NFC For Access Control

Author: Brian Rhodes, Published on Mar 06, 2012

Led by door access gorilla, Assa Abloy / HID, NFC is getting a lot of unwarranted hype as the next big thing in access control. They envision mobile phones using Near Field Communication (NFC) technology replacing today's proximity and magstripe cards as the preferred choice of accessing facilities.

Despite the hype and parroting from the industry press, we have not seen any detailed, critical analysis of whether NFC makes sense for physical access control. As such, this report digs into the operational details to examine the drivers and barriers to NFC adoption.

Overview

Near Field Communications is derived from RFID technology, except that NFC chips can be changed and updated repeatedly. This flexibility means NFC can be programmed to behave like a 'digital wallet' one moment and a door access credential the next. Running the function on a device like a networked mobile phone means that you'll have access to the right credential when you need it. Your phone can become your access credential, allowing you to throw away your physical access card.

Key Questions

In our analysis, we see 4 main questions shaping the viability of NFC for physical access:

  • Is NFC Truly More Convenient? Clearly, convenience is the main driver for NFC proponents. However, what operational or logistical issues are created when using NFC enabled devices, like phones, as a physical access credential?
  • Is NFC Secure Enough for Access Control? Using a phone as a credential to access secure facilities raises new issues of how secure NFC is and the devices it runs on.
  • What infrastructure Changes Are Required? Physical security is a conservative industry with deep infrastructure already in place. What changes will need to be made? How much will they cost? How can it be justified?
  • Will Security Managers Accept NFC? Switching from cards to phones raises new operational concerns. Will security managers find this operationally easier or more difficult?

*** ** **** ****** *******, **** ***** / ***, *** is ******* * *** ** *********** **** ** *** **** big ***** ** ****** *******. **** ******** ****** ****** ***** Near ***** ************* (***) ********** ********* *****'* ********* *** ********* cards ** *** ********* ****** ** ********* **********.

******* *** **** *** ********* **** *** ******** *****, ** have *** **** *** ********, ******** ******** ** ******* *** makes ***** *** ******** ****** *******. ** ****, **** ****** digs **** *** *********** ******* ** ******* *** ******* *** barriers ** *** ********.

********

**** ***** **************** ******* **** **** **********, ****** **** *** ***** *** be ******* *** ******* **********. **** *********** ***** *** *** be ********** ** ****** **** * '******* ******' *** ****** and * **** ****** ********** *** ****. ******* *** ******** on * ****** **** * ********* ****** ***** ***** **** you'll **** ****** ** *** ***** ********** **** *** **** it. **** ***** *** ****** **** ****** **********, ******** *** to ***** **** **** ******** ****** ****.

Key *********

** *** ********, ** *** * **** ********* ******* *** viability ** *** *** ******** ******:

  • ** *** ***** **** **********?*******, *********** ** *** **** ****** *** *** **********. *******, what *********** ** ********** ****** *** ******* **** ***** *** enabled *******, **** ******, ** * ******** ****** **********?
  • ** *** ****** ****** *** ****** *******?***** * ***** ** * ********** ** ****** ****** ********** raises *** ****** ** *** ****** *** ** *** *** devices ** **** **.
  • **** ************** ******* *** ********?******** ******** ** * ************ ******** **** **** ************** ******* in *****. **** ******* **** **** ** ** ****? *** much **** **** ****? *** *** ** ** *********?
  • **** ******** ******** ****** ***?********* **** ***** ** ****** ****** *** *********** ********. **** security ******** **** **** ************* ****** ** **** *********?

[***************]

********* ********* ******* **** ****** ********. ***** *******:

  • *** ****** *** * ***** '****' ***** ** **** *.* inches - ************* ******* **** ********* **** *******
  • *** ******** *** ********** ********** ******* ** *** ****** *****
  • *** ******** *** ************ *********** **** **** ** ** *******
  • *** ***** **** ******* ******** ** *** ** ******** *** the *** ********
  • ******* *** **** ***** ** * *********** ** **** **********
  • *** ***** ******* ************ **** ***** ***** **** ********* **********

Is *** ***** **** **********?

