HID says future of door access might not be cards

Fresh from a pilot project at Arizona State University, HID Global takes a look at the phone-as-credential model


Sept. 19, 2011 – An HID-led pilot project at Arizona State University wants to know if we can ditch the ID card and instead use our phones to unlock our doors. This proof-of-concept project, which was the subject matter for an HID thought leadership luncheon held at the 2011 ASIS tradeshow, seems to have answered that question: Yes, phones just may be a good substitute for ID cards.

Here is how it worked: The pilot project put NFC-enabled phones (near field communications) in the hands of 32 students, who then could use the phone as their access control card at certain university residence doors. They provided a mix of phones to the students, all using Verizon's network. There were iPhones, Android OS phones and even some RIM Blackberry phones.

The phones were authenticated and the NFC technology replicated the signal of an HID iClass card because NFC operates in the same 13.56 MHz frequency used by contactless cards. A mobile app installed on the phones was used by the students to initiate the NFC radio communications that would talk to the reader. The launched app gave the students a select amount of time to open a door (or multiple doors) as it offered the signal that would work with the readers.

An integrator on the project (Henry Brothers Electronics/Kratos) upgraded some of the door readers, and the system piggy-backed on a Lenel access control system.

Along the way, there were hiccups (a mobile app that crashed more than they expected; having to relaunch the app for each door; students who traded phones), but the overall answer of whether this was viable seemed to be “yes”. Students generally liked it (proving that new technology is always attractive), and 79% of the students said it was as convenient or more more convenient than the ASU ID access card they were previously using.

Of course, the one thing that using the phone as the card has going for it is simply our attachment to our phones, especially to smart phones. Presenters at the HID luncheon reminded the attendees that we may not realize we've lost our cards or keys for a day or more, but most people realize almost instantly that they have lost their phone. As Andrew Bocking, vice president of handheld software product management for Blackberry maker Research in Motion, told the attendees, “Devices are an extension of our mobile identity.”

But besides learning that, yes, the proof of concept works, the pilot project that HID Global performed at Arizona State University raised a number of questions and concerns that our industry will need to address before we can take this from pilot project to everyday project. Let's run through those concerns:

#1. The variables: In this kind of project, you no longer have one type of card. Instead you have multiple brands of phones, multiple models, multiple operating systems and even multiple networks. “How do you deal with those different variables?,” asked HID Global's Denis Hebert while presenting the pilot project. “How do you make it a seamless experience for the end-user?” The answer seems to be like the punchline to a joke: “Very carefully.” The reality is that you're going to face more complexities than ever before if/when you ever do this kind of project as a security director or as an end-user.

#2: The virtual reader: One of the things that Hebert likes to discuss is separating identity from credentials and credentials from cards. That was the subject of his last industry update address, provided at the ISC West show. On the reader front the same thing can happen. If a phone captures your biometric (or even your PIN) and relays that to the access system, it is in fact operating as a virtual reader.

#3: Mobile isn't for everyone. “Not all circumstances will permit mobile devices to serve as the credential,” Hebert said to the audience of his ASIS seminar. “This might work on a campus where students are accessing residence halls with the phone in their palm, but it might not work in airport where there is visual security value of producing an actual credential.” Even on a university campus, Hebert said there is real value to having the visual security of an ID card, and while it may not be a technology card, he said he doesn't see the card going entirely away.

This content continues onto the next page...