What Are You Looking For?

Banner
News

Can I control the turnstile through Bluetooth on my phone?

Oct 21, 2025

一, Technical principle: How Bluetooth communication controls the gate
1. The basic structure of Bluetooth communication
The main part of mobile Bluetooth-controlled turnstiles is the Bluetooth Low Energy (BLE) protocol's capacity to send and receive messages in both directions. BLE works in the 2.4GHz frequency spectrum and uses GATT (General Attribute Profile) to send and receive data between devices. Some of its features are:
Low power utilization: it only uses 0.1mW of power while it's not in use, and one charge can last for several months of use;
Not very far: Typical coverage range is 10 to 30 meters, which is good for the area around the gate;
Quick connection: The connection time is less than three seconds, which is enough to satisfy the needs of heavy traffic during peak hours.
2. Bluetooth adaption at the end of the gate
To do the following, the turnstile has to have a Bluetooth module (such the Nordic nRF52 series) that connects to the main control board of the turnstile using UART or SPI:

Receiving broadcast packets: Keep an eye on certain UUID (Universal Unique Identifier) broadcast packets that mobile phones send;
Check for permission: Look at the dynamic token in the broadcast package (such the timestamp and hash value of the device ID) and see how it compares to the cloud or local database.
Issuing control commands: After checking, a relay or motor driving circuit controls the wing rotation.
3. How to interact with mobile devices
The user's phone needs to install an app that works with it. The steps are as follows:

Bluetooth permission is turned on: Users must give the app permission to use Bluetooth for the first time;
Dynamic Token Generation: The APP makes encrypted tokens (such AES-128 encryption) every 60 seconds and sends them out in broadcast packets.
Gate response: The gate sends back the verification result through reverse communication (like the BLE Write capability) after getting the token.
Traffic feedback: The APP shows "Verification successful" and opens the gate while keeping a record of the traffic.
二, Normal use case: Full coverage from stores to neighborhoods
1. Unmanned Supermarket: Making things safer and more efficient
In this scenario, a 24-hour unmanned supermarket uses a "mobile Bluetooth+facial recognition" dual factor gate. Before they can use the APP, users must link their payment account to it and verify their true name.
How to do it technically:

The gate has a dual-mode Bluetooth module and works with the BLE 5.0 protocol. When the user gets close to the gate, the app automatically sends an encrypted token that is activated after the gate verification is complete.
The system immediately changes to Bluetooth authentication to make sure that people may get through smoothly if facial recognition doesn't work (like when someone is wearing a mask).
Effect: The number of people that come to the store every day goes up from 800 to 1200, while the number of people who are turned away for no reason goes down from 5% to 0.3%.
2. Community access control: easy access and permission management
Description of the situation: A high-end community replaces regular access cards with Bluetooth virtual cards. This lets homeowners give permission to visitors from their phones.
How to do it technically:

The gate has Bluetooth and NFC dual-mode modules built in, so mobile phones, access cards, and license plates can all go through in different ways.
The owner's app can specify temporary rights (such valid for 2 hours), which will automatically start verification when someone gets close to the gate.
The technology keeps track of all traffic logs and sends any strange behavior, such repeated verification, to the property administration in real time.
Effect: This approach makes managing visitors 40% more efficient and gets rid of the risk of access card duplication.
3. A place for transportation: redirection of peak passenger flow
Description of the scenario: A metro station is testing a "mobile Bluetooth+QR code" composite gate that lets subway app users pass through quickly.
How to do it technically:

The gate has a high-speed Bluetooth module that can verify in less than 300 milliseconds. When a user enters the station, the app sends a Bluetooth token, and the money is automatically taken out when they leave.
To stop people from driving too close to the gate, the system changes the angle of the opening (for example, 0° to 90°).
Effect: During the test phase, the rate of people getting through the gate went from 1.2 people per second to 2.5 people per second, and the wait time during busy times was cut by 60%.
三, Problems and solutions for security: Making communication links that people may trust
1. Risk of a man-in-the-middle attack (MITM)
Threat description: Attackers use fake Bluetooth broadcast packets to intercept or change traffic directions.
Answer:

Dynamic Token: The token changes every 60 seconds and makes a hash value depending on the device ID and timestamp.
Two-way authentication: The gateway and mobile app use the ECDH key exchange protocol to set up a secure channel.
Using Bluetooth adaptive frequency hopping (AFH) to avoid interference with fixed channels is an example of frequency hopping technology.
2. The possibility of cloning Bluetooth devices
Description of the threat: Attackers copy the Bluetooth MAC address and name of real devices to make fake access permissions.
Answer:

Device fingerprint: The gateway makes a unique fingerprint for the mobile phone by recording the Bluetooth signal strength (RSSI), transmission delay, and other features.
Whitelist system: Only devices that have already been registered can connect. If an unlawful device tries to connect, an alarm goes off.
Security Mode 3: Turn on Bluetooth link layer encryption to stop people from faking MAC addresses.
3. The chance that private information will leak
What the threat is: Someone has gotten the user access logs saved in the gate or app without permission.
Answer:

Data anonymization: The traffic log just keeps the hash value of the device ID and doesn't keep any genuine information about the user.
End-to-end encryption means that all communication data is encrypted using AES-256. The hardware security module (HSM) on the device makes the key.
Compliance Audit: Do frequent penetration tests to make sure you are following privacy laws like the GDPR.
Automatic Pedestrian Speed Lanes

Home

Products

skype

whatsapp