Some call it a more secure, easier to work with communication protocol
Near field communication has been an “emerging” technology for half a decade. During that time, it has jumped the initial hurdle being deployed in handsets worldwide. But there are still obstacles to conquer if NFC is to truly go mainstream.
Some are tired of waiting.
“Physical access control has been a stale industry and this is one of the more exciting things to come around,” says John Fenske, vice president of product marketing for physical access control at HID Global. He’s not talking about NFC, but an alternative – some say competitive – technology called Bluetooth Low-Energy or Bluetooth Smart.
Some in the physical access control and identity markets are looking at Bluetooth Low Energy as a solution because it’s already in just about every recent model handset and computer. The specification has been included on iPhones and Android handsets since 2012.
Plus it doesn’t have the NFC ecosystem’s complexity that requires enterprises to work with mobile network operators to place a credential on the device.
“The barriers to using NFC have been high,” Fenske says. “If you’re looking at using a phone with NFC and you want to put information on the secure element, you have to go through the mobile operator and they charge for that access.” Bluetooth Low Energy applications, however, can be embedded elsewhere in the handset.
HID or its dealers will have online portals where enterprises can provision access, he explains. Once all the proper information is entered into the portal, a user will be sent a link to download the app on to their device.
Usability has been another issue with NFC. It can be tough to use, and is rarely as easy as tapping a handset against a reader to enable an NFC credential, Fenske says. “We need to reconcile this,” he says. “NFC needs to be about consistent and powerful transactions.”
Whereas NFC can typically be read from less than an inch away, Bluetooth can transmit at a distance of 10 to 15 feet. With this longer read range the problem then becomes how to decide when a specific door should open.
Brivo Labs explores ‘contextual’ access control
Brivo Systems is known for its cloud-based physical access control technology, but it launched Brivo Labs to work the cutting edge of physical access control.
The new group is exploring “contextual” physical access control systems with the tagline “single sign-on for the physical world,” says Lee Odess, general manager at Brivo Labs. Typically physical access control is about keeping people out, but Brivo Labs is dedicated to enabling access based on permissions.
“We’re looking at social access management,” Odess explains. “Instead of controlling access we want to know how people can manage their own access.”
Brivo Labs is calling this Social Access Management and will enable clients to use the same identity at the office, at a sports stadium, movie theater and even at home, Odess says. One of the first systems Brivo Labs is working on is a visitor management solution called randivoo – pronounced rendezvous.
Randivoo is being built into Salesforce.com to enable employees to provision access for visitors. Prior to the visit, the sponsor will send an email with a meeting request. From there, the guest will download the pass – such as a QR code – on to a smart phone.
The system automatically sends a reminder the day before the meeting. When the guest arrives at the building, he goes to the kiosk and scans the QR code. A credential is issued to enable access to the appropriate area in the building, Odess explains.
After the guest scans the code, the employee sponsoring the meeting is notified that the guest has arrived through a text message or other preset means.
Eventually, the system may also take advantage of NFC and Bluetooth Low Energy instead of the QR code.
Brivo plans to enable guests to use any type of social identity, including Facebook, LinkedIn or Twitter.
“We’re enabling the building or the person to determine what level of security they want,” Odess says. “It depends on the contextual security that the enterprise wants to use.”
The idea is to have this type of physical access control system used at movie theaters, sports stadiums and other venues as well, Odess says. Brivo Labs is also looking at how Google Glass, Nike Fuelband and other wearable technologies can work with physical access control technologies to expand this contextual world.
HID is addressing this issue by including a gesture-based activation system. After walking up to the reader the user rotates the phone in a specified manner to activate the device’s built-in accelerometer that normally controls screen orientation. In this case, the motion triggers the credential and sends it to the access control reader.
A traditional knock against Bluetooth has been a lack of security, but the new specifications include 128-bit encryption. This has helped to lock down transmitted data clearing the way for more secure uses of the technology. “Bluetooth was promiscuous but now not so much,” says Lee Odess, general manager at Brivo Labs.
Competitive or complementary?
Odess believes Bluetooth and NFC can work as complimentary technologies in the physical access control world. Bluetooth can be used to get you in the front door of an office building and NFC can be used to unlock your office door or more secure areas of the building, he suggests.
But it’s going to depend on what kind of security the enterprise wants to put in place, he says. It ultimately may come down to the prevalence of a technology, and when it comes to that, Bluetooth is in the lead. “If I had to place a million-dollar bet on which technology is going to win, I would say Bluetooth,” he says.
As it’s often lamented, the iPhone has not committed to NFC. With every iteration of the Apple handset the rumor mill swirls with “will they/won’t they” discussions. Some don’t think that Apple will ever include NFC, instead favoring its own iBeacon technology, the company’s Bluetooth Low Energy solution.
Apple seems to be launching iBeacon initially as a marketing tool. Retailers can place iBeacons in their stores to offer up promotions and deals to get people to visit. But there’s no obvious technical reason it couldn’t be used for other purposes.
Apple isn’t the only one getting behind Bluetooth. Wearable technologies – like the Jawbone Up, Fitbit and others – use Bluetooth to keep in constant communication with smart phones. Moreover, it’s a virtual given in laptops and desktop computers purchased in the last two years.
“NFC is playing in a completely different field than Bluetooth,“ says Scott Kern, lead architect for identity and access management at Verizon Enterprise Solutions. “It’s great for point-of-sale but when you talk about a rich ecosystem with plenty of devices, that is not NFC.”
Verizon is looking at a day when there can be multi-factor authentication that doesn’t require the user to do anything. Between a wearable device and a smart phone, a user could walk up to their laptop and be authenticated. “You can start building an ecosystem that ties back to the individual and doesn’t require them to authenticate,” Kern says.
The fact that consumers are already holding devices that have this technology solves the chicken and egg problem. If companies build products that take advantage of Bluetooth Low Energy, they can already start to use them without any additional effort, Kern says. “We aren’t starting from scratch,” he adds.