Signature verification

Thales, the pioneering global technology and security provider, announced Passwordless 360°, a new concept for passwordless authentication that offers Thales customers the broadest coverage of passwordless functions across multiple types of users and assurance levels. Passwordless 360° has the flexibility to let companies use the latest technologies like FIDO passkeys, while also making the most of previous investments they might have made in passwordless technologies. End users are increasingly frustrated with the number of passwords they’re asked to use, as well as the rules in place around their complexity. With the average person having as many as 100 to manage, users seek workarounds to get by – choosing passwords that are easier to remember or reusing the same password across multiple services. Individual risk management requirements Passwordless 360° equips a full set of tools that let organisations use passwordless authentication Passwordless 360° provides a complete set of tools that let organisations use passwordless authentication across a wide range of applications-from secure access to personal and work devices, to legacy and modern web resources. This helps keep the costs of making the move to passwordless down by being able to use one system – as well as increasing the likelihood that employees, customers and suppliers will use it. By removing the need to use traditional passwords it also eliminates the associated security risks through theft and phishing. Passwordless 360° can also meet the individual risk management requirements an organisation might have, adhering to NIST requirements no matter where the passkeys are stored. Passwordless 360° concept Sitting alongside the existing Thales OneWelcome Identity Platform that serves as the foundation for passwordless policies, the Passwordless 360° concept includes: Support for passkeys in the OneWelcome Identity Platform Passwordless Windows Logon, a true passwordless user experience that replaces passwords with ways for users to identify themselves, offering convenience and security benefits. SafeNet FIDO Key Manager, a way of helping users manage the several FIDO keys they might be using themselves, reducing administration costs for organisations. FIDO Authenticator Lifecycle Management, developed in partnership with identity management software company Versasec. This tool lets organisations manage FIDO tokens and lets larger enterprises make the move to the modern FIDO standard at the scale needed. Range of authentication methods The announcement comes as Thales has been named an Overall, Product, Innovation and Market Pioneer in KuppingerCole’s latest Leadership Compass on Passwordless Authentication for Consumers, with the platform praised for offering a versatile set of identity applications encompassing a wide range of authentication methods to meet organisations’ needs. Alejandro Leal, Research Analyst at KuppingerCole commented: “Overall, Thales offers a comprehensive solution that enables organisations to improve their identity management practices, adapt to evolving technologies, and effectively secure their systems and data. Organisations in highly regulated industries and security-conscious organisations in both the public and private sectors that require strong authentication options should consider the OneWelcome Identity Platform.”

HID, a worldwide pioneer in trusted identity solutions, announces its 2024 State of the Security Industry Report, which gathered responses from 2,600 partners, end users, and security and IT personnel worldwide, across a range of job titles and organisation sizes representing over 11 industries. The 2024 State of Security Report delves into the underlying concerns driving upcoming innovations and the technologies underpinning them, helping security pioneers proactively adapt to evolving challenges. Survey findings Conducted in the fall of 2023, 2024’s survey reveals six themes, as follows: Mobile identity is expected to be ubiquitous in the next five years Given the widespread use of mobile devices, momentum continues to build around their use in support of identity. Within the next five years, surveyed end users state that nearly 80% of organisations will deploy mobile IDs. Industry partners are even more optimistic in their outlook, stating that 94% of their customers will have deployed mobile IDs. MFA is widespread, despite the slow but growing implementation of Zero Trust  Zero Trust is an approach to security that calls to maintain strict access controls and never trust More than 83% of end-user respondents said their organisation currently uses Multi-Factor Authentication (MFA), mainly due to the vulnerabilities of passwords. For many, this represents the first step on the longer journey toward Zero Trust, an approach to security that calls for organisations to maintain strict access controls and to never trust, or always verify anyone – internal or external – by default.  Zero Trust has been implemented in 16% of organisations with over 100,000 employees and 14% in those with up to 10,000 employees, according to the survey. FIDO With MFA being widespread, the eventual end of passwords is imminent. The creation of new standards such as FIDO (Fast Identity Online), which uses “standard public key cryptography techniques to provide phishing-resistant authentication,” will pave the path to new and more secure authentication options that will be part of a more robust Zero Trust architecture. Sustainability becomes a growing driver in business decisions A shift to cloud-based solutions and increased use of mobile devices are two clear strategies Among HID’s survey respondents, sustainability continues to rank high as a business priority, with both end users and partners rating its importance at a “4” on a 1-to-5 scale. Additionally, 74% of end users indicate the importance of sustainability has grown over the past year, and 80% of partners reported the trend growing in importance among their customers. As such, there will likely be a continued emphasis on solutions that minimise energy use, reduce waste, and optimise resource usage. A shift to cloud-based solutions and increased use of mobile devices are two clear strategies to reach these sustainability goals. Biometrics continues its impressive momentum In this year’s survey, 39% of installers and integrators said their customers are using fingerprint or palm print, and 30% said they’re using facial recognition. The momentum continues to build as 8% plan to test or implement some form of biometrics in the next year and 12% plan to do so in the next three to five years. Identity management points up to the cloud Nearly half of end users are moving to cloud-based identity management, with 24% already using it Nearly half of end users are moving to cloud-based identity management, with 24% already using it and another 24% in the process of implementing such systems. Industry partners say their customers face several hurdles here, including existing reliance on legacy/on-prem equipment (28%), lack of budget (24%), and cloud-based identities simply not being a business priority (21%). The rise of artificial intelligence for analytics use cases Conversations about AI have come to dominate the business landscape, and many security professionals see AI’s analytic capabilities as the low-hanging fruit to enhance identity management. Rather than looking to AI to inform the entirety of the security system, it’s possible to leverage data analytics as a way to operationalise AI in support of immediate outcomes. In this scenario, 35% of end users reported they will be testing or implementing some AI capability in the next three to five years, with 15% already using AI-enabled biometrics.

