The Next Generation of Access Control: Virtual Credentials
For decades, we have carried our identities around on magnetic stripe (magstripe) and smart cards, but in today’s mobile world, we now have the opportunity to embed them on a variety of portable devices. This will enable us to use products like smart phones, USB tokens, memory sticks and microprocessor-based SmartMX cards to open doors, buy tickets and execute other secure transactions. In order for this to work, however, we need a new way to securely provision identity and embed it into these portable devices.
There has been considerable news recently about mobile commerce developments, including reports that Microsoft is adding Near Field Communications (NFC) short-range wireless communication technology to its Windows Phone mobile operating system, and that Google, RIM and Apple are all preparing mobile payment and wallet systems. Similarly, the ISIS coalition (AT&T Mobility, T-Mobile USA and Verizon Wireless) has announced plans for the first pilot mobile commerce network using smart phone and NFC technology. Juniper Research has estimated that half a billion people worldwide will use their mobile devices as travel tickets on metros, subways and buses by 2015.
These and other initiatives will enable us to load our mobile devices with credentials that provide various levels of facility access, eliminating the need to carry a card, while making it easier for security managers to control who is entering and exiting monitored access points. It will also be possible to use these portable credentials to make other contactless transactions as well, such as cashless payment and transit ticketing, data transfers including electronic business cards, and gaining access to online digital content. Users will also be able to have multiple virtual credentials on a single device. For example, it will be possible to use a portable device to access a secure facility and also make cashless payments at the facility’s canteen.
NFC Pilot Takes Flight
One early example of these applications is the first hotel pilot of NFC technology at Clarion Hotel Stockholm in Sweden. The hotel worked with HID Global parent ASSA ABLOY, Choice Hotels Scandinavia, TeliaSonera, VingCard Elsafe and Venyon, a fully owned subsidiary of Giesecke & Devrient, to replace the hotel’s room keys with NFC-enabled mobile phones. The technology makes it possible for hotel guests to check-in and out using their mobile phones. The goal of the pilot is to get feedback from guests and employees using the NFC phones for a variety of services.
In the Clarion Hotel application, guests check into the hotel and receive a room key directly onto their mobile phones before arriving at the hotel. They book their rooms the usual way, receive confirmation on their phones, and can also check-in on their phones before arrival at the hotel. When check-in is complete, the digital hotel room keys are delivered to the mobile phone. On arrival at the hotel, guests may then skip the check-in line, go directly to their room, and gain entry by holding the mobile phone close to the door lock.
Guests can also access other services via the mobile phone and, on leaving the room, check out using their mobile phone. The doors lock automatically.
NFC is one technology for presenting portable identities in these and other access control and mobile commerce applications, but there are many more. All of these technologies share the common need to operate within a new, more robust access control infrastructure.
Moving Beyond the Traditional Smart Card Model
Over the last 20 years, 125 kHz RFID proximity (or Prox) cards and readers have become a de facto standard for physical access control. They offer customers the optimum in cost and convenience, but are less secure than the contactless technology that subsequently emerged in the early 2000s.
The latest 13.56 MHz read/write contactless solutions enhance security through data encryption and mutual authentication, and also support multiple applications such as biometric authentication, cashless vending and PC log-on security. Contactless solutions have provided reliable service for nearly a decade while becoming the standard for efficient, secure and effective access control.
Now, the industry is developing a new access control architecture for a new era of advanced applications, mobility and heightened security threats. This architecture will enable a new class of portable identity credentials that can be securely provisioned and safely embedded into both fixed and mobile devices. This will improve security while enabling the migration of physical access control technology beyond cards and readers into a new world of configurable credentials and virtualized contactless solutions.
Managing the coming generation of portable, virtualized credentials involves a number of complex steps. In one typical example, a server would first send a person’s virtualized credential over a wireless carrier’s connection to the person’s mobile phone. To “present” the person’s virtualized credentials at a facility entry point, the phone is held close to an NFC-enabled secure access control reader.
Throughout the process, there must be a way to ensure that the credential is valid. Both endpoints, plus all of the systems in between, must be able to trust each other. In other words, there needs to be a transparently managed chain of trust extending from one end to the other. This chain of trust requires the creation of a trusted boundary within which all cryptographic keys governing system security can be delivered with end-to-end privacy and integrity. This is the only way to ensure that all network endpoints, or nodes (such as credentials, printers, readers and NFC phones) can be validated, and all subsequent transactions between the nodes can be trusted.
