Access Control & Identity: Got NFC?

Once phone manufacturing technology catches up, Near Field Communications (NFC) on cell phones promises to be a secure, effective solution for access control.

With NFC, users simply wave their cellphone, instead of an access badge, at a reader, as a credential for access to labs, office suites or other secured areas.

“NFC is an exciting and promising technology for the electronic security industry but for the most part it’s still in the pilot program phase in the U.S. market,” said Ron Oetjen, president of Intelligent Access Systems (IAS) in Garner, N.C. IAS has offices in Atlanta, Raleigh and Pittsburgh. Today, IAS is consulting its clients on the technology and helping them with the considerations for adding NFC to their technology roadmap.

“NFC is becoming an important check-box in vendor selection for many of our customers,” added Ayman S. Ashour, CEO of Identive Group Inc., Santa Ana, Calif. “We are beginning to see NFC create new markets for our integrators in residential, hospitality and other environments wishing to make access more convenient for people while lowering the overall credential costs.”

Sarah Ledwith, marketing manager, colleges and universities with the CBORD Group Inc., Ithaca, N.Y., said the learning curve with NFC is not steep for integrators who work with access control technology. “The NFC-enabled phone works exactly as a card would,” she explained. “The phone emulates the card. The reader processes the transaction exactly as it would if the card were presented.”

Demand on the upswing

“We are seeing a strong demand for a wide range of mobile one-card solutions ranging from apps to NFC to web services,” said Ledwith. In addition to access control, she noted NFC is well received for spending at dining locations, and even for laundry payments at colleges.

Identive Group said NFC is a “soon to be a ubiquitous technology” since it allows users to extend their digital lifestyles into the physical world.

”We are absolutely seeing demand for NFC at the door, coming from small pockets within both corporate and government customers who wish to simplify physical and logical access with ‘tap to enter’ and ‘tap to log in.’ Residential and hospitality are among the larger near-term market opportunities,” said Jason Hart, Identive’s executive vice president, Identity Management and Cloud Solutions.

NFC is similar to Bluetooth but different in outlook. “Bluetooth continues to be popular in residential applications because of its ubiquity, but ultimately, because NFC uses the same contactless technology that is already present in many modern building and payment systems (i.e. RFID readers and terminals that either can read NFC or easily be upgraded to read NFC) we believe it is more likely that NFC will be the predominant technology used,” Hart said.

Typically, NFC is not a standalone or forklift upgrade. “NFC can certainly be combined with traditional access,” Ledwith said.

There are two models for delivering NFC credentials in the phone—using a cloud-based, SaaS service which is a recurring service and a per credential model to suit the customers budget and requirements.

Based on his experience during customer conversations, Oetjen said he expects there will be an interest in NFC technology for both access control and for logical security applications such as network or PC log-in. Colleges will be interested in phone-based NFC due to the large number of users and the opportunities campus wide to use NFC in revenue collection applications such as parking, cafeteria or bookstore.

For integrators, the sell may be different in business or government settings where phone-based NFC could be mandated and the tools provided by the enterprise. At a college campus, it is difficult to demand every student carry a smartphone to get access to dorms—although most students do. That said, there are many anticipated advantages to NFC.


Major pluses

“NFC is really just a transport—what makes building access work with NFC are applications loaded into the phone or the secure element of the phone,” Hart said. He recommends using an open-source international standard application like Protocol for Lightweight Authentication of Identity (PLAID), Card Authentication Key (CAK) or other recognized standards that provide government-grade security at the door with the phone.

“We recommend against proprietary implementations that lock the customer into one vendor,” Hart said.

“There is an advantage for the large enterprise customer to save money end-to-end versus the process of buying and printing ID badges,” Oetjen pointed out. “If you consider the cost of the access card, the materials required for printing the badge and the administrator’s time to print the badge versus downloading a token or credential into a NFC-enabled smartphone app there would appear to be a nice opportunity for some savings.”

In beta tests and early deployments, NFC has been well received for access control. Ledwith said NFC increases security by acting as a de facto tool for secure access and transactions. It improves service because users enjoy the convenience of using their phones for access instead of a plastic card.