In a groundbreaking collaboration, Partisia Blockchain and the University of Applied Sciences and Arts Western Switzerland (HES-SO Valais-Wallis) are poised to transform the management of digital identities for Swiss citizens. This partnership aims to develop a decentralised electronic identity system in harmony with the Swiss Federal Council’s unwavering commitment to data privacy and security. Redefining digital identity management This collaboration marks a significant leap toward redefining digital identity management in Switzerland. The joint project aims to empower individuals with control over their data, ensuring a future where privacy and security are not compromised. The primary objective of this project is to define the architecture for a self-sovereign identity (SSI)--based electronic identity (e-ID), creating a minimum viable product (MVP) and seamlessly integrating it into a public administration portal. SSI-based e-ID SSI solution empowers citizens by enabling them to wield credentials issued by public administrations The SSI solution empowers citizens by enabling them to wield credentials issued by public administrations in mobile applications, offering the autonomy to select the data they disclose when accessing services. Central to this innovation is blockchain technology, with Partisia Blockchain at the forefront, introducing a fast, sustainable, and privacy-centric blockchain solution. Enhancing security Kurt Nielsen, PhD, President of Partisia Blockchain, says, “We aim to place control firmly in the hands of individuals, allowing them to become the ultimate custodians of their personal information." "This approach not only enhances privacy but also elevates the level of security that individuals can expect from digital identity management.” Decentralised system This decentralised system ensures that the individual is the ultimate owner of their information Partisia Blockchain, known for its proficiency in zero-knowledge and private smart contracts, provides a platform where individuals exercise absolute control over their data.  This decentralised system ensures that the individual is the ultimate owner of their information, setting a new standard in privacy and security. Simple, secure, and open-source approach Jean-Luc Beuchat, Professor at HES-SO Valais-Wallis, says, “We are thrilled to introduce our SSI solution, designed to provide a simple, secure, and open-source approach to digital identity management." "Its versatility makes it ideal for a wide range of applications, from government-issued e-IDs to humanitarian aid initiatives. Our scalable solution can be seamlessly adapted to meet the unique requirements of diverse organisations.” Target vision for an e-ID The paper outlined three technical approaches: a state identity provider, a public-key infrastructure, and SSI In response to the rejection of the Federal Act on Electronic Identification Services (e-ID Act) by Swiss citizens in March 2021, the Swiss Federal Council promptly recommended Parliament approve six motions addressing citizens’ concerns and proposing a new e-ID Act. This led to the drafting of technical solutions by the Federal Office of Justice (FOJ), including the discussion paper on the target vision for an e-ID in August 2021.  The paper outlined three technical approaches: a state identity provider, a public-key infrastructure, and self-sovereign identity (SSI). Opting for the latter approach, the Federal Council is in the final stages of concluding consultations before the year’s end. Benefits of SSI The solution developed by Partisia Blockchain, DuoKey, and HES-SO Valais-Wallis is slated for presentation to the Swiss Federal Department of Justice before Christmas. Emphasising its various benefits, including non-disclosure of personal information, data usability for statistics and planning without revealing personal information, and its compliance with Swiss legislation, this solution aligns seamlessly with the vision outlined by the Swiss Federal Council. Reshaping digital identity The Partisia Blockchain and HES-SO Valais-Wallis’ joint solution is a pivotal moment in reshaping digital identity management in Switzerland, emphasising a commitment to privacy, security, and a decentralised approach. The joint efforts aim to echo the Swiss regulations of data governance, prioritising individual empowerment and stringent privacy measures. Privacy-preserving authentication Supported by proven cryptographic techniques, this system maintains data integrity and privacy The system relies on verifiable credentials (VCs) to ensure secure and privacy-preserving authentication along with SD-JWT selective disclosure. Managed through smart contracts deployed by a universally trusted governance framework, citizens can securely log into various web portals using these credentials. Supported by proven cryptographic techniques, this system maintains data integrity and privacy, ensuring a robust digital identity management solution. Energy efficiency, scalability, and data security Energy efficiency, scalability, and security have been at the core of our solution as well. Partisia Blockchain not only offers a sustainable choice but also ensures the scalability needed to accommodate any number of users while upholding the highest standards of security. The collaboration between Partisia Blockchain, DuoKey, and HES-SO Valais-Wallis marks a pivotal step forward in digital identity management in Switzerland, particularly in the context of the broader European landscape where projects, such as the European Union’s e-ID, are sparking discussions about privacy and data security. Robust privacy and security By focusing on an SSI-based e-ID and utilising zero-knowledge and private smart contracts, this solution aims to empower individuals with unparalleled control over their data.  This approach not only ensures robust privacy and security but also sets a new standard in digital identity management, highlighting user empowerment and a commitment to a decentralised framework.