One of the first such bounded environments is HID Global’s Trusted Identity Platform (TIP). At the heart of the TIP framework is the Secure Vault, which serves known nodes within a published security policy. TIP establishes a scalable framework and delivery infrastructure for delivering three core capabilities: plug-and-play secure channels between hardware and software; key management and secure provisioning processes; and integration with information technology infrastructures. The environment can also support multiple usage models such as cloud-based applications that require service delivery across the Internet without compromising security.
With the establishment of a trusted boundary, it now becomes possible to deploy a new generation of readers and credentials that enable the use of portable virtual credentials on mobile devices, while also providing advanced security and performance functionality. This next-generation platform must go beyond the traditional smart card model to introduce a new, portable credential methodology based on a secure, standards-based, technology-independent and flexible identity data structure. HID Global calls this data structure the Secure Identity Object (SIO), which can exist on any number of identity devices and works with a companion SIO interpreter on the reader side.
Device-independent data objects and their companion interpreters behave like traditional cards and readers, but use a significantly more secure, flexible and extensible data structure. They offer three key benefits: First, because they are portable, they can reside on traditional contactless credentials and many different mobile formats, ensuring interoperability and easy migration. Second, their device independence enhances trusted security by enabling them to act as a data wrapper to provide additional key diversification, authentication and encryption while guarding against security penetration. And third, since they use open standards, these device-independent identity objects improve flexibility and can grow in security capabilities while traditional architectures remain stuck in a fixed definition.
Interoperability and Migration
Next-generation readers using standards-based, device-independent data structures will enable access control solutions that can operate on multiple device types with varying security capabilities. It will be possible for an identity object stored on one device to be ported to — and interoperate with — another device, with ease and without strict constraints.
Research reported in an AVISIAN 2010 survey shows that 90 percent of end-users believe that adding new applications with minimal investment is important; and 53 percent of respondents stated that they are not satisfied with the solutions to accomplish this in today’s market.
Trust-Based Security
Next-generation access control readers and credentials will also be able to provide an additional layer of security on top of device-specific security. Secure objects will act as a data wrapper and provide additional key diversification, authentication and encryption, while guarding against security penetration.
The objects will be bound to specific devices by using device-unique properties, which will prevent card cloning. 93 percent of end-users in the AVISIAN survey said a key requirement was having multiple layers of security on cards or credentials — especially when other applications and private data were present. 37 percent of industry providers said they were not satisfied with available solutions.
Additionally, next-generation readers will incorporate EAL5+ Secure Element (SE) hardware to ensure tamper-proof protection of keys and cryptographic operations. They also will include such features as velocity checking to provides breach resistance against electronic attacks, and active tamper technology to protect against physical tampering of the reader.
Standards-Based Flexibility
The coming generation of reader platforms using device-independent data structures will also use open standards such as Abstract Syntax Notification One (ASN.1, a joint ISO/IEC and ITU-T standard), a data definition that allows for an infinitely extensible object definition. This definition can support any piece of data, including data for access control, biometrics, vending, time-and-attendance and many other applications. This will enable card and reader systems to optimize deployment flexibility and grow in security capabilities, unlike solutions with fixed-field data structures that remain stuck in a fixed definition.
Another benefit of device-independent extensibility is the flexibility it brings the developer community. The interpreter portion of the system takes care of mapping data to supported devices, which means the developer need only focus on generating and transacting (reading/writing) the secure objects. The days of the vending-machine developer having to learn about intricate credential-technology sector terminology and key rules is over.
Additional Considerations
In addition to enabling credential portability, the coming generation of reader and card platforms will forge new territory in the area of sustainability. Intelligent power management will reduce reader power consumption by as much as 75 percent compared to standard operating mode, and manufacturers will move to the use of recycled content.
Next-generation reader platforms will also improve usability and performance by including features such as multi-mode frequency prioritization, which will increase transaction performance while improving card management. These reader platforms also will include a variety of improved user notification features.
Device-independent data structures deployed on next-generation readers within a trusted boundary will enable the migration of physical access control technology beyond traditional cards into a new world of configurable credentials and virtualized contactless solutions that can be securely provisioned, no matter where they are or how they are connected. This model will also enable users to add levels of security, customize security protection, and extend system capabilities without having to overhaul the device infrastructure and applications.
Finally, this new approach will significantly improve overall system security while creating a more easily extensible access control system infrastructure that can also support a new era of more convenient, virtual credentials that can be embedded into phones and other portable devices.
Brad Jarvis is Vice President of Strategic Product Initiatives for HID Global Corp.