Today's mobile phones do much more than make and receive calls and now serve as calendars, cameras and game consoles. Thanks to Near Field Communications (NFC) technology, another valuable tool can also be loaded onto your phone-your keys.
NFC is the short-range high-frequency wireless communications technology that enables electronic devices to exchange information. This information can include contactless credentials which serve as virtual keys or access control cards for opening doors. Contactless credentials are already available as fobs and plastic access cards that can be programmed to provide various levels of facility access. These same contactless credentials can now be sent over a cellular or Wi-Fi connection to a mobile handset, eliminating the need to carry any other access credentials while making it easier for security managers to track who's entering and exiting monitored access points.
Making it secure
NFC makes this possible, but the only way to make it secure is by establishing an identity methodology based on a comprehensive chain of custody in which all system end points can be validated so that identity transactions between them can be trusted at any time. Trusting the identification of a person, computer, Web site, check, or a credit card has always been the basis for modern transactional systems, yet the effort required to authenticate them has grown exponentially. Three basic building blocks for constructing and using trusted identities are un-forgeable signatures, shared secrets and tamper-resistant hardware. Happily, there are many commercial offerings of each of these basic blocks.
So, all we have to do is pick the right basic blocks for a particular situation and we're OK, right? This is easier said than done. But one particular property of secure identity systems does simplify this problem; like mobile networks, they are closed systems. To use them, you must complete a background check and sign a legal document to construct the basic blocks describing your identity. It's this strong authentication and binding that endows a secure identity system's basic blocks with inherent trust. To even have a current and valid set of identity blocks means that you have passed this bar and are a member in good standing of the closed system. It also means that the blocks and the systems supporting them can be simpler and constructed so that they "plug and play" using industry standards.
An example of this type of trusted system is HID's Trusted Identity Platform (TIP), which turns access control readers, laptops, NFC-equipped mobile phones and other products into trusted identity nodes that can be securely provisioned regardless of where they are or how they're connected. The TIP vault issues secure identity objects (SIOs) to each TIP-enabled node, managing them under the control of a key-management policy statement. The SIOs are sent to the TIP nodes using a secure messaging protocol (SNMPv3) and each node includes an interpreter mechanism to process the TIP message.
The TIP architecture is fully scalable, its transmission protocol and encryption models are standards-based and it can support multiple usage models including cloud-based applications that require service delivery across the Internet without compromising security. NFC-enabled mobile phones will be able to support TIP and hence may be configured to be TIP endpoints. As registered TIP nodes, these phones may download SIOs that enable card emulation (i.e. virtual cards) and can also enable more complex access control applications including implementing access control rules interpreted by the NFC phone itself.
NFC-based access systems will usher in a new era of more convenient and secure transactions. Delivering on this promise, however, will require a simple but protected, fully scalable and standards-based identity delivery system that can support identity nodes-ranging from readers and cards to NFC-equipped mobile phones-that each can be registered as a "trusted node" so that it can be securely provisioned anywhere in the world.
