Access Credentials For a Connected World
Industry heavyweights discuss recent trends and where access control credentials are headed next.
The access control credential has for a long time been “stuck” — at least in the U.S. — on one particular technology: proximity. The reasons for that, over the years, have included price, convenience, and sheer volume. Despite efforts to move to smart cards, the security world remained happy with proximity. But the rest of the security and consumer space has moved along quickly, particularly in recent years. Cloud, convergence, cybersecurity and other high-level trends are now affecting the credential market in a bigger and bigger way, as the security of the credential, along with new form factors (from mobile devices to wearables to a recent surge in biometrics) changes the way users think about what they can do with their access control credential.
Added to that, the cost of smart cards is now nearly even with proximity, while adding security, and many are starting to predict the end of the proximity era. In fact, the research firm IHS predicts the market for smart cards will grow from an estimated 8.8 billion shipped in 2015 to almost 11 billion in 2020, led primarily by payment and banking, e-government, healthcare and transportation. But multi-application and mobile devices are also on the rise.
“Within this increasingly connected world, the demand for securing interactions is paramount, and smart card suppliers still have a key role to play in this ever-converging world,” IHS Senior Analyst Don Tait said in a press release. “Customers … need easy-to-implement security solutions that seamlessly integrate their current applications, systems and processes.”
SDM spoke with five prominent manufacturers in the access control credential space — Stefan Widing, president and CEO of HID Global, Austin, Texas; Ken Geiszler, president and CEO, Keri Systems, San Jose, Calif; Scott Lindley, president, Farpointe Data, Sunnyvale, Calif.; Chris Wilson, product manager for Paxton Inc., Greenville, S.C.; and Peter Boriskin, vice president of commercial management, ASSA ABLOY Americas, New Haven, Conn. — to get their take on these trends, the current state of the credential market, and what they see coming in the next five years.
SDM: What are the biggest trends right now in the access control credential space?
Geiszler: Biometrics continue to be one of the fastest growing technologies, although we still see places where they are misapplied as a primary identification technology in hard-to-read populations. Smart cards have taken over from the radical 125KHz prox card but the U.S. is considerably behind the rest of the world adopting them. Much like the antiquated U.S. credit card system, the U.S. security space is still in love with the read range of prox cards and is hesitant to replace existing prox infrastructure. We have just released a line of biometric readers and in Q3, will be releasing a line of smart card readers with a more secure interface than Wiegand.
Wilson:End users want the convenience of using common technologies and credentials across multiple systems for both physical and logical user verification. They want a unified credential that can be used across all the connected platforms we interact with daily. For example, we currently offer a Bluetooth application for use with our net10 reader and smartpoint, allowing users to have a credential emailed to them. This can be used for a single-use visitor, or a daily use employee for access.
Lindley: For the last year, there has been great interest in 433 MHz long-range reading. At the recent ISC West conference, easily one out of three visitors to the Farpointe booth specifically wanted to discuss our Ranger long-range identification technology. If a site requires employees to access both a parking structure and an entrance door, the long-range solution will let the user access both with a single transmitter.
Widing: Some of the biggest trends are in the area of mobility, and HID Global has launched an initiative to help customers create a more convenient, trusted and secure experience in today’s increasingly connected and mobile-first world. (See “Will Competitive ‘Partners’ Change the Game?” on page 86.) There is a rapidly growing realization that the viable approach is to ensure that all transactions related to over-the-air issuance and the managing and presenting of credentials using mobile phones are conducted in a highly secure, closed-circuit environment protected by end-to-end encryption.
Boriskin: One major trend is the moving of credentials to non-traditional devices. Use of devices such as mobile phones, tablets, and wearables will continue to become more popular. Additionally, now that we have been able to increase security for these credentials we will see their use expanded beyond access control to areas such as secured printing, transit and even vending machines.
SDM: How secure are access control credentials today and what are you, as a manufacturer, doing to increase security?
Boriskin: We have put a lot of effort into increasing the security of credentials. This includes leveraging what we receive from the National Institute of Standards and Technology (NIST) as well as strong encryption and secure authentication and authorization when accessing information.
Widing: We have continued to increase security while improving convenience and the user experience. HID Global is now helping the industry enter a new chapter: connected identities for a connected world that are used on a variety of devices for a growing range of existing and new applications. Multi-layered security strategies protect these connected identities, and biometrics offers the potential to eliminate digital identity theft while making security even more convenient.