Identity management is an important element of both data security and physical security in an organisation. But all ID management solutions are not the same—especially when it comes to security. There are no uniform security standards for the industry, and many off-the-shelf systems fall short when it comes to data protection. To protect people, property, and data, make sure you select a system that maximises security at every stage. What is identity management? Identity management—also known as ID Management (IdM) or Identity and Access Management (AIM)—is a framework for managing digital identities and controlling who has access to what. It includes both policies laying out what types of access different people should have and technologies for enabling and enforcing those access controls. An identity management system makes it easy for IT to define access levels for individuals or groups within the organisation. Each user is assigned a unique identity within the system with specific user rights and restrictions These systems enable companies to increase security and productivity while reducing the costs and labour associated with security efforts. At the lowest level, identity management involves defining what a user is allowed to do on a network, with what devices, and under what circumstances. Each user is assigned a unique identity within the system with specific user rights and restrictions. Specific business system For example, what files, business systems, and programs is the user allowed to access? What are they allowed to do within a specific business system? What physical locations and resources are they allowed to access, and at what times? Access rights and restrictions may be role-based or individualised. An IdM system may provide the backend for a Single Sign-on (SSO) system that controls access to everything on the network with one user identification key. Many security products focus on mobile device management (MDM) systems that control access of devices to the corporate network. As more workers shift to remote and hybrid models, managing what devices are authorised to connect to the network, how users are authenticated when they log on to the device, the activities that can be performed by these devices while on the network, and the data and applications they have access to while offline is essential. Meeting the security challenge Ultimately, the ID management system is only as secure as the access system it connects to In an IdM solution, the user administration system that provisions the roles and rights within the system is linked to an access system that verifies the identity of the user. Ultimately, the ID management system is only as secure as the access system it connects to. Access systems include input screens for passwords or PINs, biometric input systems (such as fingerprint or facial recognition), or readers that connect to identification media (such as an ID badge or smartphone) via Radio-Frequency Identification (RFID), Bluetooth® Low Energy (BLE), or Near-Field Communication (NFC). Some systems may require multifactor identification. RFID and smartphone-enabled BLE and NFC access systems are highly popular for their combination of security, reliability, user convenience, and ease of administration. While there are many access systems available, there are no uniform standards for security—and many standard systems are not very secure. User administration system When evaluating security for an IdM and access system, there are two important aspects to consider. Data storage: How is data stored in the IdM system and on the local reader or input device? Are user identities, rights, and activity logs stored in an unencrypted table on a single server or device? Is a blockchain system used for data storage? Or something in between? Data transmission: How is data transmitted between the access system and the user administration system? Is data transmitted in encrypted form? Is the Advanced Encryption Standard (AES) used? Security starts with the creation of the user ID and identification medium Security starts with the creation of the user ID and identification medium. To protect business data and systems, organisations should look for an IdM solution that uses industry best practices for encrypted data storage and transmission. If using ID badges—as a majority of organisations still do—they also need to consider how and where those badges are produced. Industry best practices For example, our partner evolutionID offers a secure ID-Management system with extended security functions. In-house badge production enhances security by eliminating the need to send sensitive, personalised data to a third-party badge printer. It also streamlines the badge production process, so employees can get their badges right away without waiting. With the creation of the identification medium, individual security features such as biometric properties, user ID, and permissions can be programmed directly onto the transponder card using an RFID reader or distributed to relevant systems by interfaces. This system maximises security and gives organisations the tools they need to customise their security concept for their needs. On top, cost-saving self-service features such as image acquisition or badge management are available for every employee on any device.

A pioneer in the access control sector since 1971, AMAG Technology is looking to the future and the next generation of products that will expand its services to customers. “In our vision, we have advanced approaches that will not only provide our partners with advanced technologies but also ones that are easier to install with tools to expand their services,” says David Sullivan, who was appointed President of the venerable access control company in September 2022. New challenges at AMAG Sullivan brings a new outlook to the AMAG business, a part of Allied Universal, and a new vision to lead the company into the future. We caught up with David Sullivan to discuss his new challenges at AMAG and the journey ahead as the company looks to the future. Q: How does your background inform your approach to leading AMAG? I believe that it helps me to define a vision for AMAG that will be unique and on the leading edge of our industry David Sullivan: With the exception of only a few short years, my career has been in access control. I have experience with several systems and have had the privilege to manage several successful access control companies. As a result, I bring a great deal of experience into my role at AMAG. I believe that it helps me to define a vision for AMAG that will be unique and on the leading edge of our industry. Q: How would you describe AMAG’s journey over the last several years and how do you see the future? Sullivan: Prior presidents of AMAG always shared their leadership vision and direction with senior leaders located in the United Kingdom. This had an impact on the full direction of the business, sometimes limiting its ultimate success. Before I became a part of AMAG, these senior leaders that were located in the UK retired, placing for the first time the full management responsibilities of the president. This has allowed me to integrate the business into a single team, with single objectives, and a single vision. We expect to begin to reveal this new vision in the coming weeks. We are excited about the future of AMAG and believe we will surprise the industry with our new products and approach in the coming months and years. Q: How important is it that a manufacturer provides both hardware and software solutions? How does AMAG’s approach (in general) differentiate it in the market? We can design the complete solution, providing functionality that others may find more difficult to accomplish Sullivan: Regardless of the manufacturer, we all provide hardware and software. An access control solution is not complete without both. Some of