7 Comments

Summary:

Canada’s Telus is replacing key cards with SIM cards as the security credentials necessary to enter its buildings. Employees need only wave their NFC phones over a contactless sensor to gain entry.

Intercede smartphone ID

Employees of Telus just got access to the latest in building-security technology, and it just happens to be in their smartphones. The Canadian telecom provider is putting employees’ security credentials directly on their phones’ subscriber identity modules, or SIM cards, allowing them to “badge” in out of buildings and secure areas the same way they would with a company ID or key fob.

U.K-based security software developer Intercede and SIM-card maker Gemalto are providing the technology, and here’s a rundown of how it works: As new employees are hired they provide their mobile phone numbers and then download Intercede’s MyID app to their smartphone.

Intercede smartphone ID NFCThe company sends either a text message or an email to the employee, with a prompt to download security credentials from the phone. That download will verify the employee’s identity against the information in his or her  SIM card and then install a Java Applet into the module, which acts as their keycard going forward. The phone’s near-field communications (NFC) chip becomes the pass-through mechanism to a building’s contactless locks.

From that point on the employee can open a door with a wave of a phone. But the credential system acts as more than just a keycard, said Intercede VP of Business Development Peter Cattaneo. It can also be used as a security token to grant a phone access to a corporate intranet or email server, he said. For additional security, a company could take advantage of some phone’s fingerprint reader or other biometric sensors to ensure not just the device, but the person holding it, is authorized to enter a door or use a network.

Some of you are probably poking holes in this scenario by now. The obvious limitation in moving entirely to mobile phone-based building security system is the huge variation in hardware employees own. In fact, these are many of the same barriers faced by NFC-based mobile payments systems like Isis and Google Wallet. Only newer high-end Android phones have NFC chips today, and depending on the degree of security a company wants to use, older generation SIM cards might not support the software.

As a mobile carrier, Telus has a lot of say over the phones and SIM cards its employees use, but you won’t get that kind of control in another company, especially if that company is just one of many in a multi-tenant building. According to Cattaneo, however, these are easy issues to overcome.

SIM cards galore

First off, SIM credentials aren’t a stand-alone solution, he said. If an employee doesn’t have an NFC phone they can just use a traditional keycard. For iPhone users, companies can issue NFC sleeves much like the ones Isis uses for its mobile payments service.

Ultimately, though, the more useful applications that are built around NFC, the more incentive device makers have to include the technology in their future phones. (Check out Gigaom Research’s recent report on the different use cases for NFC.) Right now, the fledgling NFC-based mobile wallets aren’t much of selling a point. But as it becomes possible to use NFC phones to get in and out of our homes and businesses, board subways and even start our cars, contactless technology becomes much more useful.

SIM cards image courtesy of Flickr user mroach

  1. Any privacy issues? My current building ID doesn’t share any personal information with my employer. Will using this Gemalto service allow my employer access to information that isn’t available from simply using a standard keycard ID?

    Share
    1. Kevin Fitchard Friday, February 7, 2014

      Hey Khurt,

      Can’t give you a definitive answer there, but my inclination is to say no. Intercede says it can support multiple credentials on the same SIM, which is what would makes it really handy. If there are several different buildings you need to access you don’t need several different badges. And the Applets that are on your phone are supposed to be secure they can be only read the company that put them there, so I can’t imagine you would be getting cross-traffic between credentials.

      Is there anyway of messing with them? I suppose there is. I think we’ve learned over the past year that no security is infallible. But intercede does some pretty hard-core security work. It’s tech is being used by the Defense Department.

      Share
  2. Really? “Only newer high-end Android phones have NFC chips today…” Ever heard of Windows Phone 8, Nokia Lumia smartphones etc?

    I use NFC a lot on my Nokia Lumia 925 so I’m not sure what bubble the author lives in!!

    Putting aside consumer purchases of Windows Phone for a second (it’s over 10% market share in Europe, Australia etc and has the fastest YoY growth, there are a lot of companies and organisations moving to Windows Phone away from iPhone and Android phones and IT Managers prefer it.

    All these devices have NFC chips as do most Windows 8 tablets.

    Share
  3. So if you have an iPhone, you’re SOL….

    Share
  4. Just make sure the phone is not run out of batteries.

    Share
  5. Aaron Ashfield Sunday, February 9, 2014

    Secure Access Technologies provides a door entry solution that users SAT Mobile ID and that integrates with HID in minutes.
    This solution works on any mobile phone including iOS, Android and Windows phones.

    Share
  6. It misses 2 other criticals components; 1 security and 1 social:
    – How do you know the person next to you did not tailgate in?
    – In a larger company, a badge is an easy reminder of a person’s name.

    Share

Comments have been disabled for this post