Using Smart Cards and Smartphones to Secure Data and Cloud Applications

These technologies aren’t just for physical access control.

Smartphones Offer Convergence Benefits

Within five years, we should see smartphones becoming an integral part of the ecosystem for the creation, management and use of secure identities. In some instances, phones will replace cards, but in many others, they will supplement cards to enable a more secure and user-friendly experience. The use of smartphones to receive digital credentials and present them to readers will co-exist with existing capabilities to generate OTPs for accessing network or cloud- and web-based applications. Users will simply take the same card or phone they use for building and parking lot access, and use it in conjunction with a personal tablet or laptop to authenticate to many different IT resources.

Users will appreciate the convenience of combining mobile tokens with cloud app single-sign-on capabilities, a model that blends classic two-factor authentication with streamlined access to multiple cloud apps on a single device that users rarely lose or forget. Plus, these converged solutions reduce deployment and operational costs by enabling organizations to leverage their existing physical access control credential investment to seamlessly add logical access control for network log-on. Smartphones also are ideal for delivering multifactor authentication capabilities as part of a multi-layered security strategy for the most effective threat protection. 

Multiple Layers Enhance Security

As BYOD continues to grow in popularity and many cloud-based applications are accessed from personal devices, enterprises will need to take a layered approach to security, recognizing that no single authentication method is going to address today’s multiple devices and use cases.

In addition to multi-factor user authentication both inside the firewall and in the cloud, the next layer to implement is device authentication, to verify that the person is using a known device.  The third layer is ensuring that the user’s browser is part of a secure communication channel, and the fourth layer is transaction authentication/pattern-based intelligence, which increases security for particularly sensitive transactions. The final layer is application security, which protects applications on mobile devices that are used to deliver sensitive information. These five security layers can be effectively implemented using today’s integrated versatile authentication platforms with real-time threat detection capabilities. 

Choose Your Access Control Platform Wisely

Migration to strong authentication and true converged solutions requires an adaptable multi-technology smart card and reader platform. For optimal flexibility and interoperability, this platform should be based on an open architecture and enable both legacy credential and new credential technology to be combined on the same card while supporting mobile-enabled platforms. To meet security requirements, the platform should use contactless high frequency smart card technology that features mutual authentication and cryptographic protection mechanisms with secret keys, and employs a secure messaging protocol that is delivered on a trust-based communication platfor
m within a secure ecosystem of interoperable products.

With these capabilities, organizations can ensure the highest level of security, convenience and interoperability on either cards or phones, along with the adaptability to meet tomorrow’s requirements, including a combination of both strong authentication for protecting the data and applications in the cloud, and contactless high-frequency smart card capabilities for diverse physical access control applications.

Organizations will likely also need to take a technology-agnostic approach to short-range communication technology, especially to support physical access control applications such as opening doors and parking gates. While NFC was initially the primary short-range communication technology in these applications, the industry is now also moving to Bluetooth Smart because of its broad availability on both Apple and Android device platforms. Bluetooth Smart also supports a simplified deployment and identity provisioning model as compared to NFC (which requires the use of a secure element in the phone and commercial relationships with the mobile operators that manage them).

Another advantage of Bluetooth Smart is its longer reach, which enables smartphones to incorporate gesture technology so they can simply be rotated or twisted as the user walks up to a mobile-enabled reader. This new gesture technology capability will offer an additional layer of authentication and new ways to open doors and parking gates. 

With proper planning, organizations can use short-range communications technologies to solve the strong authentication challenge while extending their solutions to protect everything from the cloud and desktop to the door. The goal is a fully interoperable, multi-layered security solution across company networks, systems and facilities. 

Julian Lovelock is the vice president of product marketing for identity assurance with HID Global.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