us choose to make our panels, and others do not. Those who are dependent on third-party suppliers are restricted to the developments and direction of that company, and while it might be perceived to be an open technology, it still is proprietary to the hardware manufacturer. AMAG has controlled its manufacturing of panels from day one. The result means that we can design the complete solution, providing functionality that others may find more difficult to accomplish. Q: How does the breadth of AMAG’s product suite provide advantages to customers and/or integrators? Sullivan: AMAG’s product portfolio is unique and provides the end user with an end-to-end identity management solution from one company. Our Control Room PSIM, Symmetry CONNECT Identity Management Solution, Symmetry Access Control, and Symmetry GUEST solutions all integrate to provide the user with a broad set of features and capabilities from a single provider. There is no finger-pointing when we come to support your system. We hold full responsibility for making it work and can quickly provide a resolution to any application difficulties the user may be experiencing. Q: How does AMAG address the divide between on-prem and cloud systems? How do you help customers make the transition and/or plan for the future? We are in the early stages of developing our next generation of access control in which we intend to provide on-prem Sullivan: In our current product portfolio, we have three products that are cloud-based. Our mobile credential platform (Symmetry Mobile), our visitor management solution (Symmetry GUEST), and our physical identity and access management solution (Symmetry CONNECT) are all offerings that operate in the cloud. We are in the early stages of developing our next generation of access control in which we intend to provide on-prem, web client, and cloud-based offerings. One of the primary objectives is to ensure that the large installed base of systems that are out there today will be able to migrate not only to our next generation but as well to the cloud if the client so desires. Q: What is AMAG’s approach to mobile credentialing? Sullivan: As an access control provider, adding Symmetry Mobile credentialing to our portfolio just made sense. We want our customers to have a forward-thinking solution with the opportunity to save money not only on the physical badges but the cost of printing and distributing badges. Mobile credentials can be easily issued and revoked remotely, reducing administrative overhead, and eliminating the need for physical inventory management. Organisations can centrally configure what devices are used and the read range for each type of device and operating system, thus providing flexibility. Symmetry Mobile offers a customised questionnaire that controls access and reduces liabilities. Q: What has surprised you the most in your first year or so leading AMAG? Not many companies are blessed with such a broad portfolio that is supported by a resource-rich company Sullivan: I wouldn’t say I was surprised by this as much as happy to see, but I would say that the quality of our people was a pleasant surprise. As well, the AMAG product offering is broad and has some unique elements. When coupled with the depth of the resources that we have in AMAG, I know that we are second to none. Not many companies are blessed with such a broad portfolio that is supported by a resource-rich company that has so many talented people. Q: Please describe your dealer channel, and how you are seeking to expand it. Sullivan: The AMAG products are sophisticated and typically are installed for higher-end applications. With this sophistication comes a need to be well able to install such a solution. We have a strong group of certified and loyal partners who help us to deliver these enterprise solutions. We desire to provide our existing partners with updated and competitive systems to offer to their end users. Q: What is the security industry’s (and/or AMAG’s) biggest challenge in the next five years? We need to find ways to provide both our channel partners and the customers with solutions that are easily integrated Sullivan: I believe that the advancements that we are seeing in technology provide our industry with the opportunity to truly change how security is provided to our collective customers. As we advance these solutions, we will need to do so responsibly and in a way that helps the channel’s abilities. We need to find ways to train our partners to both install and support these more complex solutions. At the same time, we need to find ways to provide both our channel partners and the customers with solutions that are easily integrated, moving away from proprietary closed systems to open and cohesive solutions. This will ensure that the users get the best, and most complete solutions. Q: What does the industry as a whole misunderstand about AMAG -- time to set the record straight! Sullivan: Well, I am not ready to openly share where we are heading. We are in the process of putting together some advanced approaches to how we will do business with our partners. We are focused on providing tools that will enhance their services to their customers, and with products that are leading edge. I can only state that all should keep their eyes on AMAG, because over the next few years, we are going to surprise some people, and more importantly make our loyal partners quite powerful.

Newer facial recognition systems are scalable and provide more accurate results, and the end-user selects the parameters of system performance to suit their own application needs. “We have developed algorithms that can be optimised in various compute environments, whether in a small chip inside an edge device or on a large server device,” says Ido Amidi, Oosto’s Vice President of Products and Business Development. “It all depends on client needs. We can do it all without giving up performance. There is no significant loss in performance across various platforms.” The system’s “containerised environment” operates efficiently in a customer’s IT architecture. Facial recognition implementation Oosto, formerly AnyVision, was founded in 2016 based on deep learning research into facial recognition. The focus has been on how to use face recognition to identify people in real-world scenarios. Products began coming to market in 2017, targeting verticals that involve a need to identify “bad actors” or very important people (VIPs). The implementation of the technology involves the software operating in an on-premise appliance or server The most common implementation of the technology currently involves the software operating in an on-premise appliance or server, with inputs coming from cameras at the edge and outputs going to a network video recorder or access control system. As concepts of the Internet of Things (IoT) trickle down into the security marketplace, edge-based deployments will become more common, supplying real-time actionable information, and avoiding a flood of unstructured video data. Ethical recognition Oosto helps users deploy, set up, and calibrate the system; then, it is managed by the customer based on their needs. Privacy features are built into the system, part of the company’s commitment to “ethical” facial recognition.  The technology, in general, has changed a lot since early implementations a decade or so ago failed to perform as promised. Expanded capabilities are fueled by developments in deep learning. Privacy features Facial recognition can help end-users identify people of interest but is specifically designed not to violate anyone’s privacy. There are no databases or watch lists involved; the user typically compiles their selection of “bad actors” against which facial recognition algorithms can be compared. While Oosto provides a valuable tool, the end-user customer decides how to deploy that tool in their business, says Amidi. Oosto's “liveness detection” deploys algorithms to analyse images from video and/or 3-D cameras Liveness detection Recently, Oosto has adapted the approach to provide access control; too, including “liveness detection” that deploys algorithms to analyse images from video and/or 3-D cameras to ensure a presented face is not a printed image or mask.  