The industry is moving to access control architectures that enable users to carry multiple secure identities on a single card or phone for applications beyond physical access control, including “tap in” multi-factor authentication, also known as strong authentication. A key ingredient for these capabilities is short-range wireless communication technology, such as Near Field Communications (NFC) and Bluetooth Smart. These technologies are required in order for smart cards and smartphones to present credentials to a reader. They also enable smart cards to be tapped to tablets or laptops for authenticating to a network or application – a capability that may also be possible in the future with smartphones.
NFC technology has taken the lead for tap-in strong authentication. Already a standard feature in smartphones and laptops, NFC is steadily becoming available in smart cards, as well. With NFC, users can gain access to resources by simply “tapping in” – without the need to enter a password on touch-screen devices, or requiring additional devices to issue and manage. Users can tap-in to facilities, VPNs, wireless networks, corporate Intranets and cloud- and web-based applications, as well as SSO clients.
These benefits and the wide range of potential applications – along with the fact that manufacturers are enabling more and more phones, tablets and laptops with NFC – are driving many organizations to seriously consider incorporating a combination of secure mobile physical and logical access into their facilities and IT access strategies. The objective is not simply to substitute one credential for another across isolated use cases, but rather to leverage mobile technologies to build unified solutions for ensuring secure access to the door, to data and to cloud applications.
RELATED: Is NFC the Future of Access Control?
Earlier Strong Authentication Problems Have Been Solved
Strong authentication, combines something the user knows (such as a password) with something the user has (such as mobile and web tokens), and can also be extended to include a third factor in the form of something the user is (which can be ascertained through a biometric or behavior-metric solution).
Users have grown weary of the inconvenience of hardware One Time Passwords (OTPs), display cards and other physical devices for two-factor authentication. Additionally, OTPs are useful only for a limited range of applications. The industry is now replacing hardware OTPs with software tokens that can be held on such user devices as mobile phones, tablets and browser-based tokens. With software OTPs, organizations are able to replace a dedicated security token with the user’s smartphone, enabling the two-factor authentication to grow in popularity and convenience. A phone app generates an OTP, or OTPs are sent to the phone via SMS. However, there are security vulnerabilities with software OTPs that have driven the need for a far more secure strong authentication alternative, such as smart cards based on the Public Key Infrastructure (PKI). The downside to this approach, however, is its high cost and level of complexity to deploy.
NFC technology offers many benefits for tap-in strong authentication applications as it becomes a standard feature of smart phones, tablets and laptops targeted at the enterprise market. It is poised to not only eliminate the problems of earlier solutions, but also offer an opportunity to achieve true convergence through a single solution that can be used to access IT resources while enabling many other applications.
These include such physical access control applications as time-and-attendance, secure-print-management, cashless vending, building automation and biometric templates for additional factors of authentication – all delivered on the same smart card or NFC-enabled phone alongside OTPs, eliminating the need to carry additional tokens or devices. Historically, physical and logical access control functions were mutually exclusive within an organization, and each was managed by different groups. Now, the lines between these groups will begin to blur, especially as credentials converge onto smartphones.