requires the user's personal smartphone to have active Bluetooth enabled; users cannot delegate access to a second device without re-provisioning. For organizations with BYOD policies, this creates a user experience advantage (one device, one credential). For organizations managing corporate-issued devices with strict app whitelisting, pre-load Conekt Wallet during device imaging to avoid app-store friction during onboarding.
The CMC-2 is tightly coupled to DMP's Conekt ecosystem — it does not interoperate with third-party readers, ONVIF-compliant systems, or cloud-based access platforms. If your organization runs a heterogeneous access stack (DMP panels at some sites, Honeywell or Salto elsewhere), the CMC-2 credential is locked to DMP locations only. Conversely, if your entire access infrastructure is DMP-centric, the mobile credential pathway is the fastest way to deprecate physical cards without ripping out readers or controllers. Total cost of ownership improves when card replacement frequency exceeds 20% of the user base annually; below that threshold, the software licensing and app-deployment overhead may not justify the investment.
The CMC-2 carries a standard manufacturer warranty covering the reader hardware and the DMP panel's firmware support for BLE credential authentication. Compliance with PCI DSS is maintained via MIFARE DESFire encryption; healthcare environments using DMP systems can treat the mobile credential pathway as HIPAA-compliant if the Conekt Wallet app is deployed on a managed, encrypted device. Refer to the DMP Conekt datasheet and your access control system's firmware release notes to confirm mobile credential support before deployment.
Marty AllisonPerspective based on aggregated IP Security Depot and affiliated engineering team experience.
We've deployed the DMP CMC-2 across hospitality chains, corporate campuses, and municipal facilities transitioning from card-based access to mobile credentials. The appeal is straightforward: users arrive with a smartphone in hand, not a keychain full of cards, and IT teams stop managing physical credential lifecycle entirely. In our experience, the biggest win is credential revocation velocity — a terminated employee loses access the moment their credential is deactivated in the DMP panel, without waiting for card collection or worrying about a card ending up in a drawer somewhere. The BLE protocol is a double-edged sword: it's wireless, so you avoid new wiring at every door, but it's also short-range and requires the user's personal device to be powered on and Bluetooth-enabled. We've seen deployments stumble when organizations assumed users would always carry charged phones (spoiler: during extended outages or in low-battery mode, Bluetooth gets disabled). That said, for organizations already managing corporate mobile devices or running a BYOD program with device management (MDM), the CMC-2 is a natural addition to the standard app roster.
Technical Highlights:
- MIFARE DESFire EV1 Encryption: Provides cryptographic protection equivalent to proximity-card credentials but with substantially lower cloning risk. The reader validates the credential's digital signature, not just its UID, so stolen credential data cannot be replayed or emulated by RF sniffing — the cryptographic handshake must complete.
- Bluetooth Low Energy (BLE) Range & Power Profile: Effective range 10-15 feet in open air; throughput is negligible (single credential read takes ~200ms). Battery impact on user devices is minimal because BLE is a low-power protocol; however, continuous scanning drains faster than passive NFC. Users will notice Bluetooth-on mode costs ~3-5% battery per 8-hour workday if Conekt Wallet runs in background.
- Conekt Wallet Provisioning Model: Credentials are provisioned over-the-air (OTA) through the Conekt Wallet app; no physical card issuance hardware required. Admins assign credentials, set expiry windows, and revoke access entirely through the DMP control panel — no secondary credential management system. This is a genuine time-saver for high-turnover environments.
- DMP Panel Integration: The CMC-2 reader communicates credential data back to the DMP access control panel via standard wiring (typically RS-485 or wired protocol, depending on your reader model). No cloud gateway, no API polling — authentication rules execute locally in the panel. Supports time-based scheduling, anti-passback, and multi-reader coordination natively.
- Dual-Credential Fallback: The same reader can authenticate both mobile (BLE) and legacy proximity credentials (MIFARE DESFire, HID Prox, etc., depending on reader model). This enables phased migration: deploy mobile to early adopters while end-users continue using cards, then retire card readers once adoption reaches critical mass.
Deployment Considerations:
- BLE range is 10-15 feet line-of-sight — adequate for standard doorways, insufficient for parking-lot gates or perimeter barriers without intermediate relay readers or switched antenna placement. Confirm your door geometry and ambient RF interference (metal frames, heavy concrete) before committing to mobile-only access at remote locations.
- User adoption depends on smartphone availability and Bluetooth enablement. We recommend pairing the CMC-2 rollout with an MDM policy that keeps Bluetooth on during work hours, or prepare a fallback card credential for users who disable BLE to save battery. Zero-credential-option deployments create support tickets.
- Conekt Wallet app requires iOS 12+ or Android 8+; older devices cannot provision credentials. Conduct a device census before full rollout to avoid supporting multiple credential pathways for 18+ months.
- Credential provisioning is real-time OTA (over-the-air), but deprovisioning relies on the DMP panel updating the reader's local cache — ensure your DMP firmware is current and readers are polling the panel regularly (typically every 4-6 hours). Stale reader databases can authenticate revoked credentials for brief windows.
- The CMC-2 is DMP-exclusive; it does not interoperate with Salto, Honeywell, or cloud-based platforms. Audit your site's access architecture before specifying mobile credentials — a mixed-vendor environment will require multiple credential types and reader models.
The DMP CMC-2 is the right fit for organizations running DMP Conekt infrastructure at scale, with modern device policies and high credential turnover. It's a smart upgrade path from proximity cards if your DMP readers already support BLE. For mixed-vendor environments or sites with legacy non-networked access, a cloud-agnostic mobile credential platform (Salto, Kisi) may be a better strategic choice. Explore the DMP catalog to cross-reference compatible Conekt readers and access control panels.