Their latest software release is a single platform aimed at recognising and providing insights into how people behave in physical spaces. New functionality includes the ability to detect unknown individuals entering restricted areas. Neural net algorithm Improved facial recognition functions well even for those wearing masks. A new neural net algorithm improves accuracy when identifying those wearing masks and the system can alert if a person is not wearing a mask (to aid compliance). Expanded video forensics features, designed to expedite investigations, include an ability to do in-depth searches on captured video related to body attributes, colour of clothing, etc. Recognition algorithms How well can Oosto recognise a face among 20 different people on a casino floor? It all depends on variables, such as the number of people, lighting, and angle of view, image quality, and even networking issues. Recognition algorithms are “trained” using data collected from real-world use cases; training takes place in the lab environment. The system can adapt to various lighting conditions, such as in a glass-enclosed lobby in the morning versus in the afternoon. As people enter an area, they may be looking down at their smartphones, for instance, which would mean some of their faces would not be in view. Such variables impact accuracy. Test requirements of a system apply to each specific customer and can be adjusted and tweaked as needed Customisable system Each customer must decide their parameters regarding how to best use the system, with the fewest acceptable number of false alerts, in real-time, and using existing infrastructure. Test requirements of a system apply to each specific customer and the system’s sensitivity and other operational factors can be adjusted and tweaked as needed, including at any time after a system has been installed. Meeting specified application “No customer is alike, so the needs of each customer’s system are unique,” says Amidi. For example, some situations might have a higher tolerance for false alarms, such as when there is an operator available who can make the final decision on whether a face matches. In other situations, such as when there is a missing child, false alerts are a bigger problem, and rapid response is especially of the essence. “What we give customers out of the box applies to any scenario, and customers can tweak the system with the click of a button to meet a specific application,” says Amidi. “We empower our customers to understand the pros and cons so they can react in real-time.” Identity management Oosto can help to enhance the customer experience by identifying important customers Oosto sells through systems integrators and has a partnership program with more than 150 integrators worldwide certified to manage and install systems. Oosto targets Fortune 500-size companies in financial services, gaming, and retail. The system helps to create a safe environment that is devoid of any “bad actors.” Alternatively, Oosto can help to enhance the customer experience by identifying important customers that warrant special treatment. The system also can provide an alert if any unauthorised person enters a restricted zone; that is, anyone who is not an employee, a registered visitor, or a contractor. Understanding technology In many parts of the world, facial recognition is widely accepted and used for applications such as payment and access control. Anxiety about technology, especially in the United States, is based on a lack of understanding. The public needs to “be better educated” on the subject, and Amidi expects the technology to become more socially accepted over time. “It’s a tool, and it needs to be supervised,” says Amidi. “From a technology perspective, we trust the accuracy. It just needs to be better explained.”

It’s been almost exactly a decade since HID Global launched the world's first university pilot of smartphones carrying secure mobile IDs. A lot has changed in the following 10 years. Today’s technology has matured, advanced, and proliferated across a variety of high-value use cases. To catch up on the latest developments in mobile access, we contacted Luc Merredew, Product Marketing Director, Physical Access Control, at HID Global.   Q: What has changed since the first pilot implementation of smartphones used for secure mobile identification? Merredew: One of the biggest milestones several years ago was when mobile access solutions achieved certification to the ISO 27001:2013 Information Security Management System (ISMS) standard. With increasing awareness of cloud-based security threats and resulting high expectations from a solution, today’s system owners, operators, and users insist on companies being able to demonstrate that they have had their services vetted by independent laboratories and/or agencies. When adopting mobile access solutions that maximise convenience and efficiency, and deliver dramatically improved user experiences, it is neither necessary nor acceptable to compromise security in either the physical or digital domains. Q: Do universities continue to be the biggest users? Mobile IDs on devices eliminate person-to-person credentials when accessing secured areas Merredew: The use cases have grown dramatically, spread evenly across all types of organisations in locations ranging from high-rise buildings to multi-campus global enterprises. But yes, universities continue to be big adopters, and they were among those most eager to leverage the technology so they could bring people back to campus in person during the pandemic. In this environment, mobile IDs on smartphones and other devices eliminate person-to-person credential (e.g., badge or ID card) issuance or revocation, as well as the need to physically touch cards, readers, or keypads when accessing secured areas.   Q: How were mobile IDs employed by your customers as they brought people back to physical locations after the pandemic shutdown? Merredew: One example is Vanderbilt University, where the challenges of COVID-19 brought renewed attention to the importance of a modern system for identity management and access control that was compatible with Near Field Communication (NFC) and Bluetooth technologies. Members of the campus community could more conveniently access buildings and services with their mobile devices, and the university could efficiently provision and de-provision credentials remotely without person-to-person contact. More recently, Vanderbilt leveraged HID Mobile Access® to deploy campus IDs on iPhone and Apple Watch through Apple Wallet. Q: Is there another example outside the university vertical? Merredew: Another example is the iconic tower Arcos Bosques Torre 1 in Mexico City, where the owners and tenants enjoy the simplicity of using their trusted mobile devices to seamlessly access their spaces. As with the Vanderbilt deployment, the drive for operational efficiency and convenience in the tower was combined with a desire to minimise the need for users to come in physical contact with the system. Having a solution like HID Mobile Access that delivers touchless entry and increased safety and security is important.  