NFC enabled physical access

As NFC becomes a common function on mobile devices, organisations can leverage the technology for better access control, if they have the right framework, says Harm Radstaak, managing director EMEA, HID Global.

Tags: Access controlHID global ( Field Communication
  • E-Mail
NFC enabled physical access Radstaak: NFC will offer greater flexibility in access control.
By  Harm Radstaak Published  November 21, 2013

The typical checklist we have mentally reviewed as we leave our homes: ‘keys — check; wallet — check; phone — check,’ is expected to get much shorter. As Bring-Your-Own-Device (BYOD) is increasingly becoming commonplace in businesses, near field communications (NFC) enabled smartphones that facilitate mobile access control are ushering in a new era for managing trusted identities in the enterprise environment. Empowering physical access control and PC login from a smartphone is one of the most convenient, secure and attractive capabilities facilitated by developments in the field.

Typically, employees are seeking a more ‘frictionless’ security experience in their day-to-day activities at work, by eliminating the need to carry separate cards, keys and tokens. Businesses are now able to fulfil this requirement thanks to NFC enabled smartphones that can carry digital credentials for mobile access control by embedding user identity credentials on an NFC-enabled smartphone. Consequently, organisations can provide employees with a highly secure solution that enhances convenience.

Until now, a physical, plastic card has been the typical method for securely carrying identity. Access decisions have been made between the card reader and a central panel (or server) that stores the access rules. However, technology advancements have resulted in a smartphone having the capabilities to perform these functions. As a result, the same basic access control methodology proven for decades can be embedded into these smart mobile devices. Deploying such NFC applications in a work environment for everyday use require proper planning, and a suitable technology and provisioning ecosystem.

Ecosystem requirements

There are two key requirements for this virtualised system to seamlessly coexist and integrate with existing physical access control systems:

i. A way for the data to be communicated to an access-control card reader (the equivalent of swiping or presenting a physical card), and

ii. A way to securely manage the identity and authentication information that is carried on the device, from the time of provisioning and throughout its life cycle.

The first requirement is met with near field communications (NFC) technology, a short-range wireless standard that facilitates data exchange across several-centimetre distances. NFC enables users to ‘present’ an embedded credential inside their phones to a reader, in much the same way as they would wave a card in front of it.

The second requirement is met with a new access control platform with a new identity data model that operates within a secure and trusted boundary for cryptographic key delivery. With this new Secure Identity Object (SIO) data model, SIOs are encoded on the credential side, and SIO interpreters enabled on the reader side. These perform functions much like traditional cards and readers, with significantly improved security, performance and portability for use on mobile phones.

All SIO operations between phones with SIO encoded data and card readers occur within a Trusted Identity Platform (TIP) framework, which establishes a secure and trusted boundary for delivering access control solutions on NFC-enabled smartphones. Combined with the proven reliability of smartphone subscriber identity module (SIM) technology, this trust-based TIP boundary creates an extremely secure mobile identity environment.

Within the TIP operating boundary, organisations can issue SIO-based credentials to mobile devices over the air, no matter where they are located or how they are connected, using a convenient, cloud-based provisioning model. This model eliminates credential copying, and enables individuals and organisations to issue temporary credentials as needed, cancel credentials if a device is lost or stolen, and monitor and modify security parameters when required.

To support this trend, identity management will move to the cloud to support straight-forward user login (often from personal devices using the BYOD deployment model) for both Software as a Service (SaaS) and various internal enterprise applications. For example, new company employees can receive digital keys over-the-air to their phones before the first day of work. These and other embedded keys and credentials for both physical and logical access control applications can be issued over-the-air to NFC smartphones with improved convenience and security. While this mobile model streamlines credential distribution, retrieval and cancellation by enabling remote credential management throughout its lifecycle, securing this platform will become critical.

Ease of Transition

NFC technology is a key element of next-generation mobile access control solutions that, combined with a new access control platform and identity data model, will significantly improve the overall system security of a business whilst creating a more flexible access control system infrastructure. In the short-term, despite these tangible benefits of flexibility and user convenience, without widespread industry adoption, NFC-enabled mobile access control is unlikely to completely replace keys and cards in the coming years.

Instead, mobile access credentials embedded in NFC-enabled smartphones will co-exist with cards and badges, so that organisations can implement a choice of smart cards, mobile devices or both within their physical access control system (PACS). Many organisations may still require their employees to carry traditional physical access control smart cards because they are used as a means of photo identification. It will therefore be important for users to plan ahead to support both types of credentials for their physical access control solutions.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code