NFC lowers costs and tech callbacks by reducing the number of lost cards. It is easy to lose or misplace a plastic card. Most users cannot get 10 feet from their smartphone without having it in their hands. People tend to keep their phones in their hands on 24/7, so the convenience of using the phone to open a door, rather than rifling through purses or pockets for their access cards, is a great benefit. There is no sacrifice of security since the security of the credential is the same on the phone as it is on the card—perhaps even greater, since users usually protect their phones fiercely.

“NFC-enabled phones actually provide additional security advantages over a traditional ID-1 card,” Hart said, noting NFC is generally not enabled until the phone is unlocked, allowing an extra layer of protection in the form of a PIN or biometrics to do so.

“A phone can be remotely tracked, disabled and wiped, providing further additional layers of security,” Hart said.

Security departments also avoid the problem of having to carry an extensive inventory of replacement smart cards and the personnel and security problems that go with lost cards.

Oetjen said he believes that NFC will bring some relief to dealers who process reordering access credentials. “I’m not sure what our rate of expedited shipments is on access card reorders, but I’m sure it is high. It’s one of those things that a lot of customers wait on until they open their last box of access cards,” he said.

With NFC technology, if a customer needs to reorder tokens or credentials they can download from a web portal and acquire clearance much quicker than the way it is done today. “The process should be easier and the customer satisfaction should be higher as a result,” Oetjen said.


Potential drawback

Today, in order for people with iPhones to take advantage of NFC (which is not yet native to the phone), accessories need to be used. The industry sorely needs Apple and Google to include the NFC chip natively in their phones. The solution, at the moment, is an add-on accessory.

Many phone users are in love their cell phone case. Women may have 10 cases, color-keying them to each day’s outfit. Guys often sport a team logo on their cover. In any case, users do not want to ditch a favorite case and be bothered with an add-on appliance to allow them to use their smartphone as a key. In beta tests, users said they love the technology. But they do not like having to add on an accessory to their phone.

“The only real drawback we have found so far is that native NFC support in cell phones is not as widely available as some had hoped it would be by now,” Ledwith said.

From a security point of view, Oetjen said the main drawback to NFC is the loss of the traditional ID badge that so many companies require their employees to display for security purposes when they are at work.

“This may be the single most challenging item to overcome for NFC to become a mainstream technology for security purposes,” he said. “There will be a significant number of end users who simply won’t want to give up their ID badges, so NFC probably won’t be for everyone as a security technology.”

That said, NFC can definitely be combined with traditional layers of access.

“The real opportunity is in the natively enabled NFC cellphones; I’m not sure about the market for the cellphone accessories that will turn any phone into an NFC enabled device,” Oetjen said.

He said he has seen little if any resistance toward NFC coming from the integrator or the end-user. “In my opinion, the slow adoption rate is coming from access readers and smartphones not being NFC enabled,” Oetjen said. “The manufacturers of access readers have just recently released NFC-enabled readers to the U.S. market and there are only a limited number of cell phone manufacturers that have released NFC enabled cell phones.

“I won’t pretend to know what is going on inside of Apple or Google, but from what I have heard Apple has not yet embraced NFC technology, but Google has embraced NFC for their Android based smartphones,” Oetjen continued. “I think we will see more NFC enabled smartphones released in 2013, but I am sure there are more than a few people waiting around to see if Apple puts NFC on their technology roadmap.”

Ledwith said she sees demand for readers and credentials which are “NFC ready.” This allows schools and other enterprises to be prepared to support the technology if and when it reaches a wide enough adoption for them to want to incorporate it into their programs.

“Our customers that have already implemented NFC agree that the infrastructure was a good investment whether NFC takes off or not,” Ledwith said.

“The adoption of secure, contactless credentials is a positive from security, convenience, and maintenance perspectives, with or without NFC,” she maintained. “In all cases, they were already using these secure credentials before ever considering NFC.”

Hart emphasized that customers will lower their credential costs by moving to virtual credentials. “It provides an additional convenient and highly secure form factor leveraging open standards. We do not see NFC totally replacing ID-1 or key fob form factors but rather augmenting them,” he said. “For integrators, NFC offers the ability to lower total solution costs and support additional convenient form factors such as mobile phones.”




Curt Harler is a regular contributor to SD&I magazine. Reach him at