Gesture technology to change how people interact with access control systems
The latest access control systems offer more secure and sophisticated credentials, while introducing new credential form factors including mobile devices that make it more convenient to open doors and gates. Mobile access control also delivers a simple and user-friendly secure identity management process to access facilities, while paving the way for integrated, multi-layered physical access control (PACS) and IT security solutions down the road.
One of the most attractive opportunities for access control solutions on mobile devices involves the use of Bluetooth Smart connections and gesture technology. Bluetooth combined with gesture technology enables users to open doors from a distance by rotating their smartphone as they approach a mobile-enabled reader. Using gesture technology in this way significantly improves the user experience while adding an authentication factor to the existing access control rule set that goes beyond something the cardholder “has” (the card) to include a gesture-based version of something the cardholder “knows” (like a password or personal identification number, or PIN). Gesture-based access control will also increase speed, and minimize the possibility of a rogue device surreptitiously stealing the user’s credential in a “bump and clone” attack.
Entering with a Twist of the Phone
In much the same way that mouse technology was a disruptive innovation that revolutionized the computer interface, gesture-based technology is poised to change how users open doors today and perform many other access control tasks in the future.
In a mobile access control environment, gesture-based access control technology leverages a smartphone’s built-in accelerometer feature to enable a simple twist of the phone to unlock doors. For instance, a user presents the phone to a reader, rotates it to the right, and then returns it to the original position so that the credential inside the phone can be read, and access can be granted. The smartphone knows how the screen is oriented because its accelerometer senses movement and gravity. Adding gesture capabilities to a wireless connection gives users a great deal of control over how they interact with the access control system.
Making the Connection
There are two choices for communications technology that enables smartphones to “present” credentials to a reader: NFC and Bluetooth Smart. NFC technology has taken the lead for tap-in strong authentication use cases, enabling users to gain access to resources by simply tapping a smart card to a tablet or laptop for authenticating to a network or application. In order to implement gesture technology, however, Bluetooth Smart is required because of its longer reach.
In a recent pilot project, gesture technology with Bluetooth-enabled smartphones were used at Vanderbilt University. There were approximately 15 participants that used their smartphones to open doors at one or more of six possible campus entry points, including one parking garage. In a survey, the participants said they enjoyed the convenience of using their phones to open doors and gates, including the added benefit of not even having to roll down their window as they approached. They also appreciated how mobile access control provides a backup measure in case of a lost or forgotten access card.
Rolling out Mobile Access Solutions with Gesture Technology
Mobile access control and the ability to use gesture technology smart devices require rethinking how to manage physical access credentials, and to make them portable to smartphones. It also requires an open and adaptable secure identity solution that can turn mobile devices into trusted credentials.
As mobile access control solutions are deployed, their benefits will drive many companies and organizations to seriously consider incorporating a combination of secure mobile physical and logical access into their facilities and IT access strategies. In addition to receiving digital credentials and “presenting” them to readers at doors and parking gates, smartphones will also be capable of replacing passwords for computer login, and generating one-time passwords for accessing network or cloud- and web-based applications. In other words, the same phone used for building access will also be used in conjunction with a personal tablet or laptop to authenticate to a VPN, wireless network, corporate intranet, cloud- and web-based applications, single-sign-on (SSO) clients and other IT resources. In some cases, phones will replace cards, but in many others they will supplement cards to deliver a more secure and user-friendly experience. The objective is not simply to substitute one credential form factor for another across isolated use cases, but rather to leverage mobile platforms and associated technologies to build unified solutions for ensuring secure access to the door, to data and to cloud applications.
The introduction and accelerating adoption of mobile access solutions is one of the most important industry developments of the past few years. New mobile technologies such as gesture-based access control using the phone’s Bluetooth connection are an important ingredient as smartphones become an integral part of the ecosystem for the creation, management and use of secure identities. Just as mouse technology revolutionized the computer interface, gesture technology is expected to change how users interact with access control systems. Used alone or in tandem with other authentication factors, gestures offer the potential to significantly improve privacy and security. Plus, gesture technology helps offer an improved user experience along with new and more convenient ways to open doors and gates.
About the Author: John Fenske is vice president of product marketing for identity and access management at HID Global.