Access Control & Identity: Got NFC?

Integrators look to add to their solutions set with this technology

“NFC is really just a transport—what makes building access work with NFC are applications loaded into the phone or the secure element of the phone,” Hart said. He recommends using an open-source international standard application like Protocol for Lightweight Authentication of Identity (PLAID), Card Authentication Key (CAK) or other recognized standards that provide government-grade security at the door with the phone.

“We recommend against proprietary implementations that lock the customer into one vendor,” Hart said.

“There is an advantage for the large enterprise customer to save money end-to-end versus the process of buying and printing ID badges,” Oetjen pointed out. “If you consider the cost of the access card, the materials required for printing the badge and the administrator’s time to print the badge versus downloading a token or credential into a NFC-enabled smartphone app there would appear to be a nice opportunity for some savings.”

In beta tests and early deployments, NFC has been well received for access control. Ledwith said NFC increases security by acting as a de facto tool for secure access and transactions. It improves service because users enjoy the convenience of using their phones for access instead of a plastic card.

NFC lowers costs and tech callbacks by reducing the number of lost cards. It is easy to lose or misplace a plastic card. Most users cannot get 10 feet from their smartphone without having it in their hands. People tend to keep their phones in their hands on 24/7, so the convenience of using the phone to open a door, rather than rifling through purses or pockets for their access cards, is a great benefit. There is no sacrifice of security since the security of the credential is the same on the phone as it is on the card—perhaps even greater, since users usually protect their phones fiercely.

“NFC-enabled phones actually provide additional security advantages over a traditional ID-1 card,” Hart said, noting NFC is generally not enabled until the phone is unlocked, allowing an extra layer of protection in the form of a PIN or biometrics to do so.

“A phone can be remotely tracked, disabled and wiped, providing further additional layers of security,” Hart said.

Security departments also avoid the problem of having to carry an extensive inventory of replacement smart cards and the personnel and security problems that go with lost cards.

Oetjen said he believes that NFC will bring some relief to dealers who process reordering access credentials. “I’m not sure what our rate of expedited shipments is on access card reorders, but I’m sure it is high. It’s one of those things that a lot of customers wait on until they open their last box of access cards,” he said.

With NFC technology, if a customer needs to reorder tokens or credentials they can download from a web portal and acquire clearance much quicker than the way it is done today. “The process should be easier and the customer satisfaction should be higher as a result,” Oetjen said.


Potential drawback

Today, in order for people with iPhones to take advantage of NFC (which is not yet native to the phone), accessories need to be used. The industry sorely needs Apple and Google to include the NFC chip natively in their phones. The solution, at the moment, is an add-on accessory.

Many phone users are in love their cell phone case. Women may have 10 cases, color-keying them to each day’s outfit. Guys often sport a team logo on their cover. In any case, users do not want to ditch a favorite case and be bothered with an add-on appliance to allow them to use their smartphone as a key. In beta tests, users said they love the technology. But they do not like having to add on an accessory to their phone.

“The only real drawback we have found so far is that native NFC support in cell phones is not as widely available as some had hoped it would be by now,” Ledwith said.

From a security point of view, Oetjen said the main drawback to NFC is the loss of the traditional ID badge that so many companies require their employees to display for security purposes when they are at work.

“This may be the single most challenging item to overcome for NFC to become a mainstream technology for security purposes,” he said. “There will be a significant number of end users who simply won’t want to give up their ID badges, so NFC probably won’t be for everyone as a security technology.”