Whither cards? Secure identities move to smart devices
Part of the future of identity series
09 December, 2014
category: Corporate, Digital ID, Government, Smart Cards
By Julian Lovelock, vice president of product marketing for identity assurance, HID Global
Lovelock is responsible for defining and bringing to market products across the Identity Assurance portfolio. He is based in Fremont, Calif., having relocated from London in 2006. He joined ActivIdentity in 2005 as part of the acquisition of ASPACE Solutions where he was CTO and co-founder.
Within the next five years, users will be carrying multiple secure identities on smart devices – a move that could replace all previous mechanical keys and dedicated one-time password (OTP) hardware for physical and logical access control. This single card or device will be part of an access control ecosystem that provides a seamless user experience and can flexibly scale and adapt, while also delivering growing value to the organization.
The technologies for realizing this vision already exist and are poised to change how we use secure identities for many applications. All smart devices – whether a traditional card or a device with wireless technology such as Bluetooth or NFC – now has the potential to become a trusted credential that can be used for authenticating individuals. Meanwhile, advances in converged back-of-house technologies are enabling strong authentication and card management capabilities for computer and network logon.
These advances also ensure that physical and logical identities can be managed on a combination of plastic cards and smart phones. The objective is not simply to substitute one credential form factor for another across isolated use cases. Rather, the goal is to leverage smart devices to build unified solutions that ensure secure access to the door, to data and to cloud applications.
The same card or phone used for building access will be used to authenticate to cloud- and web-based apps, single-sign-on clients or other IT resources
Today’s access control platforms deliver more sophisticated credentials and new credential form factors including smart devices. They also support open standards so that organizations can evolve beyond their current capabilities, add features and adapt to changing security threats. With the proper foundation and planning, organizations can solve today’s challenges, as well as prepare for new capabilities such as mobile access control. Moreover, this foundation can allow for a diverse range of new applications when needed, and pave the way for integrated, multi-layered physical access control and IT security solutions that span all of the organization’s networks, systems and facilities.
One of the biggest developments in the coming years will be growth in smart devices. Within five years, we should also see smart devices becoming an integral part of the ecosystem for the creation, management and use of secure identities. In some instances phones will replace cards, but in many others they will supplement cards to enable a more secure and user-friendly experience.
The use of smart phones to receive digital credentials and “present” them to readers will cooperate with existing capabilities to generate one-time passwords for accessing network or cloud- and web-based applications. Users will simply take the same card or phone they use for building access and use it in conjunction with a personal tablet or laptop to authenticate to a VPN, wireless network, corporate intranet, cloud- and web-based applications, single-sign-on clients or other IT resources.
Within this environment, strong authentication will continue to grow in importance in the face of a rapidly changing IT security threat environment – and will also move to the door. There will be increasing use of other authentication factors including biometrics. In the federal space, meanwhile, widely adopted Public Key Infrastructure-based strong authentication methods will arrive at the door using both cards and mobile phones.
Smart devices using Bluetooth Low Energy for their short-range connectivity technology will also have long enough reach that users can open doors with a simple movement of the device as they walk up to a mobile-enabled reader. This new gesture-based capability offers a new user experience and new ways to open doors and parking gates, while laying the foundation for a wide range of additional future applications.
The latest secure identity technologies enable organizations to use smart cards and other smart devices in a growing ecosystem of interoperable products and applications. Within the next five years, our customers will be able to use these cards and phones as a replacement for all previous mechanical keys, physical access cards and dedicated OTP logical access authentication hardware. And accompanying this transition will be an extremely flexible, centralized access and identity management system that can adapt to evolving threats and requirements, improve the user experience, and deliver steadily growing value over time.