Daniel Bailiin, director of strategic innovation, HID Global
The latest access control systems improve security while enabling mobile devices to be used as credentials, significantly improving convenience while delivering a better user experience. Mobile access control simplifies the secure identity management process for facility access, while also paving the way for solutions that can integrate multi-layered physical access control (PACS) and IT security into unified systems.
Other exciting developments include the emergence of gesture technology that makes long-range door opening both safe and convenient, new mobile credential form factors such as smart watches, wristbands and other wearables, and the emergence of biometric authentication to further improve mobile access security and convenience.
With today’s mobile access technologies, smart devices can be used as universal credentials for accessing multiple buildings, IT systems and other applications using NFC and Bluetooth. These devices provide users with extremely convenient vehicles for opening doors and performing other tasks that require the presentation of a secure credential.
There are a number of prerequisites for deploying mobile access control. It is important that the solution supports the broadest possible range of mobile phones, without having to insert the device into a sleeve or slide if it doesn’t support certain features. This ensures that users can choose freely from among today’s wide range of commercially available devices.
Also important is the ability to use a single reader that simultaneously supports existing legacy ID cards as well as Mobile IDs. Finally, it must be easy for system administrators to issue and revoke Mobile IDs using a fast and straightforward process, and for users to download the necessary apps with which to receive them.
Beyond these basic prerequisites, the access control system must also be capable of scaling and adapting as requirements change and security threats evolve. This requires an access control platform that supports open standards so that organizations can add features and upgrade their security capabilities when necessary.
Today’s solutions meet each of these prerequisites, providing everything that is needed for deployment, along with end-to-end identity management and an easy path to future mobile applications. These solutions enable organizations to immediately begin using Bluetooth Smart- and NFC-enabled smartphones and other mobile devices as an alternative to metal keys and smart cards in today’s increasingly popular BYOD mobility environment.
Basic components of these solutions include mobile-enabled readers, Mobile IDs, Mobile Access apps, and access to cloud-based portals that administrators can use to manage users and issue or revoke Mobile IDs over the air. Ideally, readers should also be interoperable with 125 kHz Prox and high-frequency technologies to optimize flexibility for using both cards and mobile devices.
Bluetooth and gestures
Today’s mobile access solutions should also take advantage of Bluetooth Smart connections and new advancements in gesture technology so that users can unlock doors from a distance.
Physical access control has historically relied on close-range “tap” transactions (directly tapping an RFID card to a reader) to authenticate a user and open a door. Logical access control has used the same tap authentication model, but this precludes such desirable use cases as automatically locking the laptop when a user walks a certain distance away from it. Achieving this longer-distance transaction capability results in a new model that increases security while also improving convenience – two concepts that have typically been mutually exclusive.
While the most common RFID card technologies for tap transactions typically have a read range of only 1-3 centimeters, Bluetooth extends the transaction distance that systems can manage from a few cm to many meters, making it an ideal choice for the longer-range authentication model with mobile devices.
A new and special feature of Bluetooth Smart is the ability to configure this read range allowing the user to determine if a phone should be tapped to a reader in order to open a door, or if longer-range activation should be used. When this Bluetooth connection is combined with gesture technology, users can open doors from these longer distances by rotating their smartphone as they approach a mobile-enabled reader.
In addition to improving the user experience, gesture-based access control will also increase speed, and minimize the possibility of a rogue device surreptitiously stealing the user’s credential in a “bump and clone” attack.
Bringing wearables and biometrics into the mobile mix
The benefits of mobile access will only grow as new devices are added to the product ecosystem. For instance, adding wearables to the ecosystem will give users the freedom to leave home with nothing but a digital wristband carrying their ID.
Plus, as wearables join smartphones and other mobile devices for access control, we will see greater momentum behind biometric authentication models. We’re already seeing the growing adoption of mobile biometrics for payment applications.
The latest solutions focus less on technology and more on the user experience, taking a key step toward the long-time goal of killing PINs and passwords by making it easier to know if someone is who he or she claims to be. As this model grows in popularity along with the value of the transactions it protects, there will be new pressures to provide even better security.
Sensor advancements will help here, along with improvements in privacy, encryption, tamper protection and anti-spoofing capabilities. Other innovative use cases include “binding” a person to a device such as a key fob with a fingerprint sensor – all without deploying biometrics readers – for multi-factor authentication.
Meanwhile, as mobile credential delivery and management elevates in importance, we will have the opportunity to use cloud-based solutions into which all entities have been biometrically authenticated. Growing adoption of mobile access will also drive the move to centralized access control. This will not only make it easier to accommodate a combination of cards, phones, wearables, but also enable organizations to combine secure physical and logical access as part of their facility and IT access strategies.
Mobile helps drive security convergence
With the adoption of mobile access, cards and phones are already converging into centralized identity management systems. The ultimate objective goes beyond supporting both form factors, though. Even more valuable is the ability to use either form factor – or both – to secure access to the door, to data and to cloud applications, while providing a seamless user experience.
Developments in converged back-of-house technologies are enabling strong authentication and card-management capabilities for computer and network logon, while also ensuring that physical and logical identities can be managed on a combination of plastic cards, smartphones and other mobile devices.
There are numerous benefits to be realized by provisioning IT and PACS credentials to a single smart card or smartphone, using one set of processes.
First, it will improve convenience. Second, this approach can greatly enhance security and reduce ongoing operational costs. It also enables organizations centralize identity and access management, consolidate workflows and tasks, and proliferate strong authentication throughout their infrastructure to protect access to all key physical and IT resources.
As both physical and online access applications merge onto cards and many types of mobile devices, there are other issues to consider. Organizations will no longer be able to assign a single ID to each user for all applications. Instead, their systems will need to be capable of managing multiple IDs, for multiple applications, on multiple devices. The coming generation of identify management system will support this requirement, and enable individual groups to independently manage their own application and identity lifecycle needs.
Securing The Mobile Promise
Mobile access has opened a new chapter in the creation and management of digital identities. Moving forward, the adoption of mobile access and new credential form factors such as wearables will create new opportunities for innovative use cases beyond simply opening doors or converged physical security and PC login.
Users will be able to tap in to a growing range of applications, and open doors from a distance with gesture technology. At the same time, administrators will benefit from an access control ecosystem that provides a seamless user experience and can flexibly scale and adapt while delivering increased value to the organization. Moving forward, we will also see the implementation of biometric authentication on mobile platforms to further improve security and convenience.
In order to realize this vision, organizations must deploy solutions that support the broadest possible range of available handsets as well as legacy ID cards. These solutions also must be designed using open standards so they can adapt to new requirements and capabilities in the future as the industry quickly moves to a wide variety of new device platforms, biometric authentication models, and unified cloud-based systems for PACS and IT credential management.