*** **** ******* ******* ** *********** ***********. ****** ******, ******* by ****** ******** ***, *** ********* *** **** *** ******** a **** *** ******** ****** *******. **** ***** **** ****** find **** ** ** **** ********** ** ** ** *** less ****** ** ***** ******.

*******, **** ************* **** ***** ******* ***** *****. * ****** practice ** ***** *** ****** ********** **** ** * ******* ID ****. **** ** *** ******** ********* *****, **** **** still **** ** ***** ** *****. ** ********* *** ****** to ***** ** ****** ******, ***** **** **** ****** ***** a ********* *** ******?  **** ************ ***** ******* ********* *** benefit ** ****** ** ***.

******* ***** ** * *** ******** **** ***** *** ******* devices. ***** **** **** ** ******* ***** ****** ** * variety ** ******* **********, ********* **** *** ******* ****. **** people ** ******* ** ****** ** ********* ********** ** *** weather ********** ** **** ** * ***** ***** ** *******?

***** ** *** ****** *** ****** *** ******** ** **** cumbersome *** **** *********. ** *********** ***** ** ** ******* on *** ***** ** ***** *** *** *** **** ** work. **** ** * *** ********** ******** ** ******* * card **** * ****** *** ******* ***** ******. *** *********** of ******** * ***** *** **** **** *** ***** ******* down.

*** ******* ** ****** ********** ************ **** * ***** ******* dies ** * ****** *****. * ******* ** '**** ******' plans *****, ********* *** ******** ** ******* ** ******* *****. Other ********* *** ***** *********, **** ** ********* * '*** ******' **** *** ****** **** ****** ** ********* reserve ** ***** ******** * ****** ***** *********. *******, **** ** ****** *********** at **** *****.

* ******* ***** **** ** **** ******** ** '**** ******* if *** ***** **** *****'* *** ****?' ** *** ******* to * ***** ** ************, **** **** ******** *** ***** from ***** **** ** ** ****** **********. * ****** ** financial ************** **** ******* ******* *********** ************ **** *** ******* access ******** *** **********.

Is *** ****** ****** *** ****** *******?

***'* ******** ********** *** ********** ** ******** **** ******* ********* technologies. **** ******* ********* ****:

  • *** ******'* ***** '****' ***** ** **** *.* ******. **** hinders *** ******* ** ********* ** *** ************* ******* ******* as **** ** ******* ****** ******** ** ***** *** ********** since *** **** ****** ** ********* ****. 
  • *** *** **** ************ ******** ********** ** ***** ******** *********** using *** **.** *** ****, *** ******** **** ********* ********** than ******** ********* ***********. *** **** ****** ********** **** ******* confidence ** ********* **** ******* *** **** ******* ** ***. 
  • ** ****** ** ********** ** ******** ******* **** *** ****** back ** ** *** ******* ****** ******* ******. ******** *** technology ** *** ****** **** *** ****** *** ******** ******** condition ** *** ****** ******* ******.
  • ** * ***** ** *** ********** ****** ** ****, **** that ********** **** *** ** *********** *********** ** ******** ******. Local ********* ** *** ******* **** **** **** ** ********* role ** ******* ******* ******. ** * **** ***** ** picked **, ********** *** ** *********** ** ********* * ******** to ******** *** ******* **** *** ***.

What *** ************** ******* *** ********?

******** ************* **** **** ** **** ******** ******* ** ****** that ****** ***. **** **** ** ****** *** *** **** majority ** *****. ****** ******* *** ***** ****** ** *** compatible ******* ********** ****** ** $*** *** ****. **** ***** *** ******* ** ** $*** - $*** USD *** ****** **** ************ ***** ** ***** ** *** hardware ****. *** ** ******* ***** ****** ** ***** ** ten *****, **** **** **** ***** *** ******** ** ******* of $*,*** ** $*,*** ***.

