Proprietary vs. Open Credentials

The Public Key Open Credential (PKOC) is an emerging specification developed by the Physical Security Interoperability Alliance (PSIA) that gives integrators a practical way to meet customer demand for stronger, more flexible credentialing options.

PKOC provides a standardized, open credential architecture that any manufacturer or integrator can use without licensing fees or proprietary restrictions. Unlike legacy credential formats, it eliminates costly vendor lock-in and supports a quantum-ready framework (256-bit minimum encryption), preparing systems for the next generation of secure communication.

Inside the PKOC Spec

PKOC is an open, non-proprietary credential specification. It defines how smart credentials – cards, mobile devices, and wearables – communicate securely with readers and access control systems using public-key cryptography for authentication.

The specification supports NFC, BLE, and has been demonstrated over UWB, aligning well with the industry’s shift toward mobile IDs and digital credentials.

PKOC is also complementary to Aliro, the Connectivity Standards Alliance (CSA) specification for mobile access, but it takes a lighter-weight approach by focusing on providing a credential number with minimal infrastructure – resulting in faster performance for applications that don’t require complex authentication workflows.

A growing number of manufacturers now offer readers, cards, and mobile apps compatible with the latest published PKOC specifications for BLE (3.0) and NFC (1.1). These products have been interoperability tested and are already in use in commercial installations, signaling strong market traction and confidence in the specification.

Why It Should Matter to Integrators

Integrating PKOC into an enterprise system doesn’t require starting from scratch. Existing hardware can often coexist with new multi-technology readers and credentials, allowing a gradual migration path. End-users can choose the credential types that best fit their needs without being locked into a closed, proprietary format.

Because PKOC is license-free and royalty-free, there are no per-credential or per-reader fees. Integrators can pass those savings along to customers or focus on generating recurring revenue through credential provisioning, system management, and support services rather than license resale.

Another key advantage is asymmetric cryptography. Integrators can assure customers they are deploying a credential system that aligns with current IT security practices, not outdated proximity or symmetric encryption technologies.

“The ability to offer a royalty-free credential that is fully interoperable is a game changer for RFPs,” says Bruno Desrochers, Canada Sales Manager at Tech Systems. “It lets us compete on service and innovation, not licensing.”

Other benefits include:

• Easy migration path – Combine existing hardware with PKOC-enabled readers and credentials for gradual upgrades.
• RFP advantage – Vendor-neutral, future-ready solutions help win bids.
• TCO – Lower total cost of ownership through simplified credential management.
• Cybersecurity – Bring physical credentials in line with modern IT standards (PKI).
• Integration opportunities – with identity platforms such as Okta or Azure AD.

As open standards continue to reshape access control, PKOC positions integrators to lead that change by offering real choice, stronger security, and the flexibility customers have been asking for.

David Bunzel is the Executive Director of the Physical Security Interoperability Alliance (PSIA). www.psialliance.org.