Access Control: NFC or BLE?

Feb. 14, 2017
Dealers and integrators who understand the differences will have a leg up in help customers specify the best technology for their needs

A shift in the use of identity technology has led to increased adoption of mobile devices and the latest smart card technology, a greater emphasis and reliance on the cloud, and a radical new way of thinking about trust in smart environments and the IoT.

That shift is also precipitating the move to NFC and Bluetooth Low Energy (BLE) wireless technologies. Dealers and integrators will need to be intimately familiar with these technologies to be able to specify the right one for the job across a growing variety of access control applications in an increasingly connected world.

Evolution of Trusted Identities

As organizations seek to use the broadest range of smart devices possible, it directly impacts how they view and use trusted identities across more activities in more connected environments.

Users want to open doors, log into networks and cloud resources, access print jobs and conduct other daily activities using trusted IDs on their phone, wearable device or smart card. At the same time, trusted identities are increasingly being used to help secure, customize and enhance the user experience across a growing range of industry segments that are embracing the power of the IoT.

Trusted IDs can leverage BLE to further streamline processes and operations using real-time location systems, presence- and proximity-based location functionality, condition-monitoring solutions, beacons and cloud-based models for emerging IoT. These applications will include a growing number of energy-efficient, productivity- and safety-oriented use cases that will need to know the identity of occupants in a physical space to manage environmental conditions, book meeting rooms and auto-configure audio visual equipment and alarms.

The Tale of the Tape

Growing demand for these and other use cases will require dealers and integrators to become more familiar with the strengths and weaknesses of NFC and BLE wireless technologies in various applications. For example, in the connected workplace, the core access control challenge is managing the identity of individuals as they enter into and move through the building, and form factors can range from smart cards, to mobile phones, to wearables.

NFC, BLE and other contactless technologies are then used to communicate identity in a seamless fashion. Key comparative attributes when choosing between the two include convenience, communications performance, security and availability.

Convenience: NFC requires that a phone be tapped to a reader; BLE enables users to interact with readers from longer distances. The latter capability will be important for emerging access control applications where the goal is to maximize convenience by requiring no explicit action on the part of users during the authentication process.

Communications Performance: A key difference between NFC and BLE is the latter’s two-way communication capability. This is important in many access control applications whose setup is relatively complex and requires that configuration information first be read from the reader, printer or other device prior to writing the new configuration information. BLE enables phones to read and display the current reader configuration before pushing the new configuration information to it.

Two-way communications is also important in applications where the phone acts as a reader and performs access control functions with other phones. A good example of this phone-to-phone model is mobile driver licenses that citizens carry on their phone and law enforcement officers and others read and verify with theirs. BLE is the superior wireless technology here because it enables these interactions to occur faster than is possible with NFC, and without requiring that the phones touch each other. It’s safer to share driver licenses from a distance, and certainly more convenient. With NFC, the phones would need to be held together for five seconds or longer to exchange the photo ID file, but with BLE, it can happen at a longer distance, in less than half the time.

Security: While extending wireless read range improves convenience, it can also raise security considerations. As the range lengthens, there is the potential for users to unintentionally open doors with their phones as they walk by. There also is the risk that administrators will accidentally read someone’s phone while they were trying to communicate with another person’s phone. HID Global has addressed this problem with “Twist ‘n Go” capability that requires users to manipulate their phones in a prescribed way to complete an access control action.

In an environment where the goal is that no explicit action be required of the user, this may not be ideal. Suitability may also depend on the use case – for example, an employee who performs the same gesture many times each day will be more comfortable with the model than a police officer who only performs a mobile ID verification procedure once every few days.

Availability: One of the biggest differentiators between NFC and BLE is that Apple does not support NFC. It is difficult to deploy a solution that does not work with all devices that users might be carrying with them. This may change in the future, especially as new use cases emerge.

Emerging Use Cases

One of the most enticing use cases on the horizon is the ability to unify all access control applications into a single cloud and on-premise hybrid system that can be used with a broad choice of smart cards and mobile devices.

In this scenario, the phone is used for everything from opening doors to accessing desktops, network applications and cloud services. The challenge for dealers and integrators is to know which wireless technology is best for each element within this hybrid system. Their customers will be interested in using phones to tap into a computer system the same way they open a door. This will require a knowledge of the best wireless approach, and also how best to deploy the associated apps onto users’ phones.

Other emerging use cases embrace the IoT to connect people, places and things. Demand is growing for cloud-based authentication platforms that add trust to “proof of presence” IoT applications. The ability to tap a phone to a trusted tag to prove you were there and have completed assigned tasks is having a profound impact on how people do their jobs and manage complex processes.

One example is automated security guard tour and key management capabilities. Facility managers can accurately track security checkpoints and instantly dispatch guards for response to and reporting of activities throughout a building. Security guards can patrol areas more easily and efficiently with automated patrol stops that replace manual sign-in processes. With a simple tap of their mobile phone to a secure trusted tag, guards can digitally prove that a security patrol took place at the proper location, at the proper time.

Another example is automated maintenance management systems that are physically linked to fire and safety equipment, heating and cooling systems and other critical, high-value assets. For decades, RFID transponders have connected these physical assets to business applications, enabling organizations to manage and track inventory levels and improve operational process efficiency. Now, mobile devices can be combined with trusted tags and cloud authentication to secure cloud maintenance management software (CMMS) applications. Users tag equipment to connect it to the Internet, enabling technicians to then use their mobile devices to simply tap the tag in order to access these cloud-based CMMS applications, track activities and automate other previously manual processes.

These types of applications have typically been deployed with NFC tags and specialized readers, and today NFC tags can be read by mobile phones. Moving forward, BLE will likely be an option, as its longer read range will deliver many advantages that will drive innovation and new use cases, and its two-way communication capabilities will offer the ability to do more than just read data off a tag.

Impact on the Integrator/Installer

As new use cases emerge and BLE becomes as universally available as NFC, integrators must be prepared to offer valuable selection and deployment expertise. For example, BLE requires more reader tuning than NFC, in order to configure the optimum read range for the application.

Integrators will also need to understand special application requirements. For instance, there could be concerns in hospital environments that BLE transmitters will interfere with wirelessly-connected medical equipment. Integrators will not only need to understand basic wireless technology advantages and trade-offs, but also the special requirements of various market segments and use cases.

Julian Lovelock is VP of Innovation and Platform Strategy for HID Global. To request more info about the company, visit www.securityinfowatch.com/10213866.