Handset leaders add biometrics and NFC, dawning a new era in mobile as a credential
16 March, 2015
category: Biometrics, Corporate, Digital ID, Financial, Government, Library, NFC
NFC and BLE let phones talk to devices, not just people
The addition of NFC to the iPhones 6 and 6 Plus is also causing a stir. While the company locked down the NFC capabilities on the new iPhones so it can only be used for Apple Pay, insiders predict the API will be opened up down the road, as it was for the Touch ID biometric scanner.
Until it is opened, this will keep other NFC wallets off the iPhones so consumers won’t be able to use SoftCard – formerly ISIS – or Google Wallet. But this also limits NFC’s other possible applications, effectively hamstringing the device.
The NFC communications protocol can be used to read smart tags, pair with other devices and replace smart cards for physical access and identity applications. While many in the identity space may have been salivating at the opportunity to provision credentials to new iPhones, they will have to wait before getting the opportunity.
One of the biggest issues holding NFC back in general has been the process of putting credentials onto handsets. Typically, an enterprise would have to contract with the mobile network operators to get access to the secure element to place the credential on the device.
This is a complicated proposition because contracts are required with multiple network operators because employees use different carriers. “Technically everything is possible, but it is a nightmare from a business model perspective,” says John Fenske, vice president of product marketing at HID Global.
Host-card emulation, however, is a newer approach to NFC that eases this pain point. Instead of placing the credential in the handset’s hardware secure element, the protocol places it in secure software with access to the NFC antenna. This removes the need for the carrier’s involvement.
While these options are closed off for the NFC-enabled iPhones for now, companies are not waiting. Many are pushing access and identity applications using Bluetooth low energy instead. Every handset produced in the last couple of years comes standard with the communications technology, but it does require Bluetooth to be added to access control readers.
HID stores Bluetooth credentials in secure software on the handsets, enabling enterprise administrators to manage issuance via a Web portal, Fenske says. The employee receives an email or text message to download an app and the credential.
Once the credential is activated, the Bluetooth access control reader can read it from 10 to 15 feet away, Fenske says. To reduce the potential for accidental reads, the employee twists the phone near the reader to invoke the device’s accelerometer and initiate access.
Could the Apple Pay wallet be the model for an identity key chain?
While any enterprise can take advantage of the Bluetooth on any handset, Apple might be making it easier to take advantage of the NFC functionality.
As Fenske says, the obstacle to NFC has been working with all the mobile operators so that credentials could be placed on the devices. The same obstacle existed in the payments market, but banks had to deal with carriers to get credentials on handsets.
Apple Pay is taking a different tact. The company is still using a hardware-based secure element, but instead of having the credentials issued over the air, consumers will be able to enroll their own payment cards for use with the payment scheme and stored in Apple’s Passbook wallet.
“The devil is in the details, we don’t know how enrollment on the iPhone is going to work yet,” says Amos Kater, practice leader for mobile and payments at UL.
If Apple opens up the API for NFC, it’s possible that enterprises could use this same functionality to add access and identity credentials in the same way they add payment cards to Apple Pay. Without developer’s tools or access to the NFC, however, all agree it’s too early to tell.
Kater is optimistic about being able to use the iPhone’s NFC for more than payments in the future. Not all cards will need access to the secure element – such as loyalty and frequency cards – so host-card emulation will work in those situations. “I want all my cards, including my identity cards installed in Passbook,” he adds. “I would be surprised if Apple didn’t open up the API for non-secure services down the road.”