Critiquing HID's 'Access Control Goes Mobile' Presentation

By: Brian Rhodes, Published on Apr 11, 2012

Are Mobile Credentials ready for primetime?  ASSA ABLOY [link no longer available] / HID, who have invested heavily in the technology, posted a webcast of their joint 'Access Control Goes Mobile' event at ISC West. Using mobile devices to host access credentials is a growing trend, with recent development centering around the inclusion of NFC technology into credential readers, door hardware, and smartphone devices. In this note, we examine the key takeaways from that presentation.

We have embedded the entire webcast here for reference. (note: the player omits timestamps so its hard to track by time):

In the webcast, HID / ASSA makes a number of important points:

    • NFC credentials will be administered differently than traditional keys or cards. HID stated that (mobile keys are) "a quantum leap in access control" by "replicating existing credentials and depositing them on a mobile device". These differences were demonstrated by HID through "over the air provisioning and revocation" via a web based mobile services portal.
    • In what was introduced as "the next frontier" for IT management control, the growing issue of securing "foreign devices accessing corporate networks" was mentioned but not completely addressed. HID states that while "many different companies are looking it today", the problem still has no comprehensive solution. This point was clearly illustrated by a confusing software demonstration that enables secure VPN connections from mobile devices to a corporate networks, but does nothing to secure or ensure safe condition of end point devices.  
    • "NFC does not include support for Picture IDs" and the feature is not roadmapped for development.
    •  HID acknowledged that mobile credentials are not the answer for every access control situation. They clearly stated "card credentials are not going away" and mobile credentials are "not a direct replacement" for card credentials. ASSA declares that "NFC is only a portion of the complete access control envelope" and is most valuable applied to the 95% of openings currently not incorporated in any electronic access control system. ASSA illustrated this point through the following chart they titled 'The Security Continuum':

Analysis

1. Because NFC credentials rely on interoperability between credentials and devices, credential management becomes a huge operational concern. The process of provisioning  and managing NFC credentials will be unlike anything currently being used. This difference extends even to how these credentials are purchased and shared. Since NFC credentials are not physical objects they must have the ability to be transported from device to device. Therefore, because this technology is still in early versions, many of these interoperability issues have yet to be discovered.

2. BYOD, or 'Bring Your Own Device', is a growing trend and security concern for corporate IT/security departments. According to the presentation, 37% of all tablets sold are used in corporate environments, but owned by employees. As we noted in our NFC examination, successfully managing and administrating devices not owned by companies is an awkward situation. While a variety of policy and authentication programs are being developed, no 'clear answer' exists in the market. HID demonstrated a 'soft token' system in an early attempt to bridge this gap.

3. Not supporting Picture IDs significantly limits the value of NFC. For high security areas (where image verifications are used for dual authentication) NFC still requires carrying a badge photo which undermines the main claimed benefit of NFC. Since NFC technology is designed as a low bandwidth, low energy transmission medium, the time required to transmit high resolutions picture files is excessive and would be prone to transmission error. 

4. Despite being positioned as a game changer, we disagree that NFC will bring access control to new doors. Bringing access controls to the untapped "95%" of doors has not occured even though several cheap alternatives to hard wired access controlled door exist. If the major incentive to move to NFC is additional security, consider that multiple low-cost proximity card leversets have attempted to gain the same market. If NFC's convenience is the push, then consider that keypad operated locks (requiring no external credential at all) have been in the market for many years.

Conclusion

The concerns we raised in our initial NFC analysis still stand, and it is clear that 'mobile credential' technology is still being developed and working through growing pains. However, these vendors make it clear that NFC technology will continue to recieve development attention for the near future.

Comments : PRO Members only. Login. or Join.

Related Reports

HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...
Fail Safe vs. Fail Secure Tutorial on Oct 02, 2019
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Access Control Course Fall 2019 - Save $50 Last Chance on Sep 30, 2019
Register Now - Fall 2019 Access Control Course. Save $50 through October 10th. Thursday, October 17th is the last day to register. IPVM offers...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Directory of 69 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Assa Acquires LifeSafety Power on Sep 04, 2019
Assa Abloy is acquiring LifeSafety Power, adding to their growing collection of access control brands like Mercury, August, Pioneer Doors, and...

Most Recent Industry Reports

Axis HD Analog Encoder Tested on Oct 11, 2019
Two years after declaring "Everything is IP", Axis has released their first HD analog encoder, the P7304, with support for AHD, CVI, TVI, and SD...
Dahua Celebrates PRC 70th Wearing Communist Party Hammer and Sickle on Oct 11, 2019
Dahua celebrated the PRC's 70th anniversary with a video of various Dahua employees wearing China Communist Party Hammer and Sickle pins as shown...
Last Chance - Register Now - October 2019 IP Networking Course on Oct 10, 2019
Last Chance - Register Now - Fall 2019 IP Networking Course. The course starts next week. This is the only networking course designed...
Network Optix NxWitness 4.0 Tested on Oct 10, 2019
Network Optix released Nx Witness 4.0, proclaiming new features like a deep learning analytics metadata SDK, increased H.265 support, and UX...
HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...
ONVIF Suspends Dahua and Hikvision on Oct 09, 2019
Dahua and Hikvision have been 'suspended', and effectively expelled, from ONVIF, immediately following US sanctions being placed on the 2 mega...
Hikvision And Dahua Sanctioned For Human Rights Abuses on Oct 07, 2019
In a groundbreaking move that will have drastic consequences across the video surveillance market, Dahua and Hikvision have been sanctioned by the...
Avigilon H5A Analytic Cameras Tested on Oct 07, 2019
Avigilon has released its H5A analytic cameras, claiming to "detect more objects with greater accuracy even in crowded scenes." We tested the...
Crisis At China's Largest VMS Provider, Netposa, Now State-Controlled on Oct 07, 2019
NetPosa, which bills itself as the PRC's largest VMS provider, is in a crisis. The firm is pursuing huge unpaid bills from clients, and its...
Knightscope Sells Just 1 Net New Robot In 6 Months on Oct 04, 2019
For the first half of 2019, US government records show that Knightscope has sold just 1 net new robots ('machines-in-network'), inching up from 52...