Digital Access Control Credentials
Stop thinking of access control credentials as strictly physical devices, or cards. Today’s technology brings credentials into the realm of the digital.
For decades, the talk in the access control credential sphere has been smart cards and the (sometimes painfully) slow transition to them. The security industry is historically conservative when it comes to change, particularly when it comes to an item that can affect tens of thousands of users at a given location. However, for the first time in a long time there is a new technology generating so much excitement from the users themselves that the possibility of “leapfrogging” is real. Integrators and manufacturers alike report a strong interest in the talk of the technology world right now: near field communications (NFC).
“I think NFC is much more of a game changer than any innovation we have had in the access control industry in a while,” says Jeremy Earles, marketing manager for readers and credentials, Ingersoll Rand Security Technologies, Carmel, Ind. “From a user’s perspective, I think it will take off quicker than some of the other innovations because there is so much excitement around it. If you move from prox to smart cards, security increases but the user doesn’t see much of a difference. The smartphone is night and day for the user and so much more convenient. End users will drive this transition.”
Still, excitement does not guarantee sales. NFC is a fledgling technology just barely getting off the ground, and it remains to be seen what the cost, practicalities and user experience truly will be.
“Whatever you do has to be easy,” says Rick Focke, senior product manager for Software House, part of Tyco Security Products, Westford, Mass. “Our users are hammering us on ease of use. Look at the process, not just the technology. How do I give this credential, manage it and revoke it? But I do think NFC will go through birthing pains and become a very good solution.”
Another exciting aspect of NFC is the impact it could have on older, but still high-level credentials that have struggled to find their footing in the industry. NFC could not only piggyback on the smart card wave (using the same standards), it may pull it along with it. While further out, the possibilities for marrying biometrics to NFC are interesting. Enabling these possibilities will be this new way of looking at credentials as a digital — and therefore mobile — product able to move from credential to phone to computer and beyond.
“I think the biggest trend right now is really separating the digital credential from the physical,” says Julian Lovelock, senior director, product marketing, HID Global, Irvine, Calif. “Companies that have traditionally thought of themselves as manufacturers or integrators of physical credentials need to shift their thinking to be the providers of digital credentials.”
Smart Card Innovations
Smart cards are probably the most common and accessible “digital” credential right now. Available, cost comparable to proximity, and more secure, these are the credentials most users are looking at when they upgrade, add on or plan for new installations.
“Finally it seems like customers are starting to move at a more rapid rate towards 13.56 smart cards,” says Dennis Geiszler, vice president of marketing, Keri Systems, San Jose, Calif. “Smart card sales that a couple of years ago were at 10 percent are now pushing 20 or 25 percent.”
Cost has come down to the point where there is no reason not to make the switch when possible. However, Geiszler adds, most customers are using the smart card technologies in the same way they used proximity, as a way to read a fixed number on the card, not as a transactional card.
Dave Barnard, director of dealer development, RS2 Technologies, Munster, Ind., agrees with that observation. “We have been selling 13.56 to organizations for quite some time. But honestly, when we go back to clients who had bought smart cards and spent more money to implement it and pay for the extra storage on the card, not one company we can find has actually used it that way yet.”
Rather than features and functions, price and security are driving the switch to smart cards right now, Earles believes. “Security probably trumps additional applications. They are both good reasons to switch, but pairing security with reasonable price is really making people jump to smart technology now.”
The activity in smart cards has ticked up, Focke says. “People are demanding the higher encryption smart cards. But I think the problem with smart cards as far as perception goes is if you didn’t know any better, you wouldn’t know it is smart versus prox. NFC is a whole different animal. People get excited about an app on their smartphone. That said, I still firmly believe in smart cards and we see significant increase in the number of customers asking for them. We are seeing some really good pricing that we can pass on to the customer and I think you will see smart cards overtake proximity.”
Part of this transition process will be helped by technologies such as Mifare (the standard on which many smart cards and NFC technologies are based) and the newer Seos technology available from HID and ASSA ABLOY, which is an NFC-enabled smart card product whose readers can read both Seos and Mifare-based technology.
NFC: Revolution or Evolution?
In practice, the transition between smart cards and NFC may be more evolution than revolution, or even more of a back and forth between the two. Other end users may skip over several generations of technology and go straight for NFC or a smart card/NFC combined solution.
