In a recent pilot project, about 30 regular guests at a Clarion Hotel in Stockholm were given smartphones enabled with Near Field Communication technology, enabling them to bypass the check-in counter and access their rooms by tapping their phones on an NFC reader, which replaced the typical card-swipe door lock.
Marcus Majewski, general manager of the hotel, said the technology was provided by HID Global of Irvine, Cal. Majewski said guests were able to confirm their reservations online and then could open the door to their rooms, operate the elevators, retrieve hotel information and check out - all with their smartphones.
"First of all we wanted to see if it worked, and it did," he says. "Secondly we wanted to see if our guests were able to handle it, and they were. And last but not least we wanted to receive guest feedback on what their thoughts were in regards to a system like this. They were impressed and found it convenient at most times. I'm not sure if we will be adopting this or similar technology, but we are sure that smartphones will play a major role in the guest-experience."
What is Near Field Communication
Finalized in 2003, Near Field Communication (NFC) is a low-power radio frequency protocol that can automatically and rapidly set up communications between two devices, as long as they are nearly touching. The theoretical range is about 20 centimeters or eight inches, but in practice is about four centimeters, or less than two inches. Starting an NFC session is usually called tapping. With a maximum data rate of 424kbps, NFC is much slower than Bluetooth or Wi-Fi, but it can invoke other protocols to complete data-heavy transactions, such as biometrics.
David Holmes of the Identive Group explains that NFC use modes include two NFC devices launching a peer-to-peer link, such as between two phones, or a phone and a door reader using multi-factor security. Or the phone could read an NFC tag in a poster or retail display and even extract coupons that could then be used by the phone's electronic wallet, if present. Or the mobile NFC device could be a passive tag, card or key fob (or a phone emulating a passive device) used for transit system payments or for single-factor access control.
The cost of an NFC reader for a door varies from $100 to $500, depending on the level of security, he adds.
Access to dorms
In another pilot, also involving HID Global, 32 students at Arizona State University in Phoenix were given NFC-enabled smartphones which allowed them to access their dorm rooms, which were also fitted with NFC readers. Laura Ploughe, ASU's director of business applications, says, "The students loved the idea and 80% said they would rather carry a phone and not carry a card. "There were no problems worth pointing to and no complaints from the users, other than the selection of phones."
Students wanting access would start the security app on their phone, beginning a 30-second screen countdown during which the phone could be used to open any outer door in the facility, she says. An additional PIN was needed to open specific room doors. Since getting to a specific room required going through four doors (exterior, foyer, wing, and room) the students often re-set the app to 10 seconds and re-launched it for each door.
In a world where smartphone ownership is pretty much assumed, experts are predicting that Near Field Communication will replace those plastic keycards currently used to control employee access to the workplace, student access to dorm rooms and guest access to hotel rooms.
Of course, the infrastructure to support widespread deployment of NFC technology isn't there yet. The phones need to have Near Field Communication (NFC) functionality (see sidebar) before they can unlock doors, and such phones are few and far between. But that is expected to change, and in the meantime the ramp-up has already begun.
"We foresee 2012 as the year when deployments are going to start to happen, mostly because of the availability of the handsets themselves" says Jeremy Hyatt, spokesman for HID Global. Indeed, the number of handsets with NFC is expected to rise from a global total of about 35 million at the end of 2011 to about 100 million by the end of 2012, estimates David Holmes, vice president of the Identive Group, an NFC solutions vendor in Santa Ana, Calif. In addition, there are also ways to retrofit a phone with NFC.
The security advantages of NFC go beyond not having to acquire and manage security cards, adds Ray Wizbowski, vice president at Gemalto NV, a Dutch digital security firm with U.S. headquarters in Austin. "Unlike cards, the phones can be provisioned with security features remotely, over the air, and the security provisions can be changed on the fly if the situation demands," he says. Also, if the phone is lost or stolen, or an employee is terminated, the security features can be canceled and the accompanying data erased remotely, as is done with stolen laptops, Wizbowski adds.
Hyatt, the HID Global spokesperson, envisions a day when a hotel customer will routinely check in through the Internet, using a credit card. The hotel knows when the customer will be arriving, and prior to that time will send the security app to the customer's smartphone. The customer can bypass the front desk and go directly to the room, where the door will unlock for the smartphone. At the end of the stay the door will simply stop responding to the phone.
On the other side of the coin, the technology raises the possibility of being locked out due to a dead cell phone battery. "The phones themselves are typically implemented with the ability to do card emulation if the battery is dead," explains Steve McRae, CEO of Merchant360, an NFC integrator in Medford, Ore. Such cards, and key fobs that work the same way, are passive NFC devices that are powered by the radio frequency emissions of the reader. "It is not an NFC technical requirement, but it is a best practice and all the phones are supporting it."
Holmes at the Identive Group notes that the fallback feature was insisted on by various transit authorities around the world that calculate fares when the rider disembarks. Otherwise, in a scenario where NFC smartphones end up being used for transit payment systems, a dead battery could leave someone trapped on a subway.
But Chris Corum, editor or NFCNews.com in Tallahassee, Fla., notes that such card emulation would involve only minimal functionality, and would rule out the multi-factor security that smartphones otherwise make possible. (Single-factor security, of course, is the presence of the phone; two-factor security adds a PIN, and three-factor would add a biometric feature. Sources also predict the use of a phone's GPS feature, to ascertain its location.)
Meanwhile, as it turns out, the lack of NFC phones is not a barrier to the use of NFC security systems, since some phones can be readily retrofitted.
Amitaabh Malhotra, COO at DeviceFidelity in Richardson, Texas, says his firm offers microSD cards to add NFC functionality to certain smartphones using their memory expansion microSD slots. The cards include expansion RAM so the user does not have to give up expanded memory in exchange for NFC functions, Malhotra says. The NFC antenna is included in the card and nothing shows on the outside of the phone. The card's circuitry includes a firewalled, tamper-resistant secure element which can only be read through the card's microcontroller, using the DeviceFidelity API, Malhotra explains. Any other form of access will only read the expansion RAM, he adds.
Cards for various Samsung models sell for $29.95, including $10 in an electronic wallet. The iPhone does not have a microSD slot and so the retrofit is done through a case, and costs $79.95.
Finally, the fact that NFC phones can also be used as electronic wallets would seem likely to enhance their appeal, but Malhortra fears it will only complicate their acceptance. When used for physical security, what's in the secure element is a matter between the phone's user and the owner of the door. When used as a wallet, various banks, payment card networks, carriers, handset makers, and government regulators are involved and all but the latter are jockeying for a cut of the action, he warns.
Whoever initially supplies the secure element of a phone would probably charge other parties to use it for their apps, but that would additionally involve establishing trusted relationship among those parties, and many details would have to be settled, he notes. "How many trusted relationships can you work out?" he asks. "There are so many parties that need to be involved that it's mind-boggling."
Wood is a freelance technology writer in Texas. He can be reached at [email protected]
Read more about anti-malware in Network World's Anti-malware section.