Q: What have been the biggest mobile access advancements? The mobile credential provides contactless, seamless access to a wide range of devices and services Merredew: One of the most important advancements was simplifying upgrade paths to mobile access. In the Vanderbilt example, our HID Reader Manager was used to upgrade the firmware on the university’s physical access control readers and extend support for NFC-based credentials in Apple Wallet. The university uses the HID Origo™ Mobile Identities API integrated with CS Gold®, a higher education transaction system from CBORD, for credential lifecycle management. Another significant enhancement has been the expanded range of uses cases for the mobile credential, going beyond simply opening doors to include providing contactless, seamless access to a wide range of devices and services such as time-and-attendance terminals, cashless vending machines, printers, computers, workstations, and many other applications. Q: Wearables are also having an impact. Merredew: Contactless mobile experiences are also delivered through wearable wristbands. One example is the Nymi band which, once authenticated, continuously authenticates the identity of the user until it’s removed from the wrist. This delivers zero-trust security principles and access control using convenient fingerprint and heartbeat biometrics to users seeking touchless authentication. Q: What is the impact of the cloud? Merredew: The move to a cloud-based system to issue and manage mobile identity credentials has unified, automated, and simplified identity issuance at a single facility or across any number of distributed office or remote work locations. Q: What should end users look for in a mobile access solution? Look for solutions that use a secure element in the reader as well as cloud certificates, to ensure security and data privacy Merredew: Solutions should support the largest possible number of popular mobile devices – in HID’s case, this includes more than 250. Look for solutions that use a secure element in the reader, and a secure key management process, as well as cloud certificates, to ensure both security and data privacy. Make sure the solution supports Bluetooth Low Energy (BLE), Near Field Communication (NFC), and both iOS and Android operating systems. Solutions that provide Application Programming Interface (API) and Software Development Kit (SDK) support offer direct access to the solution’s access control hardware, speeding deployment while enabling integration partners to continue innovating products that deliver even better user experiences. Q: Wonder what this market will look like in 10 more years. What’s next for mobile access? Merredew: Future innovations are on the horizon with technologies such as Ultra-Wideband (UWB) wireless connectivity, which HID expects will become ubiquitous on mobile devices. It provides unprecedented accuracy and security when measuring the distance or determining the relative position of a target. It is not HID’s expectation that UWB will replace Near Field Communication (NFC) or Bluetooth, but rather supplement Bluetooth and other technologies to provide the assurance, reliability, and granularity of device position that enables truly seamless experiences. 

The space-saving yet full-function video spectral comparator Regula 4306 has been deployed at Wattay International Airport in Vientiane, the Lao People’s Democratic Republic, to strengthen the country’s border security. This initiative aims to combat transnational crimes, including human trafficking, smuggling, and irregular migration.  Forged identity documents Lao People’s Democratic Republic faces growing challenges in identifying forged identity documents Like many countries, the Lao People’s Democratic Republic faces growing challenges in identifying forged identity documents used by criminals and irregular migrants.  Until recently, document verification at border checkpoints relied heavily on manual inspection, which was time-consuming, prone to errors, and less effective against increasingly sophisticated forgery techniques. Adopting a forensic solution In collaboration with International Organisation for Migration (IOM), the Lao immigration authorities began modernising their approach by adopting a forensic solution to strengthen document authentication and border security. In partnership with IOM in the Lao People’s Democratic Republic and the Australian Department of Home Affairs, the Lao immigration authorities deployed the Regula 4306 video spectral comparator at the country’s major airport in Vientiane. This step equipped border officials with advanced forensic tools for in-depth document authentication, and significantly automated the whole process. Array of features in the Regula 4306 With an array of features in the Regula 4306, ID proof at the Lao border earned much precision With a vast array of features in the Regula 4306, ID verification at the Lao border achieved much-needed high precision. For instance, the device’s high-resolution 8 MP camera with 60x optical zoom captures document images at up to 18,900 ppi and enables officials to analyse even the finest details, including printing techniques. Hyperspectral imaging module  Additionally, with over 40 types of light sources and 18 light filters, the Regula 4306 allows authorities at the second line of border control to examine the most intricate document security features, such as holograms, watermarks, microprinting, and optically variable elements, ensuring a more reliable fraud detection process.  Apart from that, 3D visualisation helps analyse a document’s surface relief and intersecting lines, and the hyperspectral imaging module enables forensic experts to detect document alterations, differentiate ink properties, or recover faded text. Regula Forensic Studio cross-platform software Regula 4306 is controlled via Regula Forensic Studio (RFS) cross-platform software Regula 4306 is controlled via Regula Forensic Studio (RFS) cross-platform software. With RFS, an expert can perform a wide range of examinations, conduct precise measurements and comparisons, process images in various modes, and generate comprehensive examination reports without losing a single detail. Its powerful tools and intuitive interface ensure accuracy and reliability, enabling thorough and efficient forensic investigations.  Regula’s identity document template database Integrated with Regula Document Reader SDK, RFS enables comprehensive, automated document checks, eliminating the need for additional equipment or software. Regula Document Reader SDK can instantly recognise and validate IDs’ machine-readable zones (MRZs), RFID chips, barcodes, and invisible personal information (IPI), significantly reducing manual workload and minimising human error. Also, as it is backed up by Regula’s identity document template database (the most comprehensive in the world), this software is able to verify a wide range of IDs from 251 countries and territories, even the rarest ones. Adoption of Regula 4306 Regula experts conducted specialised training sessions for the Lao immigration officials To ensure seamless adoption of Regula 4306 at Wattay International Airport, Regula experts conducted specialised training sessions for the Lao immigration officials. This ensured that they had hands-on experience and were fully equipped to handle advanced document verification.  “Integrating Regula’s devices into the Lao border management operations is a vital step toward combating serious crimes such as human trafficking and irregular migration. This technology enables detection of fraudulent documents with higher accuracy, eliminating human errors,” says Shareen Tuladhar, Chief of Mission, IOM in the Lao People’s Democratic Republic. Lao immigration authorities “Border crossings are the frontline of many serious crimes, making border security crucial to the country's overall safety. We are honoured to contribute to strengthening Lao border security." "By equipping the Lao immigration authorities with our top-selling video spectral comparator, the Regula 4306, we are providing them with advanced forensic tools to precisely detect even the most sophisticated document forgeries and stop criminals before they can cause harm,” comments Alex Lewanowicz, Director of Hardware Engineering at Regula.

