Critiquing HID's 'Access Control Goes Mobile' Presentation

By: Brian Rhodes, Published on Apr 11, 2012

Are Mobile Credentials ready for primetime?  ASSA ABLOY [link no longer available] / HID, who have invested heavily in the technology, posted a webcast of their joint 'Access Control Goes Mobile' event at ISC West. Using mobile devices to host access credentials is a growing trend, with recent development centering around the inclusion of NFC technology into credential readers, door hardware, and smartphone devices. In this note, we examine the key takeaways from that presentation.

We have embedded the entire webcast here for reference. (note: the player omits timestamps so its hard to track by time):

In the webcast, HID / ASSA makes a number of important points:

    • NFC credentials will be administered differently than traditional keys or cards. HID stated that (mobile keys are) "a quantum leap in access control" by "replicating existing credentials and depositing them on a mobile device". These differences were demonstrated by HID through "over the air provisioning and revocation" via a web based mobile services portal.
    • In what was introduced as "the next frontier" for IT management control, the growing issue of securing "foreign devices accessing corporate networks" was mentioned but not completely addressed. HID states that while "many different companies are looking it today", the problem still has no comprehensive solution. This point was clearly illustrated by a confusing software demonstration that enables secure VPN connections from mobile devices to a corporate networks, but does nothing to secure or ensure safe condition of end point devices.  
    • "NFC does not include support for Picture IDs" and the feature is not roadmapped for development.
    •  HID acknowledged that mobile credentials are not the answer for every access control situation. They clearly stated "card credentials are not going away" and mobile credentials are "not a direct replacement" for card credentials. ASSA declares that "NFC is only a portion of the complete access control envelope" and is most valuable applied to the 95% of openings currently not incorporated in any electronic access control system. ASSA illustrated this point through the following chart they titled 'The Security Continuum':

Analysis

1. Because NFC credentials rely on interoperability between credentials and devices, credential management becomes a huge operational concern. The process of provisioning  and managing NFC credentials will be unlike anything currently being used. This difference extends even to how these credentials are purchased and shared. Since NFC credentials are not physical objects they must have the ability to be transported from device to device. Therefore, because this technology is still in early versions, many of these interoperability issues have yet to be discovered.

2. BYOD, or 'Bring Your Own Device', is a growing trend and security concern for corporate IT/security departments. According to the presentation, 37% of all tablets sold are used in corporate environments, but owned by employees. As we noted in our NFC examination, successfully managing and administrating devices not owned by companies is an awkward situation. While a variety of policy and authentication programs are being developed, no 'clear answer' exists in the market. HID demonstrated a 'soft token' system in an early attempt to bridge this gap.

3. Not supporting Picture IDs significantly limits the value of NFC. For high security areas (where image verifications are used for dual authentication) NFC still requires carrying a badge photo which undermines the main claimed benefit of NFC. Since NFC technology is designed as a low bandwidth, low energy transmission medium, the time required to transmit high resolutions picture files is excessive and would be prone to transmission error. 

4. Despite being positioned as a game changer, we disagree that NFC will bring access control to new doors. Bringing access controls to the untapped "95%" of doors has not occured even though several cheap alternatives to hard wired access controlled door exist. If the major incentive to move to NFC is additional security, consider that multiple low-cost proximity card leversets have attempted to gain the same market. If NFC's convenience is the push, then consider that keypad operated locks (requiring no external credential at all) have been in the market for many years.

Conclusion

The concerns we raised in our initial NFC analysis still stand, and it is clear that 'mobile credential' technology is still being developed and working through growing pains. However, these vendors make it clear that NFC technology will continue to recieve development attention for the near future.

Comments : PRO Members only. Login. or Join.

Related Reports

Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
HID Launches Origo To Fix Mobile Credential Problems on Feb 05, 2019
HID is releasing Origo, an overhaul of its mobile credential platform, this time drastically restructuring the way it is priced and packaged. HID's...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...
Silicon Valley Access Startup Proxy Raises $13.6 Million on Mar 28, 2019
This mobile-credential based access startup just raised $13.6 million in funding.  Further, they claim that their technology can free businesses...
Proxy Access Control Tested on May 09, 2019
Silicon Valley Access Startup Proxy raised $13.6 Million in May 2019, focusing on mobile physical access control. Beyond the fund raising, Proxy...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

"Hikvision Football Arena" Lithuania Causes Controversy on Jan 24, 2020
Controversy has arisen in Lithuania over Hikvision becoming a soccer team's top sponsor and gaining naming rights to their arena, with one local MP...
Axis and Genetec Drop IFSEC 2020 on Jan 23, 2020
Two of the best-known video surveillance manufacturers are dropping IFSEC International 2020, joining Milestone who dropped IFSEC in 2019. The...
Multipoint Door Lock Tutorial on Jan 23, 2020
Despite widespread use, locked doors are notoriously weak at stopping entry, and thousands can be misspent on locks that leave doors quite...
Avigilon Shifts Cloud Strategy - Merges Blue and ACC on Jan 23, 2020
Avigilon is shifting its cloud strategy, phasing out its Blue web-managed surveillance platform as a stand-alone brand and merging it with its ACC...
Verkada Paying $100 For Referrals Just To Demo on Jan 22, 2020
Some companies pay for referrals when the referral becomes a customer. Verkada is taking it to the next level - paying $100 referrals fees simply...
Camera Analytics Shootout 2020 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jan 22, 2020
Analytics are hot again, thanks to a slew of AI-powered cameras, but whose analytics really work? And how do these new smart cameras compare to top...
Intersec 2020 Final Show Report on Jan 21, 2020
IPVM spent all 3 days at the Intersec 2020 show interviewing various companies and finding key trends. We cover: Middle East Enterprise...
Vehicle & Long Range Access Reader Tutorial on Jan 21, 2020
One of the classic challenges for access control are parking lots and garages, where the user's credential is far from the reader. With modern...
Clearview AI Alarm - NY Times Report Says "Might End Privacy" on Jan 20, 2020
Over the weekend, the NY Times released a report titled "The Secretive Company That Might End Privacy as We Know It" about a company named...
Favorite Camera Manufacturers 2020 on Jan 20, 2020
The past 2 years of US bans and sanctions have shaken the video surveillance industry but what impact would this have on integrators' favorite...