Wave goodbye to keys and cards and everything
Alan Davies fancies a future where all things security are controlled by mobile phone
Just as the computer mouse was a disruptive innovation, gesture-based technology will change how users interact with access control systems. This technology can already be seen in computer games, and further developments are underway in the interactive TV market.
Alongside the continued demand for more innovative security offerings, there is a wealth of opportunity.
Gesture control will be supported by a variety of RFID-enabled devices. This will improve the user experience and also security, by providing new authentication factors that go beyond something the user has (a card, perhaps) to include gesture-based passwords or PINs.
Gesture-based access control can also work with NFC-enabled smartphones using an accelerometer. A user could present the phone to a reader, rotate it 90 degrees to the right, and then return it to the original position, allowing a credential inside the phone to be read, and for access to be granted – or denied.
This would be fast and secure. There would be little chance of the user's credential being stolen in a "bump and clone" attack.
Gestures could be used to unlock apps or doors, and as secret signals to system and security personnel if required.
In the first phase of deployment, smartphones can receive digital keys that the users can present to door readers instead of ID cards or badges. They can do most tasks performed today by card readers and servers or panels in traditional access control systems – such as verifying identity with rules such as whether the access request is within a permitted time or whether the person is actually standing at the door.
Information could be checked against data stored via the cloud, and the phone could message over a cryptographically secure communication channel to open the door.
Organisations will no longer need card readers wired up to backend servers – just standalone electronic locks that can recognise a mobile device's encrypted command and operate according to a set of access rules.
This will cut access control deployment costs, enabling organisations to begin securing interior doors, filing cabinets, storage units and other areas where it has been prohibitively expensive to install a traditional wired infrastructure.
In addition to opening doors and logging on to a computer, phones will be able to support other secure identity applications, including authenticating documents and other valuable physical assets.
Cloud-based services will be used to provide security to readily available NFC tags, which will be attached to physical objects and documents with an electronically signed and cryptographically secure digital certificate of authenticity.
This would be impossible to clone or duplicate. These tags will be used to authenticate birth certificates, college diplomas and deeds of trust, as well as certificates of authenticity for expensive or unique items, and usage compliance documentation.
It will be possible to perform the authentication process anywhere, at any time in the product's or document's lifetime, using a smartphone application that can also invoke other factors of authentication.
Cloud-based services will not only enable the connection of an identity to an NFC tag, but also the revocation of that at any time.
Access control technologies continue to advance security and convenience while bringing new capabilities such as gesture recognition that will be used for multi-factor authentication.
Using NFC-enabled smartphones, users will be able to carry all of their ID credentials on an item they rarely lose or forget.
This next-generation access control will drive new opportunities to more economical offerings that protect even more doors, drawers and other assets, while also enabling new services like authenticating documents, anywhere, any time by mobile phone.
Alan Davies is EMEA vice president of identity assurance sales at HID Global