Orion Entrance Control, Inc wanted to remove friction and frustration for their integrators and end users with a single-source reader that could support any RFID technology and fit seamlessly into their turnstiles and other physical access control (PAC) products. The reader needed to be able to: Provide reliable and secure user identification and access control with excellent read range. Read all of the RFID card technologies their clients might be using. Have a compact form factor and sleek design for integration with their PAC products. Enable remote updates to support changing client requirements. Integrated access solutions Orion Entrance Control creates software, hardware, and infrastructure solutions for physical access control (PAC), occupant sensing, and visitor management. They develop access control software and manufacture high-end turnstiles, speed gates, swing gates, optical door alert systems, and other security solutions. Founded in 2009, they pride themselves on engineering and product excellence, with all of their products manufactured locally near their New Hampshire headquarters. They work with distribution partners and integrators to bring their access solutions to large commercial clients worldwide in education, healthcare, manufacturing, and other industries. One of Orion’s priorities is offering seamless, integrated access solutions that minimise friction for integrators and are simple and reliable for end users. They wanted an RFID reader that would support any RFID technology and be easily integrated into their turnstile products. Challenges faced by Orion Turnstiles and other components provided by Orion need to work within the access systems already in use Orion has 32 different turnstile products, from full-height mechanical turn gates to classic tripod turnstiles, to high-speed retractable barrier gates. An RFID reader embedded into the turnstile reads user credentials (e.g., an ID badge or mobile credential) and connects to the back-end software that verifies access authorisation levels. Both their US and international customers use various RFID transponder technologies. Turnstiles and other components provided by Orion need to work within the access systems already in use by their customers. Traditional credentialing system Traditionally, Orion would work with integrators to determine the credentialing system the customer needed and then order the corresponding readers. This created delays for installers as they waited for the right readers to arrive. It also created complexity in Orion’s supply chain, as they had to manage inventory from multiple reader manufacturers. When the pandemic disrupted supply chains for some of their suppliers, they knew they needed to look for another solution. Read-range challenges At the same time, RFID reader read range was becoming a critical issue for many clients. More sophisticated reader technology and encryption create read-range challenges for some readers, especially when embedded under glass within a turnstile. This creates frustration for end users and slows down entry queues. Need for a standardised reader solution Working with multiple reader manufacturers, each differently sized and shaped readers, created engineering challenges They also needed a standardised reader solution that would fit any of their turnstile products. The architectural community has pushed for smaller, more streamlined turnstiles, so embedded systems must be highly compact. Working with multiple reader manufacturers, each with differently sized and shaped readers, created engineering challenges for Orion and headaches for installers. All of this resulted in more work for integrators and more delays for buyers. Need for a frictionless access range "We were looking for a reliable reader that had a great read range, could accept everyone’s credentials, and would be ready to go when you fit it in the turnstile," said Jerry Waldron, Customer Care Manager, Orion Entrance Control. "It’s one more thing we can do to remove friction and provide better service to our customers." Orion's reader requirements Orion Entrance Control, Inc. wanted to remove friction and frustration for their integrators and end users with a single-source reader that could support any RFID technology and fit seamlessly into their turnstiles and other physical access control (PAC) products. The reader needed to be able to: Provide reliable and secure user identification and access control with an excellent read range. Read all of the RFID card technologies their clients might be using. Have a compact form factor and sleek design for integration with their PAC products. Enable remote updates to support changing client requirements. Solution: ELATEC TWN4 Palon family of readers The Palon Compact Panel Reader features robust panel housing suitable for indoor and outdoor use The ELATEC TWN4 Palon family of readers fits the bill. The versatile readers are designed for seamless integration into third-party products and devices. Palon supports advanced interfaces (including RS-232, RS-485, USB, and more) and is simple to mount and install. The Palon Compact Panel Reader features robust panel housing suitable for indoor and outdoor use and a classic design that fits seamlessly into Orion’s turnstiles. They also have the option of using the TWN Palon Compact M reader, which comes without housing. RFID and smartphone credentials The TWN4 Palon line supports 60+ transponder technologies, including both low- and high-frequency RFID and smartphone credentials via near-field communication (NFC) or Bluetooth® Low Energy (BLE). This gives Orion the flexibility to support virtually any existing transponder technology its clients use with a single reader. Customer experiences "One of our most important values is creating remarkable customer experiences," said Steve Caroselli, Chief Executive Officer and President, of Orion Entrance Control. "We want to provide more than they expect and deliver a product with exceptional quality. With ELATEC, we’ve found a partner that shares that core ethos." Read range and reliability Palon reader acts as a data converter to connect the barcode reader to the Weigand interface, simplifying cabling ELATEC’s readers provide excellent read range and reliability, reducing frustration for users and system managers. ELATEC was also able to help Orion integrate the Palon readers with a barcode reader to meet a customer’s requirements. In that instance, the Palon reader acts as a data converter to connect the barcode reader to the Weigand interface, simplifying cabling for the installer. The integrated system supports barcodes for visitors and RFID for employees for a unified access experience. Flexibility “ELATEC gives us the flexibility to serve all our clients and the confidence that we’re going to be able to deliver a product that just works," said Steve Johnston, Director of Sales and Marketing, Orion Entrance Control. "We know that when it shows up on-site, it’s going to be a good experience for the installer and the owner of the company.”  