If you think about one item that has revolutionised the way in which we’ve all interacted with the world over the last ten years, it has to be the smart phone. Given that it’s now a decade since the first Apple iPhone was launched, and with the smart phone becoming as essential a piece of personal kit as our keys or wallet, what’s the potential for these gadgets to both involve and fully embrace the security arena? John Davies peers into the crystal ball on behalf of Risk UK’s readers.
The potential for the smart phone to evolve is seemingly limitless. We’re talking about a communications device that offers so much more than just a talking facility. Apple Pay, Android Pay and PayPal have rapidly enabled the smart phone to replace many of the functions of cash and cash cards, but there’s also the possibility of replacing keys and access cards as well. This is something which the security industry needs to embrace and promote more fully to its customer base.
As an industry, we are more than aware of the potential for mobile device authentication. Flexibility is a key benefit – smart phones can easily receive authentication credentials remotely and access can be confirmed or denied instantly. At the same time, smart phones already contain many secure options to ensure they’re only used by the authorised user – fingerprint and face recognition plus pattern authentication and PINs being good examples.
Unfortunately, some security operators, customers and members of the public in general seem to be less aware of these exciting benefits. There may even still be some reluctance in certain quarters when it comes to trusting a mobile device with physical security. While it’s perhaps not that unusual for people to mistrust ‘new’ technology, we security professionals must demonstrate the considerable benefits, security and convenience of using those options now available.
No-one would deny that proving trust with new security systems is essential. A badly protected mobile device could present a huge risk to the security of any network. For their part, smart phones have had two key hurdles to overcome. First, that they’re secure enough to be trusted to work with a security network and, second, that they can reliably identify the phone and the authorised owner within a real-world environment.
It’s common for smart devices to offer two-factor authentication, which binds the mobile device to the right person for security. This makes it fully possible to combine a PIN code with the authorised person’s face or fingerprint. In high security areas, we can also implement wall-mounted biometric readers (such as iris scan, facial recognition or fingerprints) to add a further level of security and ensure there’s no fraudulent use of the mobile device, while also maintaining convenience for end users.
Perfect for interaction
We all know just how many functions a smart phone has and location tracking through GPS is one of the most helpful. This is also perfect for interacting with security systems. If you think about any secure facility, there are often different levels of access – from entry to the canteen right through to secure doors around potentially dangerous areas such as a plant room (or even a nuclear reactor).
Traditional security tokens or cards are rigidly programmed to allow access to certain areas only, but a smart phone could either grant or deny access depending upon the location of the request by the individual.
With mobile devices so intrinsically linked to our lives and lifestyles, they’re generally guarded with the same care and concern as our money. Many people carry their mobile device wherever they go, so it’s fair to say they’re relatively unlikely to be lost or left behind. Less likely than a card on a lanyard, for example.
Think about how often you use or touch your smart phone each day. I’ve read estimates which suggest around 2,600 times. You’re rapidly aware if it has been misplaced and very wary because of the cost and potential personal loss of both your data and ‘freedom’. Undoubtedly, this fact alone renders these devices the perfect item to use for even the most secure of needs.
Cost is an obvious benefit for operators that the security industry really needs to shout about. It’s possible to eliminate the direct cost of plastic badges, access cards, lanyards, printers and consumables often used to provide permanent and temporary security access.
Smart phones are exceptionally common. Figures from 2015 suggest there were nearly 41 million smart phone users in the UK. This number is predicted to reach nearly 54 million by 2022. With a population of over 65 million, that’s an enormous percentage of people with access to this technology. Using a resource that people already have, and which is highly secure, makes unquestionable financial as well as practical sense.
The right technology
Unfortunately, one of the stumbling blocks for the security industry in adapting to a predominantly smart phone authentication approach has been agreeing on common and shared open protocols.
Near Field Communication (NFC) technology in mobile phones and smart devices hasn’t been the universal success it was designed to be. This is an area where mobile technology trends have dictated to the systems that use it.
Apple’s decision to restrict the use of NFC to Apple Pay on its devices has had a profound effect on the implementation of NFC in other applications. Not everyone has an iPhone, but it’s such an important segment of the market that other manufacturers are wary of how customers will be able to use new technology.
It’s not surprising that we’ve instead seen a much bigger focus on using Bluetooth Low Energy technology on mobile devices. With providers such as HID Global as well as Nedap in the Netherlands now concentrating on developing Bluetooth Low Energy readers and mobile credential applications, this seems like a highly credible alternative.
As well as NFC and Bluetooth Low Energy options, there also seems to be a good deal of interest in using QR codes for simple, but nevertheless wholly reliable identity and access control authentication. These codes can easily be displayed on a screen or printed if necessary. That being so, they afford great flexibility over the type of technology that’s going to be used in the future.
I’ve no doubt that, ultimately, smart phone authentication will replace the cards and tokens we’re all so familiar with at present. However, reaction from the market at the moment tells us consumers want options rather than to just be railroaded down one path.
If a business has invested in cards or tokens, then it will want to use that technology investment fully. The changes will come when readers are updated. This is when security specifiers and installers need to promote the advantages of dual technology readers which offer options to include smart phone authentication within the mix.
There’s also still considerable diversity among smart devices, the operating systems they use and the security technology employed by each. Android, Apple iOS, Windows and BlackBerry devices all vary with regards to the biometric authentication available, so security administrators may need to be flexible on the types of authentication they accept.
Card technology has also progressed at an astonishing speed, with MIFARE+ proving to be a highly cost-effective, practical and secure system that can easily be integrated. There are strong arguments for many businesses to continue using these systems if they’re well-suited to specific operations.
As is often the case for integrated security systems, a hybrid approach may be the best answer for many security operators. This means those who choose to enjoy the benefits in terms of flexibility and convenience of smart phone authentication can do so, while those who are perhaps more hesitant can continue to employ more traditional methods.
Large and well-established companies may find that the swap-over is a slower and more gradual process, while smaller start-up businesses may prefer to jump straight to a smart phone-based approach right away. If security systems are well integrated, but modular in their approach, then it becomes much simpler to evolve as time goes on.
With their App-based systems architecture, smart phones are ideally placed to evolve with security systems in the future. We do need to bear in mind that this move will involve a culture change for many security customers. We need to be cognisant of any anxiety, but must also seek to be positive and promote the considerable benefits on offer.