Apple to change access industry?

October 2014 Access Control & Identity Management

For more than four years now, one of the most talked about trends has been field communication (NFC). NFC was supposed to change the face of the access control industry by eliminating the need for cards, subsequently reducing the administrative burden on organisations of all sizes, all while increasing security. However, this has not yet come to pass, with suppliers offering little more than pilot projects, with limited real-world installations.

NFC isn’t a new concept. In 2006, Nokia released the first NFC phone, followed by Samsung in 2010 which released the first Android NFC phone. In 2011, Samsung announced its Secu-NFC technology. According to Samsung, the Secu-NFC chip combines a NFC controller and a secure element storing personal information and security keys with advanced encryption technologies. In 2013, Samsung and Visa announced a major partnership for mobile payments. The list of NFC enabled phones today is extensive. Examples include Alcatel, Asus, BlackBerry, Nexus, HTC, Kyocera and LG among many others.

Historically, most NFC installations were instigated by partnerships between handset manufacturers and financial institutions, producing closed systems with limited opportunity for developers to expand the concept to uses beyond mobile payment. IHS believes this has been one of the main barriers for implementing NFC in the access control industry.

On 9 September, Apple announced NFC would be a feature of the new iPhone 6. While Apple Pay is primarily a mechanism for secure mobile payments, there appears to be plenty of opportunity for other applications, since iOS 8 will also have an Apple Pay application programming interface (API) available for developers. Already, many retailers and restaurants have implemented Apple Pay into their own applications, allowing patrons to skip lines and pay/order directly from a mobile device.

According to Apple, the mobile payment transaction occurs by assigning a unique device account number, which is encrypted and securely stored in the secure element, a dedicated chip in the iPhone. When a purchase is made, the device account number alongside a transaction-specific dynamic security code is used to process the payment. So the actual credit or debit card numbers are never shared with merchants or transmitted with payment.

The true benefit of this announcement for the access control industry is the potential use of the open API for developers. Although Samsung Galaxy has an embedded SE and countless other devices offer subscriber identification module (SIM)-based SE, there has been limited traction for access control.

So what exactly is the secure element?

There are many forms of secure element, including the universal integrated circuit card (UICC) – NFC SIM, embedded SE, external (sticker or sleeve) and microSD. The most used formats are UICC and embedded, with the new iPhone 6 featuring an embedded SE. According to the 2014 IHS report on NFC, globally 18.2% of cellular handsets shipped in 2013 were NFC-enabled (up from about 8% in 2012). IHS forecasts the number of phones that are NFC-enabled to reach about 1.17 billion by 2018. The report also estimates that about 70% of NFC secure element implementations into cellular handsets were embedded and 27% were on the SIM card in 2013.

What does this mean for the access control industry?

The announcement by Apple addresses one of the barriers the access control industry has faced with regards to NFC, i.e. loading an identifier onto the secure element. With the API mentioned by Apple, it is possible that access control manufacturers – among others in the supply chain–could load and command an identifier directly onto the secure element. Currently, most providers of NFC-based access control are using encryption methods which are located in the sand box (host operating system) of the handset only, not the SE.

By using host card emulation (HCE), providers are able to offer NFC outside of the SE. Although this isn’t deemed a best practice the only other means to provide mobile access control through NFC would be to partner with all the cellular carriers and providers, which can be an incredibly arduous process. By partnering, the access supplier is allowed access to the SE, which is typically either embedded or in the SIM card. One example of such a partnership is HID and Oberthur Technologies. In 2013, HID announced a partnership with Oberthur Technologies to carry Seos Digital Keys on NFC SIM Cards. As mentioned above, the Apple announcement could make it easier for access control suppliers to provide mobile credentials with the true security provided by the secure element.

Beyond the buzz, the market opportunity for access control remains unclear and only time will tell if Apple providing mobile payment will jumpstart NFC usage for access control. Some access control manufacturers speculate that the use of the secure element may not always be necessary and that the encryption provided for access control data on the handset is sufficient for most end-users.

So how quickly could this announcement impact access control? Today, data suggests that less than 3% of retailers, or 220 000 out of about 9 million, will be using the mobile payments at the start. One of the main reasons for low adoption is the lack of infrastructure in stores. However, every credit card in the US will be required to have EMV chip-and-pin technology by October 2015. As a result, merchants could decide to move forward with NFC capabilities since they will need to upgrade their system anyway.

Interestingly enough, Apple is only launching in the US, which has the lowest penetration rate of mobile payments compared with all other regions. There is tremendous upside though. Access control end-users already have the infrastructure in place to support NFC, e.g. the smartcard reader (13.56 MHz). While some pieces of the system may need to be upgraded such as incompatible hardware and software, the system is mostly ready. So unlike the retail space which has to replace millions of terminals and retrain employees, access control is already primed for the transition.

Overall, Apple could instigate change for the access control industry; however, adoption will remain low due to the other barriers which have not been addressed, such as mobile phone issuance to colleagues and identifying which department in an organisation will manage the mobile credentials, since in most cases, the phone would be managed by IT and the security credential would be managed by the security department.

New policies and procedures will have to be created and many end-users will still be issued badges for identification purposes. Lastly, Bluetooth is becoming a viable alternative to NFC. Security suppliers have been working for the past several years to work with NFC and implement it beyond pilot projects to little avail. As a result, many are turning to Bluetooth, which is deemed by many to be a more robust option for security purposes such as access control since the read range can be modified, among other reasons. Additionally, Bluetooth has a longer history than NFC with smartphones, with Bluetooth being introduced in 2000, NFC in 2006.

So, while the Apple announcement gets the ball rolling for NFC in the physical secur-ity space by providing more outlets for app developers to create a unique user experience, other barriers still need to be overcome prior to reaching critical mass.

For more information contact IHS, +1 512 582 2023,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.