By Ayman S. Ashour. Chief Executive Officer,Chairman of the Board, Identive Group
From the very beginning of time, we human beings have employed differing forms of identification and privilege management. Early man relied on the simple, direct identification of others to grant a privilege such as sharing a meal or shelter. Sometimes just the voice was enough to grant access to a cave or path, sometimes visual ID was required. Generally, in their small, closed settlements, early humans knew those in their community and had minimal interactions with outsiders. As we moved on, however, to larger tribes and settlements, and the number of these interactions increased, markings, colors, code words or sounds began to become more important in the proper identification and privilege management of these individuals.
The challenge continued over the millennia and finding ways to identify people grew more complex: locks and keys were invented for physical access; barter moved on to precious metals and later coins and currency were introduced to allow for commerce. Gradually, wax seals, signatures and the possession of keys or currency played bigger roles in commerce and privilege management. Commerce is, at its core, an exchange of privilege, through possession or consumption. As populations grew and settlements expanded into villages, towns and large cities, the need to deal with total strangers and for methods of granting them specific privileges continued to grow. Increased travel complicated matters a great deal further.
Complexity of managing increased number of credentials
We move on to our twenty-first century with far more advanced societies and unprecedented levels of movement, migration, travel and international commerce. The phrase “global village” may be an annoying oxymoron for some, but it is a living reality for the more than one billion people who travel, building friendships, connections and business with others across the globe. Our need for identification and privileges management has exploded in volume and complexity. We carry drivers’ licenses to drive and, in the US, for general ID purposes such as domestic travel or checking into a hotel. We carry passports to travel internationally; we carry health insurance cards for access to medical treatment or to obtain medication; we carry frequent flier cards, bus passes, library cards, bank debit and credit cards, even ski passes and loyalty cards for every tenth coffee. We also carry badges or cards to get into our office building, college dorm, parking structure, company cafeteria or gym. We sometimes use cards or tokens to gain access to a website or to log on to a network; we also use a multitude of passwords that we must try and memorize. Passwords are driving us all crazy as we are forced to include symbols and characters and to change them every ninety days or so. For extra security we are sometimes even forced to use an external password generator, provide a finger print or allow an eye scan, either alone or in a combination with an ID card, fob or PIN.
There is mounting irritation and confusion as we have to deal with so many different ways to prove that we are entitled to whatever it is we are trying to access: our money, healthcare, the workplace, the ski slope, a private airport lounge, a travel website, online banking, a social or company network. We deal with disparate systems, each with its own key, its own lock. So we walk around burdened with numerous keys and cards, trying to remember many different passwords with different rules. All of them dedicated credentials and methods of ID, used on proprietary systems and applications.
Move towards convergence of credentials
In some areas there has been a strong drive towards converging multiple functions onto one card in order to increase security by having a single point where credentials can be issued, managed or revoked. The U.S. Government, for example, has been engaged in a multi-year effort to replace the plethora of cards issued for access to physical buildings and the dedicated smart card for network access used by employees and contractors with one single credential, known as the personal identity verification, or PIV card. Enterprises are also beginning to converge their employees’ credentials so that both physical sites and computer networks can be accessed with the same card. On the technology side, miniaturization has made it possible to transfer the security benefits of smart cards to RFID cards, creating what is known as a contactless smart card, so that user convenience is further enhanced with the ability to just touch one’s identity card to a door or computer reader to gain entry. While this convergence of physical and IT access control in the workplace requires significant upgrades to the various systems involved, it also offers the employer the ability to manage different types of privileges on one, single smart credential.
NFC creates one, simple-to-use system for everyone
Near field communication, or NFC technology is a revolutionary development that promises to provide the convenience of a single, contactless credential for each of us – and a lot more – by enabling a highly secure personal credential to be built into our mobile phones. An NFC-enabled phone such as the Google Nexus S or a Nokia N9 incorporates all the functions of a secure contactless smart card, comparable in its level of security and sophistication to highly secure electronic credentials such as electronic passports, credit cards or expensive electronic tickets. What makes NFC phones really powerful is the convenience of enabling them anywhere, anytime through secure mobile connections, to act as our personal credential for an endless number of possible mobile applications. We can use our NFC-enabled smart phones to help us sign on to different websites, networks or loyalty programs, thus eliminating the need to remember all those multiple passwords. We can download a ski pass to our phone, or tap our phone to workout machines to log our fitness routine or map our run.
We can also use our NFC phones as a reader or scanner. Just as we use the camera to take photos, we can use the NFC reader features in our phone to download data such as merchant coupons or restaurant reviews from smart tags or smart posters. We can buy and download our Charlie, Oyster, BART, MARTA or other transit pass on our NFC-enabled phone and just hop on the bus or subway using a machine-to-machine transaction between our mobile device and the ticket issuing machine. We can follow organizations or people on Twitter and Facebook or receive RSS feeds by simply using our smart phones as readers. NFC also supports more secure transactions. In many countries, online banking transactions are required by law to use the strong authentication of a one-time password, or OTP, generated from a card or token issued by a bank. NFC-enabled phones, however, can do the trick without the need for carrying an additional battery-powered device dedicated to reading out an OTP.
Choice, convenience, cost, security and above all fun and simplicity will determine what kind of world we will shape with our NFC phones in a new era of electronic consumer empowerment. So in this new brave, connected world, we move towards an integrated multi-application, multi-use credential and a secure multi-use, multi-application reader, both incorporated into our NFC-enabled phones; an inevitable move to a more integrated, more connected world.
Finally, as with the case with any new wireless technology, there may be lingering concerns about the security of vital data and communications. NFC is actually very secure. Because it operates only at very close ranges (1 to 4 cm), it is difficult to hack the data being transferred using NFC signals. The usual precautions of passwords or prompts before launching new applications on a smart phone apply with NFC just as they do elsewhere. And NFC-enabled phones don’t require activation of GPS or global positioning, or even a cellular connection; they require a deliberate use by the consumer to read or be read. Therefore privacy concerns are abated as most NFC transactions take place within the mobile phone users’ reach. NFC offers user-based control over which application we choose to read from or write to, and where or to whom we wish to make our presence known. The level of security can also be put in the user’s hands. Settings can be changed to make a transaction automatic with a touch, require an app to launch first (i.e. must push a button), or even require entry of a pin code. The user can set the level of security based on his or her own personal comfort level with individual applications and use cases.
Most mobile phone manufacturers have announced plans to include NFC functionality in the next generations of their mobile phones. With up to 280 million people carrying NFC-enabled phones by 2013, new applications will develop rapidly. Credentials such as keys, access cards, tickets, business cards, plastic loyalty cards and payment cards could rapidly disappear in favor of a single personal credential on your phone. Consequently, NFC represents a paradigm shift in how we live, making everyday activities easier and more convenient by building on existing systems and human behavior. It will make accessing new media and content services more intuitive; make it easier to pay for things; easier to discover, synchronize and share information; and easier to use transport and other public services. How will NFC ultimately change our lives? In more ways than we can imagine.
About the Author:
Ayman S. Ashour serves as Chairman & CEO for Identive Group, which he joined in January 2010 following the combination of Bluehill ID AG and SCM Microsystems. Mr. Ashour formerly was the CEO and President of the Board of Directors of Bluehill ID, an RFID technology company that he founded in 2007. Prior to this, he was the Principal of Newton International Management, a strategy consulting firm focused on the security and identification technology industry.
Mr. Ashour holds a Bachelor’s degree in Electronic and Electrical Engineering from the University of Manchester. He is currently an Adjunct Lecturer for the MBA program at the Sawyer Business School at Suffolk University in Boston.