This page contains a Flash digital edition of a book.
IPfocus


NFC Looking Ahead: A Top Issue Influencing the Access Control Market


Changes are taking place in the access control industry as enterprises across all industries are deploying new products aimed at improving productivity while increasing security.


Reflecting on this year and looking ahead to 2012, Dr. Tam Hulusi, Senior Vice President, Strategic Innovation and Intellectual Propertyat HID Global has identified issues that he believes are essential to understanding how individuals and businesses will use access control products moving forward. These trends include:


The move to mobility.


The emergence of near field communications (NFC) and other technologies is fueling the migration of access control technology to mobile platforms. The same basic access control methodology we've used for decades can now be embedded into smartphones and other mobile devices, and we can eliminate keys and cards virtually anywhere we need to unlock a door, gate, or drawer. This capability is built into next- generation access platforms such as HID’s standards- based, technology-independent Secure Identity Object (SIO) data structure.


The convergence of physical and logical access. Physical and logical access convergence improves security by enabling a single smart card to support multiple authentication methods while helping organizations meet regulatory requirements, enforce consistent policies, and drive consolidated audit logs throughout the enterprise, and cut cost by consolidating tasks.


The need for sustainable solutions.


Organizations are facing mounting pressure to reduce costs while improving environmental accountability. The latest access control systems, and managed print services programs help fulfill these objectives. The choice of card and reader materials plays a big role, and many readers and secure print solutions are designed from the ground up for improved energy efficiency. Security professionals can also deploy greener projects by specifying access control solutions that support multiple technologies to avoid wholesale "rip and replacement" when it is time to upgrade.


The evolution of smarter smart cards.


The rapid growth in smart card technology adoption will continue through 2012, as the convenience and cost of single-card solutions continue to drive demand. As they are used for more applications, today's smart cards carry more information that must be protected and they must be able to validate and secure identities. This has created an increasing demand for multiple layers of card security, including two-factor authentication and biometric templates, in addition to a number of new forms of higher card security.


35_issue 28


technology - Explained A short-range wireless communication technology standard, NFC enables the exchange of data between devices over short distances such as a few centimetres. NFC is one of several new platforms that can be used to hold virtualized credentials that previously were stored on contactless smart cards and used to open doors. The same contactless credentials that are programmed to provide various levels of facility access can now be loaded onto a mobile handset and used with NFC for secure access. Users benefit immensely as it eliminates the need to carry any other access credentials, while making it easier for security managers to track who is entering and exiting monitored access points.


Benefits of Near Field Communication


NFC enables physical access, cashless payment and other exciting capabilities, but the only way to make them secure is by establishing an identity methodology. This methodology must be based on a comprehensive chain of custody in which all system end points can be validated. Only in this way can identity transactions between the end points be trusted at any time.


Contactless payments and contactless access control go hand-in-hand with NFC


Contactless payments and contactless access control go hand-in-hand with NFC-enabled phones can make several contactless transactions including cashless payment and transit ticketing, data transfers including electronic business cards and access to online digital content. This makes it easy to combine multiple virtual credentials on a single device for things like secure facility access and the ability to make cashless payments at the facility's canteen. Cashless payment is rapidly growing in popularity, and contactless payments are becoming increasingly popular in Canada. According to an August 2010 study by Technology Strategies International, an Oakville, Ontario-based tech market research firm, a significant chunk of transactions in Canadian stores will be carried out using cashless payment systems by 2014. The value of contactless transactions is expected to reach $5.6 billion, and there is also strong interest in mobile payments.


The changing face of "identity" and identity management


We often think about identity in terms of the card that carries it. Clearly, though, "identity" can now take the shape of a mobile phone, a USB stick or some other medium. These and other virtualized credentials expand the concept of identity beyond traditional I.D. cards to include many different credential form factors.


This new way of thinking is driving fundamental changes in how we deliver and manage secure identity. Today's new form factors for credentials improve user convenience and flexibility. But they also raise questions about how to ensure that all identities can be trusted. For instance, if a user's identity resides on a mobile phone, how can one be sure that the device is trusted and secure? Or if a user loses a USB stick that houses his/her identity, how does one disable that device without affecting the user's identity/credential residing on another device?


Near Field Communication


Factors involved in virtualized credentials' authentication and management


Managing virtualized credentials can be a complex process. In one typical example, a server would first send a person's virtualized credential over a wireless carrier's connection to the person's mobile phone. To "present" the person's virtualized credentials at a facility entry point, the phone is held close to an IP-based access controller connected to another server. Throughout the process, there must be a way to ensure that the credential is valid. Both endpoints, plus all of the systems in between, must be able to trust each other. There needs to be a transparently-managed chain of trust going from one end to the other.


The basis for modern transactional systems has been the ability to trust the identification of a person, computer, web site, check, or a credit card. Unfortunately, the effort required to authenticate them has grown exponentially. There is, however, an aspect of secure identity systems that simplifies the problem: like mobile networks, secure identity systems are closed systems. To use them, you generally must complete a background check and sign a legal document to construct the basic blocks describing your identity. It's this strong authentication and binding that endows a secure identity system's basic blocks with inherent trust.


To even have a current and valid set of identity blocks usually means that one has passed this bar and is a member in good standing of the closed system. It also means that the blocks and the systems supporting them can be simpler and constructed so that they use industry standards. This is the approach taken with TIP [Trusted Identity Platform], which enables the validation of all endpoints, or nodes (such as credentials, printers, readers and NFC phones) in the network so that transactions between the nodes can be trusted.


Benefits of the Trusted Identity Platform [TIP]


TIP is a framework for creating, delivering and managing secure identities in a virtualized credential environment. At the heart of the TIP framework is the Secure Vault, which serves known nodes within a published security policy. TIP delivers three critical capabilities: plug- and-play secure channels between hardware and software; best-in-class key management and secure provisioning processes; and seamless integration with information technology infrastructures. Data security, privacy and reliability are ensured in the TIP environment using symmetric-key cryptography, so that all nodes can execute trustworthy transactions. Once a "handshake" is accomplished between the Secure Vault and a node device, then the device is deemed to be "trusted" in the network. Trusted devices no longer must communicate with the Vault and may operate independently. In this way, the transaction between nodes, such as a credential and a reader, is trusted and the resulting transaction, such as opening a door or logging onto a computer, can also be deemed trusted.


NFC-based access systems and other virtualized credentials will enable a new era of more convenient and secure transactions. Delivering on this promise will require a simple but protected, fully scalable and standards-based identity delivery system. These systems will need to support a wide variety of identity nodes - ranging from readers and cards to NFC-equipped mobile phones - that each can be registered as a "trusted node" so that it can be securely provisioned anywhere in the world.


issue 32_35


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44