Some see NFC as a digital extension of smart cards and a logical addition to the wider selection of credential choices. “NFC is really a smart card on your phone,” Earles says. “The advantage to the NFC being rolled out now is it is using Mifare classic in most areas, which has been used in security readers for a very long time, so the infrastructure already exists. I think NFC will be a positive for the whole industry and will help the smart card trend because it is a smart-based application. If users don’t want to use their phones they will still have the smart card option and both can be used on the same reader.”
Companies such as Ingersoll Rand with its Mifare-based AptiQ card and future AptiQmobile NFC application that is “less than six months away” and HID with the Seos products that also can be interfaced with NFC are not only preparing for the NFC “revolution,” they are helping drive it.
There are a lot of unknowns in the NFC world right now, from how much it will cost to privacy issues to what to do about picture IDs and dead batteries. But most industry experts agree that NFC will play a role in the near future of access control, and both manufacturers and integrators need to prepare for the inevitable.
“Everything else has been brought into the smartphone now with the exception of keys,” Earles says. “Whatever the next step in cards is, it is not nearly as attractive to end users as the convenience of using their phone.”
This “bring your own device” option to access control credentialing has many potential benefits and challenges.
“You no longer have the logistical overhead of putting into the hand of the end user the physical credential you want them to use,” Lovelock says. “You only have to worry about getting the digital credential to that user’s phone. But the downside to BYOD is you don’t know what the employee will turn up with or what telephone network they will have.”
Indeed, one of the main hurdles to widespread adoption is the NFC-enabled phone population itself. While the newest Android phones are NFC, older ones are not. And Apple has yet to get on board with the ever popular iPhone. (See related article, “The Apple Question,” on page 66.)
“There is a lot of confusion as to who will control this ID, particularly if it is on the handset,” says Scott Lindley, president, Farpointe Data Inc., Sunnyvale, Calif. “Maybe it is Samsung or Apple or Google or Microsoft. Or is it the network provider, ATT, T-Mobile or Verizon? Or is it the application creator? I think it really has to be decided by a meeting between the network and handset providers. It is a little out of security’s hands right now.”
When it does get into security industry hands, it might look something like this: “From our standpoint we have a vault in the cloud where credentials are stored,” says Peter Boriskin, director of product management, commercial EAS, ASSA ABLOY, New Haven, Conn. “They are then delivered to a trusted services manager of the mobile network operator, who are the ones with access to the phone. Then it goes down into the secure element, which could involve the SIM provider as well. There could be a number of folks along the road, including the security integrator or OEM who is selling the credential to the end user. All of these entities are linked in the chain of delivery and therefore there will be cost associated with the work they are doing and for the secure delivery mechanism.”
Although there aren’t enough real “products” yet to really predict the cost, Boriskin and others believe that NFC ultimately will be similar in price to a smart card today.
“Some users think this will be free because it is a virtual credential, but it won’t be,” Focke adds. “However, it has nice benefits, such as the ability to provision a virtual credential across the country to a contractor that automatically expires after a week. I see it more as a credential to be used when desired or needed. It is not going to take the place of anything we have now.”
The $64,000 question with NFC is, of course, when it will be viable. With many readers already capable of reading NFC and companies such as HID and IR starting to roll out actual NFC applications, it is nearer than ever before.
For integrators and their end user customers the time to start thinking about budgeting is now. That doesn’t mean adoption will be instantaneous or even necessarily fast. But it likely will be faster than some of its high-tech competition due to an already primed audience used to doing everything with their phones.
“I think that will help,” Focke says. “It is not going to be 0 to 60, but it may ramp up the dial from 5 to 7. The larger customers have such an installed based of cards and readers that once they get to the reality of budgeting for an upgrade to NFC, who knows? But if they don’t have to do any more cards, that is a savings.”
To make the NFC transition successful for their customers, integrators need to make it easy for them and explain the benefits.
“The people who are most interested in trying this out right now are doing so because it’s cool,” Lovelock adds. “They have a brand centered around mobile or are tech-oriented and want to reflect that.”
Colleges and universities also have a strong interest in NFC, with their transient yet tech-savvy student populations.