****** *** *** ******* *** ***********, **** ******** **********-***** ****** control ******* *** ******** ** **** *** ******* ** *** NFC ********** **** ****** ************. *******, * *** ****** ** ******* NFC ***** *********** *** ** ** ***** ** *** ******. In **** ***** **** **** ** ************ *** ********** ********.

*** ** *** ***** **** ***** ** ***, **** ******** Proximity ************ **** *** ****** ******* *********** ********. *** *******, operating * **** **** * **** **** ****** ** ********** will *** **** ****** *** *.*" **** *****. **** **** of *********** ****** *** ****-***** ******** ** ********* *****.  ** is **** ******** **** ********* ***** ******* **** **** ** totally ******** ** *** *** ***** ***** ** *************. ** Proximity *********** **** ** ******* ******, **** ******* ********** *** value ** ** *** ******* ****** ******* ******.

*** ***********/ ************ ** *** ********** *** **** ****** **** require **** ********** ********. ** * ***** ******* **** ** the ***** ** ****** ** ****, *** ****** *** *** be **** ** ***** ** *** ****** **********. **** ************ will ******* ** ********* ****** ** *************, **** ****** * PIN *****. **** ** ******* ** ***** *** **** ***** systems (*.*.. **** ** * ****** ** ****?), *** ********** have ********* ** ******** ******* ** ******** ********. *** **** require * ******* ******* ** ****** ** ***** *** *** 'dead *******' ************.

Will ******** ******** ****** ***?

******** ******** **** ** ****** ** ****** *** ****** ** which **** ***** *** ****** ***********. ** **** *****, ********** settings **** **** ** ** '******' ** ******* ** * cell ***** ****** **** ******* ** * ****. **** **** mean **** ********* **** ** ******* ** *** ******** *******, and ******* ********** ******* ** ********** *********** **** ** *********. However, *** *** ****** ** ******** **** ** ******* ******, maintaining ******** ********** *********, *** *********** ******* ******* ** ********** holders **** ** **** ** **** ******** ******** ** ***** the ******.

** *** ***** ****, ****** ***** ********** **** ****** * security ******* *******. ******* ******** ******** **** ** ****** ** support ****** ******* ************* ** **********, **** **** ** ***** to ****** *******:

  1. ************* ****** ** ******** **********
  2. ********** * **** ******* ** ******* ** ********** **** ******

****** ******* **** ****** ** * *** ** ************ *** the ******** ******* ** ******. ***** ***** ***** ******* ***** on ******** ********** *** *** *** ******* ** ****** **** decision **** *** ****. *************, *** ******** ******* ***** * difficult **** ********** ****** ******* ********* ** * **** ********* of *** ******* ******. 

** *** ******** ****, ***** *** ******* ****** ******* ** proximity ***** ***** ****** *********** ***** *************. *** *******, ** an ************ *** *** *********** *** * ****** ********* **** cost $* - $* ** ***, ********, *****, *** **********, this **** ***** **** ~$*,*** ****** *** '**** ****' **** of ***** ****** *****. ****** ******* ***** ** ********** **** as **** ********* ***** *** ***** **** ** ** ******.

**********

***** *** *** * ****** ** **********, ******* ** ****** limited ****** **** *** **** * - ** *****. **** are *** *** ********** *** ****** ****** ** **********:

  • ******* ************: ***, ** ****, *** ****** ** ******* *** ********** systems ******** ********** *** ** ***. *******, ** ********** **** this **** **** ************* **** *** **** *** ***** ** manufacturers **** *** ** * ***** ****** ******. ** *** next *** *****, ***** **** **** **** ********** ******* *** using ***.
  • *********: ***** *** ** *** ********* ********** **** ******** *******, this **** ******* ***** ** **** *** ******* ********. ** believe **** **** ***** ******** *** ** *** *********** ******* and ******* ******* ************ ** ** *******.
  • ****** ******* ***: *** **** ****** *** *** *** ********** ******* ** be * ******** * ***** *** *************** ***** *********** *********.  University ********, *** *******, ***** *********** **** ***** ********* *** usage ******, *** ******** ** ** * **** *** *** *** technology.  ** *** ***** ****, **** *****/****** ********** *** ********** or ********* ******** ****** *** ** ******** ** ***** ***** on ***-********* ************* ********.
  • ** ****** ***********: *******, *** ******* ********* *** ** *** **** ** a '******' ****** *** ******** ****** ******* ******* ** **** to ***. *********** ***** *** ****** ** ****** *** ***** to ****** ********** *** **** '**** ** ****' ******** *** with ** **** ********** ** ******** *******, ** ****** ** not ******* ********** ******** ** *** **** ** **** *** ********* a ******** *********** **** ******* ************.
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

Unikey Smart Phone Access Control Platform on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Brivo Opens Up, Adds Mercury Support on Mar 16, 2017
Brivo's cloud-based access control was built around the companies proprietary hardware controllers, and was often seen as a limitation by...
Access Control Course Spring 2017 on Mar 16, 2017
IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer training that focuses only on a small part of the...
DMP Intrusion Tested (XR Series) on Mar 09, 2017
DMP is a major provider of intrusion systems, but lacks the global brand recognition of some of its rivals (such as Bosch, Honeywell, DSC, or...
Avigilon Favorability Results on Feb 27, 2017
One of the fastest growing companies has turned into one of the rockiest, as cooling growth, management turnover and a roller coaster stock price...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Customized Access Control Cans (Altronix Trove) on Feb 14, 2017
Access control installs typically require hanging at least two or three different enclosure cans, each holding individual parts.  Open wall space...
Lenel Favorability Results 2017 on Feb 09, 2017
At this point, it is not surprising that Lenel is one of the most disliked security manufacturers. From stories like Lenel Partners Angry, Lenel...
VPNs for Video Surveillance on Feb 07, 2017
Remote access in surveillance networks is a key cyber security and usability issue. With cyber attacks rising, how can users ensure their systems...
Scathing Honeywell Favorability Results on Jan 24, 2017
Honeywell is one of the biggest brands in security, with offerings for intrusion, fire, wire, video surveillance, access control, plus they own one...

Most Recent Industry Reports

Axis Camera Vulnerabilities From Google Researcher Analyzed on Mar 23, 2017
A Google security researcher has reported 6 vulnerabilities for Axis cameras, affecting multiple models and firmware versions. In this report, we...
OpenEye Takes Aim At Exacq on Mar 23, 2017
First Milestone targeted Exacq with a takeover offer, and now OpenEye is gunning for them with an offer to swap out Exacq for their cloud-managed...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Broken Browser Support for Video Surveillance on Mar 22, 2017
Modern web browsers have left the security industry behind. Current Chrome, Firefox, and Microsoft Edge browsers do not support NPAPI plugins,...
ADI Favorability Results on Mar 22, 2017
150 North American integrators provided feedback on 6 distributors, and why they do (or do not do) business with ADI. ADI is clearly a big name in...
1 Million Dahua Devices Exposed To Backdoor on Mar 22, 2017
Statistics show that 1 million Dahua devices are publicly exposed and vulnerable to the Dahua backdoor. Despite this, Dahua has downplayed the...
Hikvision Hires Crisis Communication Writer on Mar 21, 2017
Hikvision has hired a crisis communication writer as the company ramps up its efforts to deal with the 'crisis' it feels it is facing. 'Crisis...
Glass Break Sensor Tutorial on Mar 21, 2017
Burglars often break glass windows to get into a house. Using glass break detectors in conjunction with alarm contacts is a good way to protect the...
Unikey Smart Phone Access Control Platform on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Hikvision Attacks IPVM on Mar 20, 2017
Hikvision has attacked IPVM repeatedly over the last month, both in the international press and in its dealer communications. Attacks Listed On...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact