Spend any time around a college campus, and you know how much students love their mobile phones. More than their laptops or book bags or keys or wallets, they are constantly interacting with their phones. They could be texting, listening to music, playing games, checking out the latest app or talking to a friend.
Understanding this, wouldn't it be great if a university could leverage cell phone technology for physical access control, logical access control, contactless payment and more? That's what Laura Ploughe, Arizona State University's (ASU) director of business applications for University Business Services, thought a few years back when she read about a pilot program that used cell phones for hotel access control.
"We've always seen technology change very quickly," she says. "When society adopts a new technology, 18-24-year-olds bring it on campus. We have to figure out ways that we can either make our campus less vulnerable to information security breaches and/or make our students successful with the tools they bring to campus."
Not only that, cost savings could be achieved by using cell phones instead of ASU student ID cards (known as Sun Cards). ASU would be able to eliminate physical credentials, not to mention the administrative duties associated with issuing them.
Related Video: ASU Case Study: Physical Access Control & Smart Phones
Such was Ploughe's thinking when she approached HID last spring and volunteered her institution to conduct a pilot involving Near Field Communication (NFC).
Pilot Involved 27 Engineering Students
The result was a project that took place Aug. 10 - Sept. 6 and involved 27 students and five ASU staff members. Kratos|HBE, a nationwide integrator, installed access control readers on 14 doors throughout ASU's Palo Verde Main residence hall. Ten of the doors were online and had HID iCLASS SE readers installed on them. The other four doors had offline Sargent locks that required phones and PINs for access.
All pilot participants could gain residence hall access using their phones that had HID's Secure Identity Objects (SIOs) embedded on them. Some used handsets with an additional digital key and PIN to open individual room doors. Participants also could use their Sun Card, an iCLASS-based credential, for building access.
With 13,000 students living in 34 residence halls, ASU had many individuals to choose from to participate in the pilot. However, Ploughe only wanted a handful of people.
"I wanted it to be in one residential area so that we could measure it and control it," she says. "We chose the Palo Verde residential area because that is where the engineering students live. Additionally, there are two tech centers right by the building, and we wanted to support whatever we were piloting."
To do all of this, Ploughe obtained buy-in from the university housing department so they would sponsor the project and let her use their facilities.
"University housing did not want us to disrupt the core reason why students are here: that is to learn," she says. "We could not disrupt their class schedules. We couldn't put more duress on them at the beginning of school than they already had."
That meant the pilot had to be completed before classes started, which, in turn, meant Ploughe and HID only had eight weeks to recruit students for the project, get the phones that would be used and then conduct the actual pilot.
New Phones Help With Standardization
Because there are so many different handsets in use, it was determined that HID's Security Identity Object needed to be installed on new phones. HID provided the phones (Apple iPhone 4s, Samsung Androids and RIM BlackBerry Bolds) and service plans from Verizon, AT&T and T-Mobile to the ASU participants so that everything could be standardized and controlled. Together, ASU and HID coordinated the participants' current phone plans with the phones they would be receiving, so after the pilot they could use the new handsets without having to change carriers or plans.
To assist the pilot participants in case they had trouble with their NFC-enabled phones, a special hotline was set up. Also, the students and staff could still use their Sun Cards if their phones or batteries died. Participants were still required to use their Sun Cards for other things like cafeteria privileges, parking and debit. (Although NFC and SIO can apply to those types of activities, the ASU pilot only involved physical access control.)
ASU and HID knew that incentives are key for getting good results, so in order to encourage 100 percent participation, HID offered $250-$500 in cash incentives. HID also offered a summer internship. As a result, 22 of the 32 individuals involved in the pilot participated fully.
Security, Dead Batteries Pose Challenges
By their very nature, pilots are designed to determine what parts of a technology or project operate properly and which ones need to be enhanced or redeveloped. ASU's NFC/SIO pilot was no different.
Phones or batteries going dead would be a serious challenge If NFC/SIO were deployed on a campus-wide basis in place of Sun Cards. The solution to this problem could be to have a "hot button" that triggers just enough power to make the NFC/SIO app work so that the user could open the door. It basically would be the cell phone equivalent of battery back-up or 9-1-1.
