The ‘New’ Access Credential
Cost, convenience and security are keys to credentialing decisions — today and tomorrow.
The past year has seen a big change in the chatter. Smart cards and biometrics are on the forefront of immediate plans and the talk about NFC and Bluetooth® has shifted from hypothetical to real.
“We are starting to see the paradigm shift,” says Rick Focke, senior product manager, Tyco Security Products, Westford, Mass. “In general the whole ocean is rising a little more towards the higher security side.”
Biometrics, smart cards, near field communications (NFC) and Bluetooth low energy (BLE) are the credential talking points of today and beyond.
The Smart Card Surge
Talking about smart cards is nothing new.
“I think the trend in credentials in the physical sense has been moving for a few years from proximity to smart cards, but it has been a slow moving trend,” says Jeremy Earles, credential business leader, Allegion, Carmel, Ind. “Recently that has started to pick up steam. More customers are seeing the value in smart cards and starting to recognize the security benefits and multiple use cases with smart cards versus older technologies.”
The cost of smart cards has been down to proximity levels for a few years now, eliminating price point as a hurdle to adoption. So that alone doesn’t explain the growing upswing.
“I don’t think it is price related,” says Jimmy Palatsoukas, senior manager of product marketing, Genetec, Inc., Montreal, Quebec. “There is more talk around smart cards today because people are more concerned about both physical and digital security. Proximity systems are also simply aging out.”
End users today want to know about the security of their credential technology, including the software and back end.
“Customers are getting more savvy and realizing as they look at their whole operation, whether it is network or physical security, that is a weak link,” Focke says.
“I think security is a big part of it,” agrees Julian Lovelock, senior director of product marketing, HID Global, Austin, Texas. “Messages around security take a while to sink in. But what we see is the IT and PACS groups working together a lot more closely and they are approaching security in a more holistic way. News events like the Target breach may seem like a stretch, but incidents like that trigger organizations to take a closer look at security overall.”
All these factors add up to the increasing decision to deploy that technology, now.
The Credential of the Future
The security industry is definitely in the midst of change when it comes to credentialing. Smart cards, biometrics and mobile credentials are all individual options right now. However, insiders see great potential for the marriage of two or more of these technologies in the future.
For example, biometrics and phones or smart cards are logical companions.
“NFC or smart cards pair nicely with biometrics,” says Jeremy Earles, Allegion. Putting the two together in some way seems, to many, the logical next step.
“We know mobile credentials are coming and we believe they will be a great way to allow users to carry their biometric with them in their smartphone,” says Gary Jones, MorphoTrak. Biometric readers could even be on the phone itself.
“Biometrics on the phone in the form of a sensor on the device is already here,” Jones adds. “It is good that manufacturers such as Apple and Samsung have taken the first steps to familiarize the public with the concept. The problem right now is with sensor size because it is a limited surface area, making it not very secure. The next stage would be to move it from more consumer sensors to a professional-grade sensor in the device.”
Julian Lovelock, HID Global, sees the wearables market as a potential future direction, taking advantage of the current personal health trend of electronic watches and bracelets tied to smartphones.
“If you have a Bluetooth-enabled smart device there is no reason it can’t be used as an access credential. People are starting to ask questions about that already,” he says.
Biometrics are undergoing a quiet revolution of their own. Like card-based credentials before them, they are looking to increase security, lower cost and overcome some of the obstacles that have kept them, in the past, to their largely “niche” status.
“I am seeing more and more advances in biometrics, including lowering the cost,” says Marcus Logan, senior manager of product marketing for integrated systems, Honeywell Security, Melville, N.Y. “People are also more accepting of using biometrics as a form of identity, particularly the ‘touchless’ forms.”
Like smart cards, biometrics are reaping the benefits of “aging” proximity systems, says Gary Jones, business unit director for biometric access and time solutions (BATS), MorphoTrak, Alexandria, Va. “Traditional proximity cards are starting to be fused with very advanced biometrics. Customers have such a big installed base that it is a daunting move to go to smart cards. Some of them are sticking with proximity and adding biometrics to increase security instead,” Jones observes.
Biometrics have long been the third leg of the security stool. “A lot of customers seek a third factor,” Jones says. “It used to be biometric, card, and PIN, but the transaction speed is significantly slower and the PIN on its own is not seen as a strong credential. We have fused fingerprint and finger vein on the same device and can scan both simultaneously for multi-factor authentication. Now they can have two biometrics and a card as a third factor.”
