It’s been almost exactly a decade since HID Global launched the world's first university pilot of smartphones carrying secure mobile IDs. A lot has changed in the following 10 years. Today’s technology has matured, advanced, and proliferated across a variety of high-value use cases.
To catch up on the latest developments in mobile access, we contacted Luc Merredew, Product Marketing Director, Physical Access Control, at HID Global.
Q: What has changed since the first pilot implementation of smartphones used for secure mobile identification?
Merredew: One of the biggest milestones several years ago was when mobile access solutions achieved certification to the ISO 27001:2013 Information Security Management System (ISMS) standard. With increasing awareness of cloud-based security threats and resulting high expectations from a solution, today’s system owners, operators, and users insist on companies being able to demonstrate that they have had their services vetted by independent laboratories and/or agencies. When adopting mobile access solutions that maximise convenience and efficiency, and deliver dramatically improved user experiences, it is neither necessary nor acceptable to compromise security in either the physical or digital domains.
Q: Do universities continue to be the biggest users?
Mobile IDs on devices eliminate person-to-person credentials when accessing secured areas
Merredew: The use cases have grown dramatically, spread evenly across all types of organisations in locations ranging from high-rise buildings to multi-campus global enterprises. But yes, universities continue to be big adopters, and they were among those most eager to leverage the technology so they could bring people back to campus in person during the pandemic. In this environment, mobile IDs on smartphones and other devices eliminate person-to-person credential (e.g., badge or ID card) issuance or revocation, as well as the need to physically touch cards, readers, or keypads when accessing secured areas.
Q: How were mobile IDs employed by your customers as they brought people back to physical locations after the pandemic shutdown?
Merredew: One example is Vanderbilt University, where the challenges of COVID-19 brought renewed attention to the importance of a modern system for identity management and access control that was compatible with Near Field Communication (NFC) and Bluetooth technologies. Members of the campus community could more conveniently access buildings and services with their mobile devices, and the university could efficiently provision and de-provision credentials remotely without person-to-person contact. More recently, Vanderbilt leveraged HID Mobile Access® to deploy campus IDs on iPhone and Apple Watch through Apple Wallet.
Q: Is there another example outside the university vertical?
Merredew: Another example is the iconic tower Arcos Bosques Torre 1 in Mexico City, where the owners and tenants enjoy the simplicity of using their trusted mobile devices to seamlessly access their spaces. As with the Vanderbilt deployment, the drive for operational efficiency and convenience in the tower was combined with a desire to minimise the need for users to come in physical contact with the system. Having a solution like HID Mobile Access that delivers touchless entry and increased safety and security is important.
Q: What have been the biggest mobile access advancements?
The mobile credential provides contactless, seamless access to a wide range of devices and services
Merredew: One of the most important advancements was simplifying upgrade paths to mobile access. In the Vanderbilt example, our HID Reader Manager was used to upgrade the firmware on the university’s physical access control readers and extend support for NFC-based credentials in Apple Wallet. The university uses the HID Origo™ Mobile Identities API integrated with CS Gold®, a higher education transaction system from CBORD, for credential lifecycle management. Another significant enhancement has been the expanded range of uses cases for the mobile credential, going beyond simply opening doors to include providing contactless, seamless access to a wide range of devices and services such as time-and-attendance terminals, cashless vending machines, printers, computers, workstations, and many other applications.
Q: Wearables are also having an impact.
Merredew: Contactless mobile experiences are also delivered through wearable wristbands. One example is the Nymi band which, once authenticated, continuously authenticates the identity of the user until it’s removed from the wrist. This delivers zero-trust security principles and access control using convenient fingerprint and heartbeat biometrics to users seeking touchless authentication.
Q: What is the impact of the cloud?
Merredew: The move to a cloud-based system to issue and manage mobile identity credentials has unified, automated, and simplified identity issuance at a single facility or across any number of distributed office or remote work locations.
Q: What should end users look for in a mobile access solution?
Look for solutions that use a secure element in the reader as well as cloud certificates, to ensure security and data privacy
Merredew: Solutions should support the largest possible number of popular mobile devices – in HID’s case, this includes more than 250. Look for solutions that use a secure element in the reader, and a secure key management process, as well as cloud certificates, to ensure both security and data privacy. Make sure the solution supports Bluetooth Low Energy (BLE), Near Field Communication (NFC), and both iOS and Android operating systems. Solutions that provide Application Programming Interface (API) and Software Development Kit (SDK) support offer direct access to the solution’s access control hardware, speeding deployment while enabling integration partners to continue innovating products that deliver even better user experiences.
Q: Wonder what this market will look like in 10 more years. What’s next for mobile access?
Merredew: Future innovations are on the horizon with technologies such as Ultra-Wideband (UWB) wireless connectivity, which HID expects will become ubiquitous on mobile devices. It provides unprecedented accuracy and security when measuring the distance or determining the relative position of a target. It is not HID’s expectation that UWB will replace Near Field Communication (NFC) or Bluetooth, but rather supplement Bluetooth and other technologies to provide the assurance, reliability, and granularity of device position that enables truly seamless experiences.