Wilson: Traditional access control credentials have evolved from barium ferrite cards, to mag stripe cards, to proximity cards, and now to “smart” proximity cards. As each of these technologies has come in we have added reliability, longevity, and security to the credentials offered. At Paxton we offer standard proximity cards along with higher security offerings for those sites that require additional verification between the card and reader for security purposes.
Geiszler: Smart card credentials are far more secure than the typical 125KHz prox cards favored by the U.S. These cards present a significant liability to the U.S. infrastructure for higher security applications. The rest of the world embraced smart card technology years ago but the U.S. has such a large installed base of prox cards, it has been much slower to move to smart cards.
SDM: With such a large hold on the market, what do you predict will be the lifespan of proximity?
Geiszler: We expect the 125KHz prox card market to be overtaken by the smart card market within three years for new installations in the U.S. That being said, there are so many installations that already have existing prox card infrastructure that the total number of prox cards being sold will still exceed smart cards for close to 10 years as users continue to extend the life of existing systems.
Boriskin: We are definitely seeing smart card growth dramatically outpace proximity card and that trend is continuing but I don’t think you will see the technology completely disappear.
Wilson: Traditional proximity, as we know it today, will remain in the market for at least another five years. Many early adopters have started to consider alternatives, but the majority are still not adopting these more advanced technology options for various reasons, such as cost, unfamiliar technology, or lack of support from their installer.
Lindley: Proximity has been the identification technology of choice and will be around a long time simply because it is so entrenched and still working very well for very many people. Proximity offers the unique combination of read range, speed and installation ease. For most, there is no reason to change out their proximity systems; plus, many new systems are still deploying proximity. With that said, contactless smart cards will augment proximity even more quickly over the next three to five years. At often a cost comparable to proximity card systems, smart card systems may be more secure and can be used for applications beyond access control.
SDM: What about mobile credentials? Where is the market in terms of adopting them?
Widing: The market is maturing rapidly. HID Global recently announced the latest progress in its mobility initiative, including the addition of services and support, as well as partnerships that extend today’s mobility ecosystem. (See “HID Goes Mobile & Beyond,” page 82.) Our SDKs make it easier to integrate encrypted credential provisioning technology onto phones, and to implement the cloud services and portals that are required for managing IDs. They also are what enable ecosystem partners in a healthy market to extend use cases across a growing range of market segments, and to create innovative, customized mobile access solutions that can be fully integrated into their back-end systems.
Geiszler: There is a lot of buzz about mobile credentials but mainstream acceptance as a primary credential is still a ways off. Phones are frequently traded in and rely on a battery that must be charged to work which means that every day, there’s a small percentage of the population that doesn’t have the credential.
Lindley:Bluetooth Low Energy (BLE) will probably do what Near Field Communication (NFC) was supposed to do. Today, in the hospitality market, we are starting to see smart mobile phones used as room keys for hotel room access. We don’t know yet if it will ultimately be BLE or a further iteration of Bluetooth, but my opinion is that this will be a must-have in a few years. It could even be wearables. Mobile technology is ubiquitous and can be used in so many different ways. I think that is an idea customers will want and is absolutely a trend.
Wilson: Certainly there are more end users willing to adopt a mobile credential technology. Ensuring mobile credentials are implemented where and when they make sense is important to make sure the end user has a good experience and continues to adopt them more broadly. The onset of the smart home and intelligent building has made way for users to feel much more confident about utilizing this technology.
SDM: Where do you see the access control credential heading in the next five years?
Geiszler: Biometric solutions will take over the traditional password-driven infrastructure for secure log-in and authentication and those applications, in turn, will make further inroads into physical security. The traditional Wiegand interface is the other Achilles heel in the security industry and one that doesn’t get enough exposure. True bi-directional communication will allow for a much more secure reader interface.
Wilson: Many access credentials will certainly move to more convenient and interconnected options. It is possible to use a smartphone as a credential and control access from wearables and other unified technology. This will allow the end user to come and go as they want without having to think about using a credential. The pace of technology, along with customer expectations, is continuing to climb rapidly.
Lindley: One trend is toward higher security. Another is mobile. Many smartphones today include powerful communications technologies including cellular, data, Wi-Fi and BLE. They also include audio and video functions, as well as advanced biometrics. We’re seeing systems making use of smartphones as keys for residential and now hotel room access. It won’t be long until traditional EAC solutions will have to answer with viable solutions. Finally, don’t count out traditional credentials, such as cards and tags. They are convenient, reading through most materials and putting an end to fumbling through a purse or wallet. And, they offer fantastic branding platforms, helping the channel to promote credential reorders, generate new leads and, generally, build their business.
