NFC: Not Ready for Primetime

By: Brian Rhodes, Published on Oct 01, 2012

NFC continues to be the biggest buzzword in access control. HID, the principal manufacturer of the technology for EAC applications, is eager to evangelize its benefits every chance it gets. In this ASIS webinar, HID boldly claims to be ready to "revolutionize the access control industry". Does NFC stand ready to change EAC as we know it, or do major questions remain? In this note, we review the webinar, the key claims it made, and focus on what issues security professionals should be wary about when considering NFC.

Background

In our previous posts on NFC, we identified significant gaps in adoption. While the tone of this webinar, moderated by ASIS, is long on potential and promise of NFC, it is alarmingly thin on concrete details.

The three major problems discussed, but not fully addressed are:

  • How are existing Access Control systems upgraded to use NFC?
  • How should NFC adopters manage different mobile devices?
  • How are the process gaps in NFC deployment methods being addressed?

In the sections below, we take each question and explain how the webinar responded to, or answered the issues:

Upgrading Existing EAC Systems

When directly questioned on the best strategy for transitioning a current non-NFC system to an NFC enabled system, HID answer was essentially a 'shrug of the shoulders' with the statement "NFC adoption is the burden of the EAC companies to handle". While this may be true at some level, if HID expects NFC to be a reality, and continues to pitch it every chance they get, the EAC companies will need cooperation in overcoming the burden.

While incorporating NFC readers into EAC is not dramatically different than comparative types, installing and using credential management systems that work with NFC is a relative unknown - especially for the integrators and users who will have to make it operational. It is either deeply ignorant or manipulative for HID to dismiss such fundamental operational issues as a burden of someone else when you are pitching such a solution.

Using Mobile Devices

Who owns the device hosting NFC credential? That fundamental question is going to be answered on a case-by-case basis. The question forces the "BYOD, or Bring-Your-Own-Device" issue to the forefront - either companies must centrally issue and manage employee mobile devices, or they must learn to work with and support a broad array of privately owned devices.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

One of the biggest assumptions of NFC, both in terms of adoption and affordability, is that card holders will use their own phones and tablets to host credentials. Rather than issue plastic cards, credentials will be wirelessly transferred to these device, therefore trimming the expense and labor of generating physical credentials from operating costs.

In most cases, issuing company-owned phones to employees will not be an option, and we expect that many will opt for BYOD support for NFC. However, the presentation did little to provide answers for the problem of how to manage so many different devices, outside of describing a loose workflow concept involving yet-to-be released software.

Furthermore, based on data gathered from a Cisco case study, at least 67% of all Cisco-BYOD devices do not include NFC chips:

--

While NFC chip adoption is expanding, these incremental increases are not applying to major mobile device manufacturers like Apple, whose products (still) do not include NFC chips. Until the world's biggest mobile device manufacturers consistently include NFC in their offerings, workarounds must be developed for non-compliant devices or companies must standardize on supported devices. Either option impacts the economy of 'going NFC' significantly.

Process Gaps

At the end of the webinar, HID also briefly discussed problematic gaps in NFC's production deployment. The three questions they addressed were:

What Happens When My Battery Dies?: This is still a major problem with current devices. However, HID suggested that even if no power is available to make a call, enough power remains for the low-demand NFC transaction. In addition, HID described future plans for readers designed with the ability to passively energize a phone's NFC coil. However, at the current time, both phone designers and reader manufacturers have yet to fully address the problem.

What Happen When I Need to Open a Door While I'm on My Phone?: HID's 'solution' offered two options for this problem. First, for 'low security applications', credentials can be written to a device in such a way that NFC always possesses the right credentials, and no interruption in phone service is required to update the NFC chip. The phone call is interrupted only as long as it take to wave the phone in front of a reader. However, the also relies on the reader itself being wired to the network to have current access credentials.

For 'high security' applications where this method is not an option, HID suggested that mobile apps and phone hardware design still needs to be developed to answer the problem.

When will the Credential Provisioning Ecosystem be Available?: This question centers on the software portal needed to write/revoke, buy, and distribute NFC credentials to mobile devices. While HID displayed several whiteboard flows and software flowcharts of this software, no production release has been made. Until this happens, there is a major gap in issuing and managing NFC credentials. HID explained that a solution should be expected as early as 'the end of 2012', but the fact remains that until this point - regardless of final cost - NFC is simply not ready for production deployment.

3 reports cite this report:

New Siri Powered Kwikset Lock on Jan 08, 2016
Your voice is your key with a new residential doorlock, Kwikset's Premis. Using your Apple phone, you can command your door to lock and unlock even...
"Future-Proofing" Access Control Guide on Jul 30, 2015
Its one of the most misused phrases around: "Future-proof". However, even without the crystal ball and wizards, designing access control to be...
HID Troubles Behind CEO Ouster on May 28, 2015
Access control is typically 'boring'. But the biggest manufacturer in the industry shocked many with the out-of-the-blue departure of HID's...
Comments : Members only. Login. or Join.

Related Reports

HID Releases Lower-Cost Signo Readers on Mar 06, 2020
HID Global is releasing a new line of readers called Signo they claim read farther, are mobile-ready, and automatically adjust for better reads on...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...
How To Troubleshoot Wiegand Reader Problems - Inverted Wiring on Jul 16, 2019
Wiegand is the dominant method of connecting access readers, but problems can arise for installers. In fact, one of the most difficult reader...
Poor OSDP Usage Statistics 2019 on Jul 09, 2019
OSDP certainly offers advantages over decades-old Wiegand (see our OSDP Access Control Guide) but new IPVM statistics show that usage of OSDP, even...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...

Most Recent Industry Reports

Viakoo Presents Cyber Hygiene for Cameras on May 28, 2020
Viakoo presented its 'Cyber Hygiene' and 'Service Assurance' products at the April 2020 IPVM New Products show. Inside this report: A...
Seek Scan Thermal Temperature Screening System ReTested on May 28, 2020
Now that IPVM has tested Dahua, Hikvision, and Sunell, we are returning to Seek, the first blackbody system we tested and retested it with our...
Directory of 106 "Fever" Camera Suppliers on May 28, 2020
This directory provides a list of "Fever" scanning thermal camera providers to help you see and research what options are available. There are...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers use. The US FDA clearly categorizes them as medical devices and...
Wyze Raises $10 Million And Seeks Services Expansion on May 27, 2020
Wyze has raised $10 million, the company's first disclosed raise since the $20 million announced at the beginning of 2019. Inside this note,...
Startup Videoloft Presents Cloud Storage on May 27, 2020
Videoloft presented offsite cloud storage at the May 2020 IPVM Startups show. A 30-minute video from Videoloft including IPVM...
Directory of 300+ Fever Camera News Reports Globally on May 27, 2020
This global directory tracks 300+ articles about thermal cameras used to detect fevers in response to the coronavirus pandemic. Articles are...
Integrators Rising Against Coronavirus on May 27, 2020
IPVM integrator statistics make it clear - Coronavirus's impact on business is lessening and many are anticipating even better news in weeks...
Netposa Stock Surges 46% After US Human Rights Abuse Sanctions on May 27, 2020
Last Friday, the US government announced it would sanction PRC video management provider NetPosa for being "complicit in human rights violations...
LILIN Presents NDAA-Compliant P2 Cameras on May 26, 2020
Merit LILIN presented its NDAA-compliant P2 camera series at the April 2020 IPVM New Products show. Inside this report: A 30-minute video...