Contactless biometrics both increase the convenience and also alleviate fears about germs from touching readers with your hand or finger.
Iris at distance and facial recognition are the most well-known forms of this concept. MorphoTrak’s brand new Finger on the Fly applies the concept to fingerprint with a contactless scanner that allows the user to wave their hand in front of a reader, instead of touching it.
“It changes the throughput,” Jones says. “It is truly frictionless where the user can continue on their way without having to slow down or change their behavior in any way.”
Another trend in biometrics is carrying the biometric template with the user instead of storing it locally or centrally.
“In Europe there are different rules for this than we have here in the United States,” says integrator Ken Darr, vice president, LowV Systems, Harrisburg, Pa. “Because of privacy laws, the information is not allowed to be stored in readers. They want that information in the card instead.” The technology is already there, but not widely demanded in the United States yet, he notes.
Kim Humborstad, chief executive officer and co-founder, Zwipe, Oslo, Norway, recently introduced his fingerprint sensor card to the U.S. market.
“It enables the user to carry a credential with their identity on it and have all the information on the card, not shared with a database,” he says. It also incorporates a fingerprint reader on the card, itself. For the American market, Zwipe will include a proximity card version.
“Finally, biometrics is getting a resurgence,” Focke says. “Prices are more reasonable and the performance and functionality are better. We see a number of projects popping up.”
The Mobile Question
Ask just about anyone in the access control industry what the most cutting-edge credential technology is and they will likely say either NFC or BLE — the two current forms of mobile credentialing that are vying for acceptance in the market.
Each has their advantages and drawbacks and no one can say for sure yet whether one will dominate in the future — or whether there will be room for both.
“We have seen a lot of interest in mobile credentialing, but not a lot of adoption so far, says Chris Koetsier, product marketing director, Honeywell Security. “The challenge we see has been the ‘bring-your-own-device’ initiative. NFC technology is not offered on Apple’s iPhones today so there are a fair percentage of people who can’t use it. The second barrier is there has been too much profit pulling in the supply chain, making it cost prohibitive.”
While no one can predict when or if Apple will implement NFC, the industry is actively coming up with workarounds to the second issue.
“We are at the point where we are trying to get the adoption moving along faster,” Earles says. “The newest advancement with NFC, host card emulation (HCE), takes out some of the licensing and profit questions that have plagued the technology. It is more of a software or soft token solution versus a hardware chip inside of the phone that is owned by other parties like the cellular provider. It is based on peer-to-peer communications originally intended for one phone to talk to another,” he describes.
NFC has the advantage of being able to work with many of the currently installed smart card readers as long as you can get the credential “number” down to a device that is NFC-enabled. However, there is still the issue of roughly only 50 percent of U.S. phones having the inherent capability to do it (although there is an aftermarket case for the iPhone that has NFC built in).
“NFC is probably the most cutting-edge credential right now,” Darr says. “The reason it is not standard yet is not all phones are on board at this point. Until Apple has it, you won’t see anything in the industry take off.”
Possibly in reaction to this issue, Bluetooth-based options have really taken off just in the past year or so.
“Fundamentally BLE doesn’t have any of the problems NFC has with provisioning,” Koetsier says. “Historically Bluetooth was difficult to control range-wise, but with the introduction of low power you can now control it down to an inch or two. This kind of innovation has differentiated it. Practically every mobile device has BLE so you don’t have to depend on the cell phone providers.”
The drawback to BLE is it requires a different reader than smart cards and NFC.
“If you have a reader stuck to the wall that is already NFC enabled you don’t have to change the hardware,” Lovelock shares. “But if you want to read BLE, you need to change something. You don’t necessarily need to replace the entire reader, but it does require a modification.”
Industry insiders are divided on which technology they think will prevail, with some saying NFC will win out if and when Apple gets on board. Others think BLE has a better chance due to lower cost and greater availability.
Lovelock doesn’t see the need to choose one or the other, however. “I see those technologies at the end of the day as being reasonably complementary. Any solution worth its salt will be architected to deal with both.”
No one is expecting mobile credentials to leapfrog over decades of cards and become the primary credential choice for many, but their emergence is certainly a game changer.