Canadian mobile operator Telus Communications has developed an NFC-based physical- and logical-access control service, which it plans to trial with 500 employees this year before launching an offer.
Denis Niles, senior security architect for Telus, noted in a recent presentation that unlike mobile payment or other mobile-commerce applications on NFC phones, launching an access-control service is easier to roll out.
Avoiding Payments Complexity
“It’s (mobile payment) complicated, complex, a lot of players; got to get (a) lot of agreements,” said Niles, speaking at the recent SIMposium USA conference in Las Vegas. “People have to talk to each other. Everyone wants to fight for a percentage of the transactions.”
But with access control, there are many fewer parties to work with. Telus has been working for about the past two years on the service, with UK-based identity management company Intercede and France-based SIM and trusted service management vendor Gemalto. The vendors apparently provided their services for no charge to Telus help demonstrate the access-control concept.
“Guess what? You don’t need the partnerships with all the other operators,” he said. “You don’t need the TSM. I’m going to bring that into the company. I can operate that myself. POS terminal companies? Nope, I can deal with that on my own. I’ll install whatever reader I want. I don’t need the banks, and I don’t need the credit companies.”
The Telus service would put credentials on SIM cards that run in NFC phones, which users would tap to open doors. They could also tap the phones to access their secure networks, using certificates, likely on the SIMs. For Telus, internally, NFC could replace a system now based on usernames and passwords or sequential numbers combined with site locations. An NFC-based system would be more secure, said Niles.
“On this (NFC) phone, I’ll have a device certificate. I’ll have a user certificate, and I might have an application certificate,” he said, adding that in the future, the system could use GPS or other geo-location technologies, as well as social networking to make the authentication even more secure.
“In other words, if you use Google or Facebook, I’ll add that particular log-in credential on top of the rest, just to compile a more secure mechanism for you to log in and access those services.”
It has not been altogether easy work to develop an NFC-based access-control service, however.
Telus and the vendors have worked on it for at least two years. And at one point, it took six months to load certificates on some of the NFC phones the telco was working with. Niles implied that some handset makers weren’t always cooperating.
“The hardest part to get anything done is for all of the players to open (up),” he said. “Every time you contact a mobile device manufacturer, (they said) well, yeah we’ll help you.” But they wanted to sell phones. “What they don’t understand, everybody has to go through the mobile network operator to get to the end customer. Nobody is going to do this on their own.”
SIM-Centric Approach
Niles, however, who works for a mobile operator, takes a decidedly SIM-centric approach to the subject. He did not mention that other secure elements, such as embedded chips in NFC phones, also could play host to employee ID credentials.
In addition, while he proposed that the business model for Telus would be to offer to manage the SIM-based access control service for companies and government agencies, he didn’t mention working with Canada’s two other major mobile operators, Rogers Communications or Bell Mobility or the Canadian telco joint venture the three telcos have formed, EnStream. It would apparently mean that any company using the service would have to be issued SIMs by Telus.
Telus appears to be sold on NFC technology. But Niles noted that NFC backers don’t have an indefinite window in which to roll out services, such as access control, using NFC devices.
“This (NFC) train has left the station,” he said. “You’re not going to stop it and, I think, again, if you and I and others don’t get it done, other folks will figure it out. They’ll get around us; a new technology. Now is the opportunity. Not tomorrow. Not next year. It’s all there for us to do.”