My opinion: Access market is ready to surf the NFC wave

Las Vegas, March 30, 2012 -- I asked my colleagues Gale Johnson and Jerry Levine, the editors of Locksmith Ledger magazine and what was interesting them at the show, and the one thing that both mentioned was near field communications (NFC). These are the two guys who know the opening and locking of the door better than any other journalists in the industry, and when they tell me they are both really interested in a single technology, I sit up straight. And now, after sitting in on a lunchtime presentation today that was directed by HID Global President Denis Hebert during ISC West, I have to say that I agree.

I agreed all the more after bumping into a colleague who had lost her phone. "It's like I've lost my identity," she said. That friend wasn't talking about NFC, and it's highly unlikely that the phone was NFC capable (few are today, although that is changing), but it falls exactly in line with what Hebert and the team from HID Global were discussing today.

The reality is that with the forthcoming crop of new smart phones that have NFC -- which is a low-power, short-distance communications protocol using a tiny radio – companies like HID are going to be able to piggyback on that same NFC capability to unlock doors. The phone becomes the card/credential that talks to the reader at the door, and the reason this makes sense for security goes back to that lost phone concept. I heard it last year from Hebert, who reminded an audience at a similar function at the 2012 ASIS tradeshow in Orlando that people are much more likely to notice they have lost their phone before they would notice they have lost their access control card.

The technology model for NFC-enabled electronic door access control is amazingly close to what end users already know about managing a card office, except instead of activating cards and handing them to the employee, you would use a software or web portal to remotely activate a digital "key" on the person's phone. The phone's owner then uses an access control app that turns on power to the NFC radio, which in turn sends the signal to unlock the door (this was actually demonstrated live at HID's luncheon).

That remote activation of the credential over the cellular network means you can temporarily grant access (e.g., give a service provider temporary access to your mechanicals room or home to fix something), and you can likewise instantaneously deactivate that key. Tack on additional features for higher security (type a PIN in on that same phone at the same time the phone acts as the card and all of a sudden you're offering 2-factor authentication in the palm of someone's hand).

The trusted phone becomes the holder of the identity key that allows you to open select doors that the door administrator (or homeowner in a residential market) grants you access. What's more is that HID already has test products that uses NFC (many were on display at the luncheon NFC showcase), and while it's all mainly in pilot stages, this market seems poised to race forward with this technology as soon as NFC-capable phones become more prevalent. It even crosses out of the physical access control range into the logical access control range as an NFC signal becomes the signal that you use for logical access to your computer.

And they will become more prevalent, because this technology isn't really being driven by the security industry at all. Rather, it's being pushed forward by NFC applications for credit cards and debit cards that are on your phone. Does that mean NFC will be common on phones by the end of this year? HID thinks so, but I'm not altogether convinced. If Apple adopts NFC capabilities on the iPhone then yes, late 2012 could be the real emergence point, but otherwise it may be slower in the adoption than what the access control and payment card industries would otherwise predict.

What the industry has to do, of course, is decide how to monetize the technology in a manner more than just selling NFC-capable readers and locks. Hebert thinks the monetization comes in the key/credential issuance process to the phone, much like the industry already sees income on the activating and issuance of the credential.

Admittedly the technology isn't without challenges to overcome, such as whether you can open the door at the same time you're talking on the phone, or what happens if your phone is dead, or even what the security of these credentials would be and if they could be cloned. But these aren't insurmountable problems that the HID is actually already brainstorming solutions for (e.g., low-power NFC capabilities for when your phone battery is near dead). And as to the security of the data, the digital keys can be required to do verification "handshakes" if necessary and clearly can be stored in a secure format, so I don't see these as anything more than normal hurdles that come with any technology development process.

It may not be for every market -- the visual value of an ID badge still has clear value in markets like aviation and federal buildings -- but I'm convinced that NFC can reshape our industry. As someone who has lost an access card in recent years, but who hasn't lost my phone, I'm all for it, and I'm rarely one to get excited about much of anything I see on a tradeshow floor. As one of the attendees said in the Q&A, kudos to a major manufacturer for not being content to simply rest on the laurels of its (very profitable) badge and card business.