2013 Trends: Part 2

sselvaratnam's picture

Last week, I discussed a handful of trends that I believe are at the core of understanding how access control products and solutions will be used in 2013.

This week I'd like to share some of the additional drivers that I believe will significantly influence how end-users, enterprises and government organizations will implement security identity solutions. These are:

Mobile access control is accelerating identity management’s move to the cloud, supported by new managed services.

Companies have already begun outsourcing their traditional badging projects to cloud-based service providers that have the scale and resources to handle large-volume orders with tight deadlines that would otherwise be difficult for an individual credential issuer or integrator to accommodate on its own. And now, with the advent of mobile access control, the scope of services is growing to include deploying and managing mobile credentials carried on users’ NFC-enabled smartphones.

Organizations will provision mobile access control credentials in one of two ways. The first is via the same type of internet portal used to provision traditional plastic credentials (the mobile device will be connected to the network via a USB or Wi-Fi-enabled link). The second approach is over-the-air via a mobile network operator, similar to how smartphone users download apps and songs. Common access control trusted service managers (TSMs) will interface seamlessly to the mobile network operator (MNO), its TSM, and the NFC mobile phones that receive the encrypted keys and credentials for storage in the phone’s secure element, SIM or microSD New applications will also be pushed to the phone, so that multi-factor authentication becomes a contextual, real-time managed service.

Secure issuance advancements are simplifying how cards are created and distributed, while also making them more secure.

Printing technology will continue to evolve in support of today’s access control trends, simplifying how cards are created and distributed while making them more secure. Advancements in issuance solutions including printers, encoding options, card materials and software are making it easier to meet the highest security requirements by incorporating critical visual and logical technologies for multi-layered validation, and by using multi-layered management procedures that further improve security while enhancing issuance system efficiency.

Additionally, businesses of all sizes will continue to have a growing range of printer/encoder cost and performance options to meet their specific needs. Small businesses will focus on a printer/encoder’s ease of use, since few of these organizations have extensive IT resources. Mid-size organizations will typically need intuitive solutions that are not only easy to use but also scalable, so they can meet evolving requirements. And large organizations will focus on high card throughput to support growing requirements for staff, contractors and visitors, as well as the ability to deploy a wide variety of risk-appropriate solutions.

Trusted NFC tags will change how we secure assets and protect consumers.

As the “Internet of things” becomes more of a reality, a new NFC tracking, auditing and origination services will emerge for conferring trust onto documents, protecting consumers from counterfeit goods, and enabling a multitude of other applications that involve interactions with things. Holders of government certificates, legal agreements, warranties and other important documents have traditionally protected them from fraud by having them physically signed or notarized by a person acting in a trusted role. However, these documents, themselves, have been at risk of forgery and duplication. There also has been no easy way to authenticate the value or ownership of physical items including luxury products, or the warranty status of purchased equipment.

Now, authentication tags can be attached to a document with an electronically signed and cryptographically secure digital certificate of authenticity from the owner or trusted certification entity. Impossible to clone or duplicate, these NFC tags can be embedded in a product or incorporated in tamper-resistant stickers that can be attached to products and equipment. Identity certificates that have been electronically signed and cryptographically secured can be provisioned to the tags using a cloud-based service, and users can verify authenticity with complete confidence at any time in the product or document's lifetime. With NFC-enabled mobile phones, this authentication process can be performed anywhere, at any time, using a smartphone application.

FIPS-201 technology is fueling more robust personal identification security, and moving beyond federal agencies and contractors to commercial applications.

During 2012, it became possible for organizations to achieve FIPS 201 compliance for their PACS by simply augmenting the existing door controller and panel functionality with modules that contain all the Public Key Infrastructure (PKI) validation functions executed at the time of access. It is expected that PKI at the door will become more common as FIPS 201 evolves and there are more and more products available on the market to support it.

The PIV card is already having a significant impact not only on Federal agencies, but also on their contractors and even commercial businesses and other state and municipal government organizations, as well. Two additional credentials have also been defined – the PIV-interoperable (PIV-I) card for government contractors, and the Commercial Identity Verification (CIV) card for commercials. The CIV credential is the commercial equivalent of PIV-I and enables non-government organizations to take advantage of the hundreds of millions of dollars that have been invested in the FIPS 201 program.

CIV technology brings a proven strong authentication method while delivering cost savings and the flexibility to choose from a long list of compatible and interoperable products. There also will be significant opportunities to deploy PKI at the door at lower cost with CIV cards. The cards will be particularly attractive for airport security. Airport management will be able to create a single access control system that supports both airport employees using CIV cards and federal TSA employees using PIV cards.

Visitor management technology is increasingly being integrated with access control systems.

Visitor management systems add substantial value in improved security and operational efficiency while enhancing the professionalism of organizations that previously used paper-based solutions. Visitor management will increasingly be integrated with access control systems to provide complete security solutions that protect employees and temporary visitors from intruders and unwanted guests. Integration of visitor management with access control systems enables lobby attendants to easily and safely provide temporary proximity credentials to guests through the visitor management system, rather than the access control system. The information entered into the visitor management system during check-in is seamlessly passed to the access control system to that a proximity card for the visitor can be activated.

When the visitor leaves and is checked out by the visitor lobby system, the card is automatically deactivated, and the expiration date and time are automatically passed to the access system, ensuring that a lost or stolen card can no longer be used. Integrating visitor management with access control also eliminates the problems of having a supply of live cards at the reception desk for those who have forgotten their employee badges. The visitor system also has a record of all visitors who have been provided an access card, so there is a complete audit trail, including information about the dates and times when cards were active.

These trends are just a few that we can expect to see in 2013, not to mention the growing adoption of IP-based access control and many other interesting shifts in the industry that will shape the market in the years to come.