The question of security is also significant. What if you lose your phone? Would anyone who picked it up be able to use it to gain unauthorized access to your room? According to Kratos|HBE Regional Vice President Mike Tiffin, who worked on the ASU pilot, users can take some basic precautions.
"Within a phone you can add an additional layer of security, such as a PIN to unlock your phone before you turn on the technology," he says. "So, if someone were to steal your phone, they couldn't just use that NFC technology to get in the doors."
Another challenge was that students had to stop what they were doing on the phone to open the app so they could open their door. This issue could be addressed by running the app in the background all of the time, but then security might be compromised.
Interference with metal objects and app failures, which required them to be reset and relaunched, were other problems experienced in the pilot.
Students Like NFC 'Cool Factor'
Overall, however, pilot participants liked NFC for access control. Ninety percent said a phone is just as convenient as using their Sun Card. They also liked the "cool factor."
"All the other students saw the phone being used to open the door and said, 'Hey, where can I get that? I want that too,'" says Ploughe. "That alone was a big win-win for all of us in that, yes, this could be a viable solution. They want to use this because they think this is the new, cool technology."
Although the pilot participants enjoyed using NFC, that doesn't mean it's ready to be deployed campus-wide.
"We would love to, but I don't think the industry is ready for it yet," says Ploughe. "NFC phones are not generally available, with the exception of the latest BlackBerry."
Lack of standardization among cell phone carriers, handset manufacturers and security manufacturers is probably the biggest barrier, Plough claims. Most have proprietary equipment, and there is infighting among everyone as to who will own the technology.
Ploughe is hopeful the technology will be ready for widespread use in one or two years when a business model has been developed that allows all of the players to get their piece of the pie.
Study Shows College Students Want to Use Cell Phones as Credentials
Two-thirds of American college students are interested in using their cell phones in place of an ID card, according to new research by Ingersoll Rand Security Technologies (IR). In a study titled "Effective Management of Safe & Secure Openings & Identities," IR reports that nearly half of the 140 students surveyed identified cell phones as their favorite personal electronic device. Additionally, almost half of all respondents reported using cell phone apps to manage classwork, check grades, communicate with professors, and receive notifications and alerts.
Similar to the introduction of smartcards and biometrics at universities, many early adopters in the college population are already comfortable with the idea of using a cell phone as a credential, says IR Vice President of Education Markets Beverly Vigue.
"This ties in nicely with the budding discussion on NFC [near field communication], which will inevitably end up on cell phones," she says. "No Visa card; no MasterCard card — only your cell phone will be needed for cashless payments or to show your identity."
Currently, there are few phones with the NFC capability. However, the availability of the phones and their infrastructures should increase dramatically within the next couple of years as the population grows, Vigue says.
"It is important to understand that the solution is still in the testing phase. It's not yet ready for mass commercialization. Plus, it's hard to determine what the phone providers will charge for having this attribute," Vigue says. "Nonetheless, as with the use of smart cards and biometrics, the early adoptors will be on college campuses, ready to bring the technology to the commercial market along with themselves and their degrees upon graduation."
Source: Ingersoll Rand Security Technologies
What Is Near Field Communication?
Near Field Communication (NFC) allows for simplified transactions, data exchange and wireless connections between two devices in close proximity to one another, usually by a few centimeters or less. Normally the devices used are mobile phones.
Previous pilots have been conducted internationally, such as in Germany, Sweden and Malasia. NFC can be used for contactless payment, transportation, healthcare and, in Arizona State University’s (ASU) case, access control.
At ASU, students were provided with phones that had HID’s Secure Identity Objects (SIOs) — which are virtual identities — embedded on them. To open doors to their dorms, students would open an app on their phone that would activate the SIO. They would then put the phone very close to an access control reader that was on the door. Some of the doors used in the project also required PINs.
Scott Goldfine and Ashley Willis of Security Sales & Integration magazine also contributed to this article.