Blog Post

One day you won’t need a badge to enter your building, just a SIM card

Employees of Telus(s tu) just got access to the latest in building-security technology, and it just happens to be in their smartphones. The Canadian telecom provider is putting employees’ security credentials directly on their phones’ subscriber identity modules, or SIM cards, allowing them to “badge” in out of buildings and secure areas the same way they would with a company ID or key fob.

U.K-based security software developer Intercede and SIM-card maker Gemalto are providing the technology, and here’s a rundown of how it works: As new employees are hired they provide their mobile phone numbers and then download Intercede’s MyID app to their smartphone.

Intercede smartphone ID NFCThe company sends either a text message or an email to the employee, with a prompt to download security credentials from the phone. That download will verify the employee’s identity against the information in his or her  SIM card and then install a Java Applet into the module, which acts as their keycard going forward. The phone’s near-field communications (NFC) chip becomes the pass-through mechanism to a building’s contactless locks.

From that point on the employee can open a door with a wave of a phone. But the credential system acts as more than just a keycard, said Intercede VP of Business Development Peter Cattaneo. It can also be used as a security token to grant a phone access to a corporate intranet or email server, he said. For additional security, a company could take advantage of some phone’s fingerprint reader or other biometric sensors to ensure not just the device, but the person holding it, is authorized to enter a door or use a network.

Some of you are probably poking holes in this scenario by now. The obvious limitation in moving entirely to mobile phone-based building security system is the huge variation in hardware employees own. In fact, these are many of the same barriers faced by NFC-based mobile payments systems like Isis and Google Wallet(s goog). Only newer high-end Android phones have NFC chips today, and depending on the degree of security a company wants to use, older generation SIM cards might not support the software.

As a mobile carrier, Telus has a lot of say over the phones and SIM cards its employees use, but you won’t get that kind of control in another company, especially if that company is just one of many in a multi-tenant building. According to Cattaneo, however, these are easy issues to overcome.

SIM cards galore

First off, SIM credentials aren’t a stand-alone solution, he said. If an employee doesn’t have an NFC phone they can just use a traditional keycard. For iPhone(s aapl) users, companies can issue NFC sleeves much like the ones Isis uses for its mobile payments service.

Ultimately, though, the more useful applications that are built around NFC, the more incentive device makers have to include the technology in their future phones. (Check out Gigaom Research’s recent report on the different use cases for NFC.) Right now, the fledgling NFC-based mobile wallets aren’t much of selling a point. But as it becomes possible to use NFC phones to get in and out of our homes and businesses, board subways and even start our cars, contactless technology becomes much more useful.

SIM cards image courtesy of Flickr user mroach

7 Responses to “One day you won’t need a badge to enter your building, just a SIM card”

  1. It misses 2 other criticals components; 1 security and 1 social:
    – How do you know the person next to you did not tailgate in?
    – In a larger company, a badge is an easy reminder of a person’s name.

  2. Aaron Ashfield

    Secure Access Technologies provides a door entry solution that users SAT Mobile ID and that integrates with HID in minutes.
    This solution works on any mobile phone including iOS, Android and Windows phones.

  3. Martin Walsh

    Really? “Only newer high-end Android phones have NFC chips today…” Ever heard of Windows Phone 8, Nokia Lumia smartphones etc?

    I use NFC a lot on my Nokia Lumia 925 so I’m not sure what bubble the author lives in!!

    Putting aside consumer purchases of Windows Phone for a second (it’s over 10% market share in Europe, Australia etc and has the fastest YoY growth, there are a lot of companies and organisations moving to Windows Phone away from iPhone and Android phones and IT Managers prefer it.

    All these devices have NFC chips as do most Windows 8 tablets.

    • Kevin Fitchard

      Hey Khurt,

      Can’t give you a definitive answer there, but my inclination is to say no. Intercede says it can support multiple credentials on the same SIM, which is what would makes it really handy. If there are several different buildings you need to access you don’t need several different badges. And the Applets that are on your phone are supposed to be secure they can be only read the company that put them there, so I can’t imagine you would be getting cross-traffic between credentials.

      Is there anyway of messing with them? I suppose there is. I think we’ve learned over the past year that no security is infallible. But intercede does some pretty hard-core security work. It’s tech is being used by the Defense Department.