Benefits for ELATEC readers A universal reader allows Orion to reduce friction for clients, installers and distribution partners, and their people. Orion can support all their customers with the same RFID reader, simplifying sales, supply chains, inventory management, installation, and support. The sales team no longer must confirm in advance which transponder technology the end customer needs, the TWN4 Palon supports them all. And the engineering team can eliminate the headaches inherent in trying to fit readers with different form factors into their products. Single-part number solution ELATEC’s readers support fast, contactless reconfiguration after installation via a configuration card A single-part number solution reduces the time it takes to get the right system into the hands of installers and end customers. It also provides flexibility for the future. ELATEC’s readers support fast, contactless reconfiguration after installation via a configuration card or remote update. That means that it’s easy to update the readers for clients who add a new transponder technology, integrate mobile credentials into an existing system, or upgrade their security standards. Their turnstile and door access solutions are ready for the future. Seamless access experience Orion also appreciates the service and support they get from ELATEC. ELATEC has a production capacity in the U.S., which eases Orion’s supply chain worries. With ELATEC’s support, they can offer their customers a truly integrated PAC solution that provides a seamless access experience.

Exabeam, the pioneer in Next-gen SIEM and XDR announced that it has been chosen by Deloitte to help operationalise Managed Extended Detection and Response (MXDR) by Deloitte in an expansion of the existing Exabeam-Deloitte alliance.  MXDR by Deloitte is a suite of managed security services and solutions for cyber threat detection and response that aims to help organisations address growing threat complexity, simplify cybersecurity total cost of ownership, and achieve meaningful and measurable cyber resiliency outcomes. Cybersecurity and automation  “Exabeam is hands-down the leading user behaviour analytics solution focused on the security market. Our cybersecurity and automation capabilities will help Deloitte clients quickly and more effectively detect, investigate, and respond to the increasingly dangerous approaches of global adversaries,” said Exabeam President Ralph Pisani. “We look forward to helping Deloitte clients as they leverage our open API environment and strengthen their security programs via tailored use of MXDR by Deloitte.” User behaviour analytics solution Exabeam’s security-focused user behaviour analytics and automation capabilities will be integrated into MXDR Exabeam’s security-focused user behaviour analytics and automation capabilities will be integrated into MXDR by Deloitte to provide military-grade insider threat and incident response capabilities.   Exabeam modernises today’s security operations centres (SOCs) by automating the entire threat detection, investigation, and response (TDIR) workflow for security teams, greatly accelerating the time it takes to conduct deep investigations and resolve security incidents across their organisations.  Threat and incident response “We asked Exabeam to be part of MXDR by Deloitte because we want our clients to be confident that they can more quickly detect and remediate anomalous — possibly adversarial — activity permeating their networks,” said Curt Aubley, MXDR by Deloitte leader and a Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP. “We’re passionate about helping Deloitte clients drive better business and cybersecurity outcomes to help future-proof their evolving security strategies.” Zero Trust identity management systems Evolution of existing services and solutions by Deloitte with technologies including XDR, AI, and automation Evolution of existing services and solutions by Deloitte with more advanced technologies including extended detection and response (XDR), artificial intelligence (AI), and automation, MXDR by Deloitte is delivered 24x7x365 by security operations centres both in the U.S. and globally using FedRAMP-authorised and commercially-available capabilities. Suite modules provide advanced and proactive analytics to perform more in-depth detection combined with the continuous response, including prevention, detection, and remediation for endpoints; cloud security workloads; Zero Trust identity management systems; insider threat, proactive hunting, intelligence, attack surface, and vulnerability management; and unified log and analytics management.   Network security In 2021, Exabeam was named one of the world's fastest-growing technology companies in Deloitte’s Technology Fast 500, was featured in Inc.’s first annual Best-Led Companies list and 2021 Forbes Cloud 100, and won the 2021 CISO Choice Award in Network Security. Also, for the third consecutive time, Exabeam is a pioneer in the Gartner MQ for Security Information and Event Management (SIEM) and was recently recognised as a Customers’ Choice in the 2021 Gartner Peer Insights ‘Voice of the Customer’ in the SIEM category for its Exabeam Fusion product line. 

Who needs cards when everyone has a smartphone? That’s the key question underlying the access control industry’s transition to mobile credentials. But the transition is easier said than done, and mobile credentialing, for all its advantages, also has limitations, which further innovation continues to address. Wider acceptance comes next, driven by use cases in various vertical markets. We asked this week’s Expert Panel Roundtable: What are the latest developments in mobile access control?