Boriskin: We will see more devices supporting mobile credentials. Once a secure infrastructure is in place you begin to open up the possibilities for many other uses. Vending and parking are just a couple of examples but the potential is there to go far beyond into other areas as well.
Widing: Security challenges addressed by access control credential technology will grow in today’s increasingly connected world, and will be solved in ways that combat threats without sacrificing convenience, as part of a more satisfying, mobile-centric experience at home, work, on the road and online. Security will become more pervasive and personalized, seamless and frictionless, and adaptive to the user rather than the other way around. A secure mobile experience will not only make us safer, but will also fuel further innovation in how services are offered and delivered. Meanwhile, there will be growing user demand for greater privacy protection as we use our identity across a growing number of connected aliases, credentials, applications and permission parameters in both the physical and digital worlds. Finally, security policies and deployment best practices will be as important as technology advancements, as more organizations realize that even the most advanced technology is only as secure as the best practices that support them.
HID Goes Mobile & Beyond
Some of the more important credentialing trends are in the area of mobility, and HID Global has launched an initiative to help customers create a more convenient, trusted and secure experience in today’s increasingly connected and mobile-first world. Key elements include:
• Mobile access solutions that serve as “digital keychains.” HID Global has enabled mobile phones and other smart devices to connect trusted identities to many secure services and capabilities, enabling security to be seamlessly absorbed into corporate culture and daily routines. HID Global is also working with major industry players to extend the benefits of our Seos technology to large mobile ecosystems.
• Mobile push notification solutions for digital banking. We can also use our trusted identity on mobile phones to approve financial transactions in a secure manner before execution.
• Tap authentication to simplify computer log-on by eliminating separate tokens. Our solutions enable users to authenticate to enterprise cloud applications and Web services by simply tapping their mobile device with the same smart card they use to open doors. Soon, this tap authentication experience also will be possible with a mobile device.
• Trusted Tag services for securely connecting trusted identities and objects. We enable organizations to verify an individual’s presence at the exact moment when he or she taps a phone to an HID Trusted Tag and is authenticated through the cloud using HID Trusted Tag Services.
• Biometrics solutions that eliminate identity theft. As the only available way to bind myriad digital and physical credentials to our one true identity, biometrics is helping to eliminate digital identity theft in today’s increasingly complex and vulnerable digital environment. Watch for solutions that combine biometric liveness detection with other security layers to greatly enhance our digital security.
Contributed by Stefan Widing, president and CEO of HID Global, Austin, Texas
Will Competitive ‘Partners’ Change the Game?
Recently, HID and NXP Semiconductors announced a partnership designed to “forward the adoption of mobile solutions.” According to Stefan Widing, president and CEO of HIG Global, “The HID Global Seos credential technology will be embedded in NXP’s SmartMX-based secure element devices. Through the collaboration, NXP and HID Global aim to enable the use of wearable devices, to open electronic locks at commercial buildings, hotels and workplaces in the future.”
IHS analyst Andrew Derricott weighed in on the potential impact of this partnership, which was announced at ISC West in April:
“Although NXP Semiconductors and HID Global have long been amicable competitors, the recent announcement of their strategic collaboration agreement enabling the use of wearable devices to open electronic locks highlights just how close they have become.
“NXP’s MIFARE solutions have always played a big role in the access control credentials market, but the launch of MIFARE DESFire EV1 and EV2 meant that it was going to start to really challenge HID. HID is a major player in the access control market and its iClass readers and credentials are a staple product, especially in North America. As the credentials market is rapidly evolving, this collaboration agreement illustrates the comparative importance of mining new opportunities, over competitive concerns.
“The credentials market — especially for payments, transportation ticketing and e-government — is rapidly converging on mobile device platforms, but until now the access control industry has not jumped on the mobile bandwagon. The focus on getting HID Global Seos credential technology onto NXP’s SmartMX NFC chip is a leap forward for both companies in the mobile space. The SmartMX chip has already been used in the German electronic identification card, and it is expected to play an important role in getting more smart devices mobile-ready.
“The launch of HID’s mobility solutions, coupled with NXP’s strong SmartMX chip, is a natural partnership to tackle wearable devices — one of the biggest potential markets in the access control space in the next five years. This agreement will put pressure on LEGIC Connect and other competing solutions, as they now face an aligned grouping of two forward-looking companies in this industry.
“Greater collaboration between HID and NXP in mobile credentialing means that these companies may become the de facto standards authority. While HID and NXP are still supplying two competitive smart card standards, that issue is dwarfed by the rewards that could be reaped by an open mobile access control solution.”