Smartphones replacing door keys, swipe cards as cloud-based credentials catch on

Already gaining currency as conduits for biometric and two-factor authentication, smartphones are now jockeying to replace the humble metal key and magnetic swipe card by providing highly manageable remote access to secure facilities.

A recent deal with mobile network operator Vodafone New Zealand by access control provider HID Global is showing the types of deployments that director of sales Steve Katanas believes will become more prevalent as businesses become aware of the value of their tighter access controls.

Vodafone NZ used HID Global's HID Mobile Access solution to improve service technicians' access to some 1200 remote mobile tower sites that were previously secured with swipe cards that had to be sourced from and returned to regional offices.

After a successful trial, Vodafone will this month begin implementing the HID Mobile Access solution on those same facilities – enabling it to immediately grant momentary access to contractors through their smartphones on an as-needed basis.

Digital keys are made available by administrators through an online portal, and downloaded to the workers' mobile devices using an app through which the credentials can be transmitted to readers on the facilities using Bluetooth Low Energy (BLE) or NFC-enabled phones.

“The ability to send contractors a credential over the air, and then revoke it when they're finished, is quite powerful,” HID Global director of sales Steve Katanas told CSO Australia, who sees over-the-air credential issuing as rapidly joining conventional means of access provision as organisations become more aware of its potential.

Current solutions will continue to support both physical and smartphone-based credentials as organisations transition to embrace the new mode of access control, he added.

“The combination of the ability to read existing credentials, as well as NFC and BLE enabled devices, is a differentiator at this point in time,” Katanas said. “This blends in well with remote worker scenarios and similar organisations that have that kind of requirement.”

Future iterations of the access-control mechanism – which is based on Seos interoperable-authentication technology will offer increasing integration with back-end human resources, directory services and other authentication systems. This will ensure, for example, that access credentials are instantly revoked when a worker's employment is terminated.

The convenience and ubiquity of smartphones have made them a natural target for vendors keen to exploit their ever-improving communications capabilities in access-control settings. Rival solutions from the likes of Ingersoll Rand Security Technologies, ECKey, Tyco Security Products and Allegion are joining HID Global – which is a division of the global ASSA ABLOY, which also owns the ubiquitous Lockwood brand – to push the state of the art in the access control market.

That market, research firm Markets and Markets recently predicted, will grow at a healthy 10.6 percent per year through 2020 to be worth $US10.4 billion ($A13.71 billion) annually.

A recent survey by access-control journal SDM found that the emergence of the new technologies was driving positive sentiment across the industry this year, with decades-old access-control systems finally being put up for replacement with far more capable alternatives. Fully 70 percent of respondents to an SDM survey said the market was good to excellent in 2014, with high expectations for 2015.

Software-based solutions offer strong and flexible security in areas such as encryption, which was named by 75 percent of respondents as being important even though conventional mag-stripe and proximity-card technologies are vulnerable to cloning.

Throw biometric authentication into the mix, and organisations will be able to add yet another layer of authentication to ensure that credentials are only accessed by the right person in the field.

“A lot of customers are blue-sky thinking about where they can take this technology,” Katanas said. “We're in the infancy of where it can go.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Steve KatanasVodafone New Zealandsmartphonessecure facilitiesASSA ABLOYBluetooth Low Energy (BLE)cloud-based credentialsbiometricSeos interoperable

More about CSOEnex TestLabHIDHID GlobalNFCRandTycoVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place