Apple's use of NFC holds potential for access control industry

Sept. 16, 2014
Analyst says many questions still remain about game-changing ability of NFC for the larger market

As part of its highly-anticipated new product launch last week, Apple announced the new iPhone 6 and iPhone 6 Plus, which are slated to hit store shelves later this week, would feature a near field communications (NFC) antenna design. The NFC antenna is mainly intended to be used for the company’s new Apple Pay service, which enables customers to use their smartphones to checkout at retailers rather than swipe a traditional debit or credit card.  

Apple’s adoption of NFC could also pay dividends in the access control market, which has long touted NFC as a potential game changer for the industry – eliminating the need for key cards and alleviating administrative burdens on end users. In fact, one of the prevailing beliefs within the industry for why NFC hasn’t gained the traction many thought it would by now has been the lack of NFC compatibility with iPhones. With the new iOS 8 operating system, however, developers will have access to the Apple Pay application programming interface (API) which could open up new opportunities for the NFC access control applications.

“I think it is really going to impact the market overall in the sense that more and more end users will start using (NFC),” says Blake Kozak, senior analyst for security and building technologies at IHS. “They are going to start to realize the convenience benefit aspect and start to potentially use that elsewhere.”

Jeremy Earles, readers and credentials portfolio manager for Allegion, believes the NFC capabilities in iPhones will help boost adoption of NFC to the mass market for all uses of the technology, including access control.     

“Allegion launched a commercialized access control solution using NFC more than a year ago, so we are very excited to hear Apple has incorporated the technology into their devices,” says Earles. “Because iPhone users make up a large portion of the smartphone market in the U.S., any technology Apple incorporates into its products will likely influence user behavior and adoption rates. We hope that leads to an increase in overall use of NFC mobile access control options.”

Rather than storing debit and credit card numbers on a server or on the device, Apple Pay will utilize a “unique Device Account Number” that is assigned, encrypted and stored in a Secure Element (SE) on an iPhone or Apple Watch.  Although Kozak says it remains to be seen exactly how Apple will allow security manufacturers to have access to the Secure Element and place all of the pertinent access control data on it, he believes Apple will work with developers to extend their ecosystems beyond mobile payments.

In a sense, however, Kozak says that based on the conversations he’s had with access control manufacturers, Apple’s adoption of NFC may have come “too late” for the technology to change the face of the industry as many had expected, given the fact that many are now looking into Bluetooth and other technologies that provide the same level of convenience and security.

“In the past, security manufacturers could always partner with the likes of Samsung or these other (handset) providers and work with them to use the microSD or SIM card in order to have access control via NFC. It has always been there, but it has been a painful process, so it seems this could help the market moving forward, but I think more people are looking toward Bluetooth these days compared with NFC because it is a little more robust, has been around longer and you can manipulate the read range,” says Kozak.

Historically, Kozak says that NFC has had performance and usability issues along with large variations in performance between different handset manufacturers. Additionally, in some cases, read/write time has been slower for NFC devices compared with traditional credentials. With that being said, Kozak believes Apple’s use of NFC is a good step forward for the market that could move it beyond the phase of pilot project deployments into an area where it is looked at as a more viable option.

“If it is a proven technology and Apple Pay really takes off for Visa and MasterCard, and if it is good enough for them and there haven’t been any big data breaches, then I can certainly see it being good enough for a medium-sized organization (for access control),” Kozak says.   

“It’s difficult to influence adoption rates when a huge segment of the marketplace doesn’t have the system requirements to make it a viable option for them,” says Earles. “Now that the technology is in the hands of more users, we expect adoption rates to grow.”

There are also a number of issues that still have to be worked out on the end user side of the equation if NFC is going to gain more widespread adoption, according to Kozak. For example, Kozak says there are still lingering questions from end users about what happens when the battery in a cellphone dies and how a credential may still have to be used in conjunction with a badge or some other form of authentication in higher level security environments. There are also still a lot of policy issues that have to be worked out, especially within enterprise applications, where IT may be responsible for managing the phone and security responsible for overseeing the credential. Along with that is BYOD and how companies that allow workers to use their own cellphones can manage a secure credential on phones they don’t control.

While some have also expressed concerns about the potential for someone other than an authorized credential holder to gain access to a facility using a stolen phone, Earles believes that a mobile credential is inherently safer than a key card.

“Use cases have shown that a phone with a credential is inherently more closely controlled than a traditional key card. People use their phones multiple times a day. They keep their phone with them all the time, and realize very quickly if it’s missing. They might only use a traditional access control card once or twice per day. Sometimes they won’t even realize the key card is lost until they arrive for work the next day and can’t get into the building.  If someone’s phone is stolen or goes missing, they realize it sooner and report the missing credential more quickly than they would a card,” says Earles.

In the end, however, even with Apple’s adoption of NFC, the technology may amount to just another option in the portfolio of access control manufacturers.

“From my understanding, it is one of those things that you have to have. It is better to have it and have customers not really using it rather than saying, ‘I’m sorry, we don’t offer that solution at all,’” says Kozak. “The immediate, kneejerk reaction is that it could really impact the market, but I think in reality a lot of other things need to take place. There could be partnerships that haven’t been mentioned or brought to the attention of the press that have already been worked on… but from what I’ve seen and heard from the market is that it is a good thing for the industry, but at the very start it is not going to change much.”