“Many people in higher education are looking to move from magnetic stripe, going directly to smart cards and also trying to future-proof themselves to handle mobile devices,” Boriskin says. “You see this leapfrogging phenomenon both in the college and university market, as well as in the commercial market. As people move away from proximity they are moving to multi-technology readers. They know what is out there and they have some desire for that newer technology. We don’t see it as an either/or, more of an ‘and.’ We are thinking about how NFC might be used most efficiently. But culturally we all walk around with our phones. NFC really has the ease-of-use component that pushes people to it.”
The Apple Question
No talk of NFC can be complete without considering the big question of when Apple will enable its iPhone with the technology. While aftermarket cases exist right now to turn the iPhone into an NFC-enabled device, nothing will give this technology a boost like having Apple get on board with a native application.
Apple’s purchase of AuthenTec in 2012 not only fueled rumors of a fingerprint biometric being added to the phone, but also NFC as well. Nobody but Apple executives knows what is really planned for iPhone6, but the potential implications of NFC being added are huge for the security industry.
“I think a part of the success of NFC in the security industry will depend on whether Apple integrates NFC in its next phone,” says Scott Lindley at Farpointe Data.
Rick Focke of Software House, part of Tyco Security Products, agrees about Apple’s involvement. “I have heard that they are hitting the bandwagon. I have also heard that the reason they are slow to do it is to make sure they get their share of the revenue. Really you have to work out the whole back end of things before it really takes off. But I think if Apple does put NFC in the iPhone that is an admission, ‘Okay, we are ready. Let’s go.’ It gives NFC legitimacy. If Apple is fine with it, I guess it’s ‘real.’”
It is a case of which comes first. That Apple is hedging their bets is almost a given, adds Dave Barnard of RS2 Technologies. “I don’t know that we will see it in iPhone 6. Apple is a marketing machine on steroids. Once they see NFC getting closer to real world full-blown viability that will be one of the tools they use to sell another version of iPhone, whether that is 6, 7, 9 or 10. If iPhone 6 comes out with NFC built in, it will ramp up the NFC initiative, but my personal opinion is that NFC will pull through the iPhone versus the iPhone pulling through NFC. I don’t think they will try to drive it. I think they will put it in so they don’t fall behind.”
Julian Lovelock with HID Global is watching Apple closely. “No I don’t have any insight into Apple. But as someone who works with a company that has a vested interest, my expectation is that they will include it. Apple thinks more broadly about the ecosystem than Samsung. They want to understand it first. Do I think it will be a game changer? To some extent, yes, but I am nervous about using that phrase. It would certainly give huge impetus with the market share they have.”
While the lion’s share of attention these days is being given to NFC, there are in fact other radios located in smartphones that are much more prevalent and could potentially (and sometimes already do) serve the same security function without the back end complications.
“If you look at the smartphone today, it has multiple means of communication,” says Scott Lindley of Farpointe Data. “You can use the cellular network, for example. Some security products are an application that you can pull up, type in a PIN number to release a gate or a door, etc.”
One of the most prevalent radios available today in smartphones is Bluetooth, Lindley adds. “The Bluetooth chipset has really evolved in the past decade from something intended as a personal area network for voice to being able to control a mouse, keyboard or printer. Personally I think Bluetooth is one of the biggest overlooked technologies out there and one the security industry should keep an eye on.”
While a dark horse for security applications, Bluetooth has the advantage of ubiquity. The challenges are security and power.
“Bluetooth is sort of like a very long serial number being read,” says Rick Focke at Software House, part of Tyco Security Products. “The odds of guessing it are pretty low but it could be cloned. It doesn’t have the same encryption standards. But we are open to how it shakes out. It is pretty interesting as a technology. If you added security to it, there is no back end needed so it could be less expensive. There would be no need to pay network operators to get it on your phone. It is just there.”
HID has looked at Bluetooth and doesn’t rule it out, says Julian Lovelock with HID Global. “As we are developing our Seos technology, the premise is to support identify transaction over any channel that is considered secure. That might be NFC, but it might also be Bluetooth. Bluetooth requires a power source for the credential, however, and is more complex to create. It has idiosyncrasies, pros and cons, but we are very much interested in how we can provide digital credentials over both.”