We are about to embark on a new generation of access control technology in which mechanical keys and even plastic smart cards will either be replaced or at least augmented by digital keys and portable digital identity credentials.
The most basic mobile access control model is to replicate existing card-based access control principles. Using near field communications (NFC) technology, the phone communicates identity information to a reader, which passes the identity to the existing access control system. Based on a pre-defined set of access rights, the access control system would make the decision to unlock the door. This provides a safer and more convenient way to provision, monitor and modify credential security parameters, temporarily issue credentials as needed and cancel credentials when they are lost or stolen. The landscape is undisturbed.
NFC-enabled mobile access control has some basic requirements, including:
• NFC-enabled handsets. Handsets can be equipped with an embedded secure element, such as a subscriber identity module (SIM) or Universal Integrated Circuit Card (UICC)-based secure element, or an add-on device (such as a microSD card) that incorporates a secure element.
• There also must be an ecosystem of devices (i.e., readers, locks, and other hardware) that can read and respond to the digital keys stored in NFC-enabled handsets.
• Finally, there must be a way to manage digital keys – including all identity provisioning/de-provisioning and sharing - within a trusted boundary. This is necessary to ensure a secure channel for communicating identity data objects between validated endpoints so that all transactions between phones, readers and locks can be trusted. To achieve this, a common access control trusted service manager (TSM) must be able to interface seamlessly to the mobile network operator (MNO), its TSM, and the NFC smartphones that will receive the encrypted keys for storage in the secure element, the SIM, or the microSD.
Moving beyond this simple card emulation model, mobile access control can also leverage the smartphone’s on-board intelligence to perform most of the tasks that are currently performed by the access control system. Instead of having a physically connected access control system, a mobile device could leverage its wireless connection to be both the key and the processor, and become the rules engine to make the access control decision.
For instance, smartphones can use their GPS capability to confirm a user’s location, and that he or she has proper authorization to access the area at that specific time of the day. All of this data can be checked against data stored in the cloud. The handset can then send an encrypted signal to the door for it to open. With this model, physical access control systems would no longer need to be hardwired, which would allow a robust, convenient and efficient electronic access control model to be used on interior doors, filing cabinets, and storage units where it previously would have been cost-prohibitive.
To make this model a reality, a new landscape is required, which the industry is now creating. Ideally, handsets must support all four primary operating systems: Apple, Android, Windows and RIM. Additionally, handsets must be equipped with a secure applet to hold the digital keys, an app for the user to interface with, and the actual digital keys. Having an operational card emulation mode in the handset is also a critical element of success.
The hardware for reading digital keys carried in an NFC-enabled handset is also critical, and might include NFC-enabled readers, electromechanical locks, and a wide ecosystem of third-party hardware that supports alternate use applications. These applications might include time and attendance, secure print management, PC secure log-in, biometric template storage, or closed-loop payment within a company cafeteria or at a vending machine.