There’s little standing in the way of companies taking a cue from the opening sequence of tv’s “Get Smart” and setting up their doors to open when an authorized employee approaches. Tokenless physical access control is no longer just the realm of television. It is now reality at a growing number of installations.
The technology exists for tokenless, or “frictionless” physical access control, which eliminates the need for an employee to carry around a token such as a badge or remember a PIN in order to gain entry into a building or office. Biometrics and radio frequency, technologies like Bluetooth can make this scenario possible. It’s just a matter of pushing adoption.
Rick Focke, senior product manager for Tyco Security Products, says that he’s seeing customer demand for the concept of a virtual credential. “The industry is starting to go from the proof-of-concept stage to the deployment stage in a few different technologies,” he says.
But just because this kind of system is possible doesn’t mean that everyone is ready to adopt it. The question of whether a company will go the tokenless route has more to do with its security policy than security technology, says Steve Van Till, CEO and founder of security systems provider Brivo. “Can it be done? Absolutely. Should it be done? That’s a separate question,” he says.
It all goes back to the long-standing dilemma of security versus convenience. Some companies value one over the other, depending on what they’re trying to secure.
There are products both in development and on the market that make it possible for a door to open because it knows who is there. For example, some Bluetooth readers and mobile apps enable a door to open when a person is within a prescribed distance.
“The good thing about that is it’s really convenient and really easy,” Van Till says of the Bluetooth systems. “The bad thing is that your phone is now effectively an access card, and anybody could use it to get in the door.”
Being able to provide this level of convenience securely is where things get tricky. Biometrics has been touted as the solution to making tokenless physical access control systems secure. But the challenge the industry faces is how to make biometrics convenient, not to mention more affordable.
“The holy grail of physical access control is to deliver on the promise of very high security and very high convenience simultaneously,” says Skip Cusack, chief technology officer and chief marketing officer of BluB0X Security Inc.
Cusack believes that on the front end, there needs to be the right balance of security and convenience. “Until now, it’s really been all about convenience at the expense of security,” he says. “I think that’s changing now.”
The holy grail of physical access control is to deliver on the promise of very high security and very high convenience simultaneously
More people will be drawn to these systems because they won’t have to depend on a badge or card credential that they’re more likely to leave at home, says Jonathan Mooney, business leader for electronic access control at security products provider Allegion. A biometric is impossible to leave at home, and people are very reluctant to go anywhere without their phones.
“If you get halfway to work and realize you left your badge, you can probably convince yourself to continue on,” Mooney says, adding that with identification there will probably be people at your office or facility who can visually identify you or at least grant you partial access for the day. “But because you have your creature comforts on your phone, you’re more likely to turn around and go get it.”
A backup for biometrics
One tokenless physical access control system in use in a pilot program is the BluB0X Person Reader, a multi-factor, multi-biometric system designed to serve as a replacement for cards and card readers. The cloud-powered system relies primarily on facial recognition through a video sensor, but it can also employ secondary factors and biometrics to determine whether to let an individual through the door.
The Person Reader is designed to enable an individual to walk up to a reader and gain instant access just by looking at it. The reader uses facial recognition video and compares it to other people in the database to see if there’s a match.
The reader analyzes several biometric signals simultaneously based on the person’s appearance. If it’s not sure who the person is, depending on the security setting that is in play at that door, it may ask for a PIN or card.
Cusack believes combining biometrics with other factor tests is what’s going to best enable frictionless access from a security standpoint. “Biometrics is very secure, but not perfect,” he says. “That, therefore, requires something to be brought to bear for those rare occasions when the biometrics need some help.”
Cusack says the cloud is the key to enabling tokenless PACS in an efficient, cost-effective way. Being able to organize these systems in the cloud makes it easy for them to have one common database, making it possible for a company to have a variety of biometric systems and even a variety of traditional PACS. “That’s a big breakthrough for the industry, and I think one of the things that will drive cloud adoption,” he says.