Bring Your Own Credential: A Place For Mobility in Biometric Physical Access

“When it comes to addressing barriers of biometric access control adoption one flick of the magic wand of mobility can really get things moving in an innovative, maybe even disruptive manner.”

Within the past year mobility has become a major topic in strong authentication. Smartphones with fingerprint sensors and biometric software development kits have come forward and promised to bring an end to passwords and PINs for end users everywhere. It has become such a large and independent movement that we launched Mobile ID Word in September 2013 to exclusively give it the attention it demands.

Primarily this technology is focused on online security, since from a consumer facing perspective, this is the area where people need the most relief from fatigue related to best password practices. Financial applications – particularly mCommerce – generally receive the most attention because of the high personal stakes at risk in the world of online banking and shopping.

When it comes to addressing barriers of biometric access control adoption one flick of the magic wand of mobility can really get things moving in an innovative, maybe even disruptive manner.

The Bring Your Own Device (BYOD) movement is becoming a simple fact of life in modern business, the inevitable proliferation of smartphones having become unstoppable, forcing organizations to enact policies and adopt mobile device management platforms in order to keep critical information confidential. It is in this concept that the mobile solution to physical access control lies.

Smartphone-as-credential technology is the bridge over the gap between BYOD and physical security. By leveraging the fact that employees already have an efficient and mobile authentication device in their pocket, businesses paired with the right ID technology vendors can turn every smartphone into a biometric credential that can activate an access terminal.

Ideally this yet to be deployed option would be device agnostic, allowing staff requiring access to confidential areas to authenticate on whatever smartphone model they happen to own and use for work and interfacing with a terminal using NFC.

It may sound speculative at this point, but the technology is being developed. Last year Ingersoll Rand announced that it plans to launch this exact type of security solution as part of its aptiQmobile platform, which has had support thrown behind it by Iris ID (formerly LG Iris). EnterTech Systems has also show support for this new idea in BYOD physical access, recently announcing that the newest version of its BioConnect application now supports smartphone credentials.

So what is standing in the way of this technology, preventing it from taking over the physical access control arena? It boils down to two obstacles.

First and most importantly, a robust smartphone-as-credential system simply cannot exists without a complete BYOD policy, something that some businesses are still reluctant to tackle. There are a lot of decisions that need to be made before something like this can be implemented.

What devices will be supported, what biometrics are to be used, will this be a stand alone security system or will smartphone credentials be part of a multifactor system? These are all questions that need to be addressed before taking the first steps of a BYOD physical access control solution.

Secondly, the most visible commercial technology has also suffered from highly publicized spoofing attempts. Both the iPhone 5S and the Galaxy S5 have fallen victim to wood glue spoofs, which, though complicated to perform, present a vulnerability that terminal based access control deployments simply don’t have to worry about addressing.

This having been said, smartphone-as-credential technology is being strongly considered by companies specializing in breaking down biometric adoption barriers, and the sheer convenience of the idea could add up to a viable solution to the forward thinking company looking for a cost effective and efficient security upgrade.

Have something to add on the topic of smartphone-as-credential technology? Get in touch with findBIOMETRICS on Twitter to keep this conversation going. Don’t forget to stay posted to findBIOMETRICS through the duration of April as we start to wrap up Physical Access Control Month with a look at biometrics in the media and continue to roll out our ISC West 2014 videos.

April 23, 2014 – by Peter B. Counter