Is NFC the Future of Access Control?
In a pilot program, Arizona State University students and staff used Near Field Communication-enabled mobile phones to enter their residence hall. The technology could eventually provide an alternative to ID cards on campuses.
Spend any time around a college campus, and you know how much students love their mobile phones. More than their laptops or book bags or keys or wallets, they are constantly interacting with their phones. They could be texting, listening to music, playing games, checking out the latest app or talking to a friend.
Understanding this, wouldn’t it be great if a university could leverage cell phone technology for physical access control, logical access control, contactless payment and more? That’s what Laura Ploughe, Arizona State University’s (ASU) director of business applications for University Business Services, thought a few years back when she read about a pilot program that used cell phones for hotel access control.
“We’ve always seen technology change very quickly,” she says. “When society adopts a new technology, 18-24-year-olds bring it on campus. We have to figure out ways that we can either make our campus less vulnerable to information security breaches and/or make our students successful with the tools they bring to campus.”
Not only that, cost savings could be achieved by using cell phones instead of ASU student ID cards (known as Sun Cards). ASU would be able to eliminate physical credentials, not to mention the administrative duties associated with issuing them.
Such was Ploughe’s thinking when she approached HID last spring and volunteered her institution to conduct a pilot involving Near Field Communication (NFC).
Pilot Involved 27 Engineering Students
The result was a project that took place Aug. 10 – Sept. 6 and involved 27 students and five ASU staff members. Kratos|HBE, a nationwide integrator, installed access control readers on 14 doors throughout ASU’s Palo Verde Main residence hall. Ten of the doors were online and had HID iCLASS SE readers installed on them. The other four doors had offline Sargent locks that required phones and PINs for access.
All pilot participants could gain residence hall access using their phones that had HID’s Secure Identity Objects (SIOs) embedded on them. Some used handsets with an additional digital key and PIN to open individual room doors. Participants also could use their Sun Card, an iCLASS-based credential, for building access.
With 13,000 students living in 34 residence halls, ASU had many individuals to choose from to participate in the pilot. However, Ploughe only wanted a handful of people.
“I wanted it to be in one residential area so that we could measure it and control it,” she says. “We chose the Palo Verde residential area because that is where the engineering students live. Additionally, there are two tech centers right by the building, and we wanted to support whatever we were piloting.”
To do all of this, Ploughe obtained buy-in from the university housing department so they would sponsor the project and let her use their facilities.
“University housing did not want us to disrupt the core reason why students are here: that is to learn,” she says. “We could not disrupt their class schedules. We couldn’t put more duress on them at the beginning of school than they already had.”
That meant the pilot had to be completed before classes started, which, in turn, meant Ploughe and HID only had eight weeks to recruit students for the project, get the phones that would be used and then conduct the actual pilot.
New Phones Help With Standardization
Because there are so many different handsets in use, it was determined that HID’s Security Identity Object needed to be installed on new phones. HID provided the phones (Apple iPhone 4s, Samsung Androids and RIM BlackBerry Bolds) and service plans from Verizon, AT&T and T-Mobile to the ASU participants so that everything could be standardized and controlled. Together, ASU and HID coordinated the participants’ current phone plans with the phones they would be receiving, so after the pilot they could use the new handsets without having to change carriers or plans.
To assist the pilot participants in case they had trouble with their NFC-enabled phones, a special hotline was set up. Also, the students and staff could still use their Sun Cards if their phones or batteries died. Participants were still required to use their Sun Cards for other things like cafeteria privileges, parking and debit. (Although NFC and SIO can apply to those types of activities, the ASU pilot only involved physical access control.)
ASU and HID knew that incentives are key for getting good results, so in order to encourage 100 percent participation, HID offered $250-$500 in cash incentives. HID also offered a summer internship. As a result, 22 of the 32 individuals involved in the pilot participated fully.
Security, Dead Batteries Pose Challenges
By their very nature, pilots are designed to determine what parts of a technology or project operate properly and which ones need to be enhanced or redeveloped. ASU’s NFC/SIO pilot was no different.
Phones or batteries going dead would be a serious challenge If NFC/SIO were deployed on a campus-wide basis in place of Sun Cards. The solution to this problem could be to have a “hot button” that triggers just enough power to make the NFC/SIO app work so that the user could open the door. It basically would be the cell phone equivalent of battery back-up or 9-1-1.
The question of security is also significant. What if you lose your phone? Would anyone who picked it up be able to use it to gain unauthorized access to your room? According to Kratos|HBE Regional Vice President Mike Tiffin, who worked on the ASU pilot, users can take some basic precautions.
“Within a phone you can add an additional layer of security, such as a PIN to unlock your phone before you turn on the technology,” he says. “So, if someone were to steal your phone, they couldn’t just use that NFC technology to get in the doors.”