NFC: Not Ready for Primetime

By: Brian Rhodes, Published on Oct 01, 2012

NFC continues to be the biggest buzzword in access control. HID, the principal manufacturer of the technology for EAC applications, is eager to evangelize its benefits every chance it gets. In this ASIS webinar, HID boldly claims to be ready to "revolutionize the access control industry". Does NFC stand ready to change EAC as we know it, or do major questions remain? In this note, we review the webinar, the key claims it made, and focus on what issues security professionals should be wary about when considering NFC.

Background

In our previous posts on NFC, we identified significant gaps in adoption. While the tone of this webinar, moderated by ASIS, is long on potential and promise of NFC, it is alarmingly thin on concrete details.

The three major problems discussed, but not fully addressed are:

  • How are existing Access Control systems upgraded to use NFC?
  • How should NFC adopters manage different mobile devices?
  • How are the process gaps in NFC deployment methods being addressed?

In the sections below, we take each question and explain how the webinar responded to, or answered the issues:

Upgrading Existing EAC Systems

When directly questioned on the best strategy for transitioning a current non-NFC system to an NFC enabled system, HID answer was essentially a 'shrug of the shoulders' with the statement "NFC adoption is the burden of the EAC companies to handle". While this may be true at some level, if HID expects NFC to be a reality, and continues to pitch it every chance they get, the EAC companies will need cooperation in overcoming the burden.

While incorporating NFC readers into EAC is not dramatically different than comparative types, installing and using credential management systems that work with NFC is a relative unknown - especially for the integrators and users who will have to make it operational. It is either deeply ignorant or manipulative for HID to dismiss such fundamental operational issues as a burden of someone else when you are pitching such a solution.

Using Mobile Devices

Who owns the device hosting NFC credential? That fundamental question is going to be answered on a case-by-case basis. The question forces the "BYOD, or Bring-Your-Own-Device" issue to the forefront - either companies must centrally issue and manage employee mobile devices, or they must learn to work with and support a broad array of privately owned devices.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

One of the biggest assumptions of NFC, both in terms of adoption and affordability, is that card holders will use their own phones and tablets to host credentials. Rather than issue plastic cards, credentials will be wirelessly transferred to these device, therefore trimming the expense and labor of generating physical credentials from operating costs.

In most cases, issuing company-owned phones to employees will not be an option, and we expect that many will opt for BYOD support for NFC. However, the presentation did little to provide answers for the problem of how to manage so many different devices, outside of describing a loose workflow concept involving yet-to-be released software.

Furthermore, based on data gathered from a Cisco case study, at least 67% of all Cisco-BYOD devices do not include NFC chips:

--

While NFC chip adoption is expanding, these incremental increases are not applying to major mobile device manufacturers like Apple, whose products (still) do not include NFC chips. Until the world's biggest mobile device manufacturers consistently include NFC in their offerings, workarounds must be developed for non-compliant devices or companies must standardize on supported devices. Either option impacts the economy of 'going NFC' significantly.

Process Gaps

At the end of the webinar, HID also briefly discussed problematic gaps in NFC's production deployment. The three questions they addressed were:

What Happens When My Battery Dies?: This is still a major problem with current devices. However, HID suggested that even if no power is available to make a call, enough power remains for the low-demand NFC transaction. In addition, HID described future plans for readers designed with the ability to passively energize a phone's NFC coil. However, at the current time, both phone designers and reader manufacturers have yet to fully address the problem.

What Happen When I Need to Open a Door While I'm on My Phone?: HID's 'solution' offered two options for this problem. First, for 'low security applications', credentials can be written to a device in such a way that NFC always possesses the right credentials, and no interruption in phone service is required to update the NFC chip. The phone call is interrupted only as long as it take to wave the phone in front of a reader. However, the also relies on the reader itself being wired to the network to have current access credentials.

For 'high security' applications where this method is not an option, HID suggested that mobile apps and phone hardware design still needs to be developed to answer the problem.

When will the Credential Provisioning Ecosystem be Available?: This question centers on the software portal needed to write/revoke, buy, and distribute NFC credentials to mobile devices. While HID displayed several whiteboard flows and software flowcharts of this software, no production release has been made. Until this happens, there is a major gap in issuing and managing NFC credentials. HID explained that a solution should be expected as early as 'the end of 2012', but the fact remains that until this point - regardless of final cost - NFC is simply not ready for production deployment.

3 reports cite this report:

New Siri Powered Kwikset Lock on Jan 08, 2016
Your voice is your key with a new residential doorlock, Kwikset's Premis. Using your Apple phone, you can command your door to lock and unlock even...
"Future-Proofing" Access Control Guide on Jul 30, 2015
Its one of the most misused phrases around: "Future-proof". However, even without the crystal ball and wizards, designing access control to be...
HID Troubles Behind CEO Ouster on May 28, 2015
Access control is typically 'boring'. But the biggest manufacturer in the industry shocked many with the out-of-the-blue departure of HID's...
Comments : Members only. Login. or Join.

Related Reports

HID Launches Origo To Fix Mobile Credential Problems on Feb 05, 2019
HID is releasing Origo, an overhaul of its mobile credential platform, this time drastically restructuring the way it is priced and packaged. HID's...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Poor OSDP Usage Statistics 2019 on Jul 09, 2019
OSDP certainly offers advantages over decades-old Wiegand (see our OSDP Access Control Guide) but new IPVM statistics show that usage of OSDP, even...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

Latest London Police Facial Recognition Suffers Serious Issues on Feb 24, 2020
On February 20, IPVM visited another live face rec deployment by London police, but this time the system was thwarted by technical problems and...
Masks Cause Major Facial Recognition Problems on Feb 24, 2020
Coronavirus is spurring an increase in the use of medical masks, which new IPVM test results show cause major problems for facial recognition...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...