Last but not least, it is critically important that there be an ecosystem of service providers who can deliver and manage mobile credentials, including mobile network operators and TSMs. There are a variety of perspectives regarding what types of organizations this mobile ecosystem will include and how it will develop over time. The timing and development of this ecosystem will have an impact on how quickly NFC is adopted for any application, from mobile payment to transport ticketing to access control.
Lessons Learned in the Enterprise
A recently convened a group of end-users and consultants discussed results from the industry’s first series of pilots exploring the benefits of mobile access control in enterprise deployments. The roundtable discussion included executives from Netflix, Good Technology, Equifax and Microsoft. Each of the panel participants talked about the importance of an optimized user experience, and described the expected security benefits of mobile access control, the importance of broad product and service choices, as well as a comprehensive industry ecosystem.
Netflix sees mobile access control as a way to make overall physical access not only more secure, but also more convenient for users. The idea of mutually authenticated mobile credentials and readers using robust cryptography and open standards with over-the-air provisioning is also very appealing. Netflix wanted to treat physical access just like any other entitlement from an IT perspective, and tightly couple the two; in other words, access to a particular web server or system should be very similar to how physical access at a door reader is granted to an employee. The company had already been onboarding new employees with a paperless process, and the facilities team was anxious to see how users would react to a new mobile model.
Netflix also knew that people treat their cellphone almost like an extension of their ID – they have their conversations on these devices, and the devices are authenticated by their bank or financial institution on them, so they know they can trust them.
In the Good Technology pilot, employees who were not involved in the program were seen pulling out their phones and trying to present them to the readers to see if they could also open doors. The company issued a notification that this was a pilot and only the phones given to pilot participants could be used to open doors. A large volume of requests followed, asking how to get involved.
Additionally, Good Technology said pilot participants were able to get through doors with almost no training at all. Equifax said the company had initially been concerned that it might be difficult for users to find the “sweet spot” as they positioned the phone close to the reader, but found that the process was identical to that of using a traditional plastic card. Equifax also wanted to see if there were any communications or interference challenges associated with presenting phones to readers that were installed next to the metal turnstiles in its headquarters building, but this was also not an issue.
One issue that both Netflix and Good emphasized was the need for widely available NFC-enabled phones and solutions that are based on open standards to simplify adoption, especially in a world of bring your own device (BYOD) deployment and IT consumerization. Netflix employees clearly wanted a high level of choice related to the types of devices they can use. It also will be important that all solutions be hardware and platform independent, and based on open standards. Panel members felt there was a critical need for everyone in the industry to be in lockstep and contributing to a shared vision for the deployment and use of mobile credentials. Network operators will also be a key part of this equation and provisioning process.