January 2013

sselvaratnam's picture

Last week, I discussed a handful of trends that I believe are at the core of understanding how access control products and solutions will be used in 2013.

This week I'd like to share some of the additional drivers that I believe will significantly influence how end-users, enterprises and government organizations will implement security identity solutions. These are:

Mobile access control is accelerating identity management’s move to the cloud, supported by new managed services.

Companies have already begun outsourcing their traditional badging projects to cloud-based service providers that have the scale and resources to handle large-volume orders with tight deadlines that would otherwise be difficult for an individual credential issuer or integrator to accommodate on its own. And now, with the advent of mobile access control, the scope of services is growing to include deploying and managing mobile credentials carried on users’ NFC-enabled smartphones.

Organizations will provision mobile access control credentials in one of two ways. The first is via the same type of internet portal used to provision traditional plastic credentials (the mobile device will be connected to the network via a USB or Wi-Fi-enabled link). The second approach is over-the-air via a mobile network operator, similar to how smartphone users download apps and songs. Common access control trusted service managers (TSMs) will interface seamlessly to the mobile network operator (MNO), its TSM, and the NFC mobile phones that receive the encrypted keys and credentials for storage in the phone’s secure element, SIM or microSD New applications will also be pushed to the phone, so that multi-factor authentication becomes a contextual, real-time managed service.

Secure issuance advancements are simplifying how cards are created and distributed, while also making them more secure.

Printing technology will continue to evolve in support of today’s access control trends, simplifying how cards are created and distributed while making them more secure. Advancements in issuance solutions including printers, encoding options, card materials and software are making it easier to meet the highest security requirements by incorporating critical visual and logical technologies for multi-layered validation, and by using multi-layered management procedures that further improve security while enhancing issuance system efficiency.

Additionally, businesses of all sizes will continue to have a growing range of printer/encoder cost and performance options to meet their specific needs. Small businesses will focus on a printer/encoder’s ease of use, since few of these organizations have extensive IT resources. Mid-size organizations will typically need intuitive solutions that are not only easy to use but also scalable, so they can meet evolving requirements. And large organizations will focus on high card throughput to support growing requirements for staff, contractors and visitors, as well as the ability to deploy a wide variety of risk-appropriate solutions.

Trusted NFC tags will change how we secure assets and protect consumers.

As the “Internet of things” becomes more of a reality, a new NFC tracking, auditing and origination services will emerge for conferring trust onto documents, protecting consumers from counterfeit goods, and enabling a multitude of other applications that involve interactions with things. Holders of government certificates, legal agreements, warranties and other important documents have traditionally protected them from fraud by having them physically signed or notarized by a person acting in a trusted role. However, these documents, themselves, have been at risk of forgery and duplication. There also has been no easy way to authenticate the value or ownership of physical items including luxury products, or the warranty status of purchased equipment.

Now, authentication tags can be attached to a document with an electronically signed and cryptographically secure digital certificate of authenticity from the owner or trusted certification entity. Impossible to clone or duplicate, these NFC tags can be embedded in a product or incorporated in tamper-resistant stickers that can be attached to products and equipment. Identity certificates that have been electronically signed and cryptographically secured can be provisioned to the tags using a cloud-based service, and users can verify authenticity with complete confidence at any time in the product or document's lifetime. With NFC-enabled mobile phones, this authentication process can be performed anywhere, at any time, using a smartphone application.

FIPS-201 technology is fueling more robust personal identification security, and moving beyond federal agencies and contractors to commercial applications.

During 2012, it became possible for organizations to achieve FIPS 201 compliance for their PACS by simply augmenting the existing door controller and panel functionality with modules that contain all the Public Key Infrastructure (PKI) validation functions executed at the time of access. It is expected that PKI at the door will become more common as FIPS 201 evolves and there are more and more products available on the market to support it.

sselvaratnam's picture

Looking into 2013, there are a number of trends that I believe will impact the direction of the market and how organizations will create, use manage secure identities. Some of the trends I am seeing unfold this year include:

Users are seeking a more “frictionless” security experience, with solutions that are built on open standards to ensure interoperability, adaptability, and credential portability to mobile devices.

The term “frictionless” is used to describe security solutions that don’t slow users down. Rather than make users carry separate cards, keys and tokens, the coming generation of frictionless solutions will embed these and other credentials inside Near Field Communications (NFC)-enabled smartphones and other mobile devices. To support this trend, credentials will be embedded into NFC-enabled phones, and identity management will move to the cloud in a way that facilitate frictionless user login (often from personal devices using the Bring Your Own Device, or BYOD, deployment model) for both Software as a Service (SaaS) and various internal enterprise applications.

Mobile access control adoption will accelerate and evolve to dramatically change the industry.

During 2012, the industry laid the foundation for mobile access control deployment on NFC-enabled mobile devices. To fuel broad adoption, the landscape must include widely available NFC-enabled handsets with secure elements, supporting all primary operating systems. The landscape also must include readers, locks and other hardware that can read digital keys carried on these handsets, as well as an ecosystem of mobile network operators (MNOs), Trusted Service Managers (TSMs) and other providers who can deliver and manage mobile credentials. The timing and development of this ecosystem will have an impact on how quickly NFC is adopted for any application, from mobile payment to transport ticketing to access control.

Mobile access control solutions will still co-exist with cards.

One of the greatest benefits of mobile access control is that all identity information the user requires for opening office doors and logging onto enterprise computers is safely embedded in a phone, rather than on a plastic card that can be copied or stolen, and without requiring the user to remember passwords (or write them on Post-it notes attached to their computer screen). Despite these and other benefits, it is unlikely that NFC-enabled smartphones will completely replace physical smart cards in the coming years. Instead, mobile access credentials inside NFC-enabled smartphones will co-exist with cards and badges so that organizations can implement a choice of smart cards, mobile devices or both within their physical access control system (PACS). It will be important for users to plan ahead to support both types of credentials in their PACS.

Access control continues to converge – both on cards, and on NFC-enabled mobile devices.

Users increasingly want a single credential for entering the building, logging onto the network, accessing applications and other systems, and gaining remote access to secure networks without needing a one-time password (OTP) token or key fob. It’s more convenient, and greatly improves security by enabling strong authentication throughout the IT infrastructure on key systems and applications, rather than just at the perimeter. It also reduces deployment and operational costs, by enabling organizations to leverage their existing credential investment to seamlessly add logical access control for network log-on and create a fully interoperable, multi-layered security solution across company networks, systems and facilities. Converged solutions also help organizations meet regulatory requirements, enforce consistent policies, and drive consistent audit logs throughout the enterprise while cutting costs by consolidating tasks.

Card technology continues to evolve from magstripe cards to prox cards and on to smart cards.

Card technology continues to evolve from prox cards to magstripe cards and on to smart cards. Today’s gold standard for access control applications is contactless smart cards that are based on open standards, and feature a universal card edge, also known as a card command interface, which improves interoperability with a broad ecosystem of products within a trusted boundary. The latest cards improve security, privacy and portability to mobile credentials, and users are increasingly enhancing their cards and badges with more and more layers of additional visual and digital security. Cards also increasingly incorporate expanded digital storage capacity so they can include biometric and other multi-factor authentication information to enhance identity validation. Printing technology also continues to advance in support of these trends, simplifying how cards are produced and distributed while making them more secure.

Stay tuned for more next week …