Innovation often comes at the intersection of multiple existing technologies. Gesture technology is a good example in the access control industry, writes Jaroslav Barton, pictured, Segment Director, Physical Access Control EMEA HID Global.
With the advent of smart mobile devices that feature accelerometers, wireless connections and powerful processing capabilities, it is possible to control a variety of RFID devices with a simple user-defined wave of the hand or other motion gesture. Just as mouse technology revolutionised the computer interface, gesture technology is expected to change how users interact with access control systems.
It offers the opportunity to greatly enhance the user experience while increasing security and providing genuine user privacy. It will add a new and important authentication factor to the existing access control rule set that goes beyond something the cardholder “has” (the card), to include a gesture-based version of something the cardholder “knows” (like a password or personal identification number, or PIN). Gesture-based access control will also increase speed, and minimise the possibility of a rogue device surreptitiously stealing the user’s credential in a ‘bump and clone’ attack.
How it works
The industry has seen the impact of gesture technology in the gaming and interactive TV market. Now, the access control industry is poised to experience a similar transformation. Working with smartphones in a mobile access control environment, gesture technology will leverage a smartphone’s built-in accelerometer feature to control RFID devices through two- and three-dimensional hand or wrist movements. Because the phone’s accelerometer senses movement and gravity, it can tell which way the screen is being held. This allows for a novel way of adding another authentication factor to the existing authentication scheme.
Gestures could be used to unlock apps, lock and unlock doors as an alternative to mechanical keys, and to secretly signal the system and security personnel when entry is occurring under duress.
Gesture recognition can be combined with other authentication factors, such as those from finger-, hand-, iris- and facial-based biometric systems, to make multi-factor authentication on a single, integrated device a reality. It will also be possible to make gesture the only (single) authentication factor, although this – likely – would only be for access to areas within a building that has lower security requirements. In these and other access control applications, gestures will be an additive capability for ID verification. To use gesture technology, users simply define or choose from a predetermined series of hand-motion sequences or gestures that can be used to control operation of an RFID-based device (smartphone).
Rolling out mobile access
Mobile access control will be rolled out in stages. In the first phase known as card emulation mode, smartphones will receive digital keys that users can present to door readers in the same way they present ID badges. In situations requiring extra security, it will be an easy process to push an application to the phone that requires the user to, for instance, perform a pre-defined gesture swipe on the phone. Mobile access control and the ability to use gesture technology to control RFID devices requires rethinking how to manage physical access credentials, and to make them portable to smartphones. It requires an open and adaptable secure identity platform that can turn mobile devices into trusted credentials.
This platform must use a new data model that can represent many forms of identity information on any device that has been enabled to work within a secure boundary and central identity-management ecosystem, with a secure communications channel for transferring identity information between validated phones, their secure elements (SEs), and other secure media and devices. The authentication credential is stored on the mobile device’s SE, and a cloud-based identity provisioning model eliminates the risk of credential copying, while making it easier to issue temporary credentials, cancel lost or stolen credentials, and monitor and modify security parameters when required.
Further into the future, smartphones will be used to perform most tasks that today are jointly executed by card readers and servers or panels in traditional access control systems. With this model, mobile devices (rather than an access control system) become the access decision-makers, and doors (rather than cards) become the ID badges.
This paradigm reversal will change how access control solutions are offered. Organisations will no longer need intelligent readers connected to back-end servers through physical cabling – just stand-alone electronic locks that can recognise a mobile device’s encrypted “open” command and operate under a set of access rules. This will dramatically reduce access control deployment costs, and the industry will begin securing interior doors, filing cabinets, storage units and other areas where it has been expensive to secure before.
As the industry moves to a mobile access control model that turns smartphones into trusted credentials, these devices offer an ideal platform for gesture technology. Used alone or in tandem with other authentication factors, gestures will be easy to use, and offer the potential to significantly improve privacy and security.
