Beyond smart cards: secure identities moving onto a growing ecosystem
In the near future, users will be able to carry multiple secure identities on a single card or phone, replacing all of the mechanical keys and dedicated one-time password (OTP) hardware that they previously used for physical and logical access control.
This card or device will provide a seamless user experience as part of a growing access control ecosystem, and enable facilities to flexibly scale and adapt their infrastructure while deriving growing value from their investment over time.
Most of what is needed to realise this vision already exists. Any smart device – whether a traditional card or a wireless device with Bluetooth or NFC (near field communication) technology – can now become a trusted credential for authenticating individuals.
Meanwhile, advances in converged back-of-house technologies are enabling strong authentication and card management capabilities for computer and network logon, which means physical and logical identities can be managed on a combination of plastic cards, smartphones and other smart devices.
The goal isn’t merely to replace one credential form factor with another across isolated use cases, but rather to leverage mobile technologies within unified solutions that ensure secure access to the door, to data and to cloud applications.
Today’s access control platforms offer two important things: more sophisticated credentials, and new credential form factors including mobile devices. These platforms also support open standards, which means organisations can evolve beyond current capabilities, add new features, and more effectively adapt to changing security threats.
With the proper foundation in place and effective planning, facilities can solve today’s challenges while preparing for new capabilities, such as mobile access control. They also can add new applications when needed, and pave the way for integrated, multilayered physical access control (PACS) and IT security solutions that encompass all of the organisation’s networks, systems and facilities.
The potential for accelerated adoption of mobile access solutions will be one of the most important developments in the coming years. Smartphones will become an integral part of the ecosystem for the creation, management and use of secure identities.
“The goal isn’t merely to replace one credential form factor with another across isolated use cases, but rather to leverage mobile technologies within unified solutions that ensure secure access to the door, to data and to cloud applications.
In some cases phones will replace cards, but in many others they will supplement cards to deliver a more secure and user-friendly experience. Smartphones will be able to receive digital credentials and ‘present’ them to readers, and will also be capable of generating one-time passwords for accessing network or cloud- and web-based applications.
As a result, the same card or phone used for building access will also be used in conjunction with a personal tablet or laptop to authenticate to a VPN, wireless network, corporate intranet, cloud- and web-based applications, single-sign-on (SSO) clients and other IT resources.
As mobile access adoption spreads, strong authentication will also continue to grow more important in the face of a rapidly changing IT security threat environment. Strong authentication will also move to the door, and there will be increasing use of other authentication factors including biometrics. In the federal space, widely adopted public key infrastructure (PKI) strong authentication methods will arrive at the door using both cards and mobile phones.
Smartphones using Bluetooth Smart for their short-range connectivity technology will offer an additional benefit for access control – the ability for users to open doors from a distance with a simple movement of the device as they approach a mobile-enabled reader. This new gesture-based technology capability offers a new user experience, creates new ways to open doors and parking gates, and will enable many additional future applications.
Meanwhile, the technology behind traditional cards isn’t standing still. Facilities will also be gaining new and more efficient card personalisation capabilities. For instance, today’s credentials can include numerous elements for enabling more trustworthy visual authentication, while helping to deter tampering and forgery.
These visual elements include higher-resolution images and holographic card over-laminates, as well as permanent laser-engraved personalisation attributes that are difficult, if not impossible, to forge or alter. Many new personalisation opportunities are also on the horizon, and ease of personalisation will continue to improve.
The recent arrival of internal smart card encoders in today’s printers has reduced card personalisation to a single step while enabling users to support multiple types of electronic personalisation across many card types. This has dramatically simplified migration to new technology and encoding options as security requirements increase.
The arrival of new secure identity technologies will enable organisations to use smart cards and other smart devices in a growing ecosystem of interoperable products and applications. In the future, facilities will use these cards and phones as a replacement for all previous mechanical keys, physical access cards and dedicated OTP logical access authentication hardware.
Today’s extremely flexible, centralised access and identity management systems bring important capabilities for adapting to evolving threats and requirements, improving the user experience, and delivering steadily growing value over time.
Steve Katanas is sales director for HID Global, Physical Access Controls System, South Asia Pacific.