Access control using gestures
Impact gesture technology is having on the access control industry
Innovation often comes at the intersection of multiple existing technologies, and gesture technology is a good example in the access control industry.
With the advent of smart mobile devices that feature accelerometers, wireless connections and powerful processing capabilities, it is now possible to control a variety of RFID devices with a simple user-defined wave of the hand or other motion gesture.
Just as mouse technology revolutionised the computer interface, gesture technology is expected to change how users interact with access control systems.
Gesture technology offers the opportunity to greatly enhance the user experience while increasing security and providing genuine user privacy. It will add a new and important authentication factor to the existing access control rule set that goes beyond something the cardholder “has” (the card) to include a gesture-based version of something the cardholder “knows” (like a password or personal identification number, or PIN).
Gesture-based access control will also increase speed, and minimize the possibility of a rogue device surreptitiously stealing the user’s credential in a “bump and clone” attack.
Gestures could be used to unlock apps, to lock and unlock doors as an alternative to mechanical keys, and to secretly signal the system and security personnel when entry is occurring under duress. Gesture recognition can also be combined with other authentication factors, such as those from finger-, hand-, iris- and facial-based biometric systems, to make multi-factor authentication on a single, integrated device a reality.
It will also be possible, and perhaps desirable, to make gesture the only (single) authentication factor, although this likely would only be for access to areas within a building that have lower security requirements. In these and other access control applications, gestures will be an additive capability for ID verification.
To use gesture technology, users simply define or choose from a predetermined series of hand-motion sequences or gestures that can be used to control operation of an RFID-based device or a smartphone. Gestures will work in a two- or three-dimensionally.
For instance, a user could present his or her card to a reader, rotate the card 90 degrees to the right, and then return it to the original position in order for the card to be read and for access to be granted. Adding gesture capabilities to a wireless connection gives users a great deal of control over how they interact with the access control system.
Mobile access control will be rolled out in stages. In the first deployment phase, also known as card emulation mode, smartphones will receive digital keys that users can then present to door readers in the same way they present today’s ID badges. In situations requiring extra security, it will be an easy process to push an application to the phone that requires the user to, for instance, perform a pre-defined gesture swipe on the phone.
Further into the future, the phone’s on-board computing power and built-in network connectivity will be used to perform most tasks that today are jointly executed by card readers and servers or panels in traditional access control systems. This includes verifying identity with rules such as whether the access request is within a permitted time and, using the phone’s GPS capability, whether the person is actually standing at the door.
Information is checked against cloud data, and the phone sends a trusted message over a cryptographically secure communication channel to open the door.
With this model, mobile devices (rather than an access control system) become the access decision-makers, and doors (rather than cards) become the ID badges. This paradigm reversal, sometimes called duality, will change how access control solutions are offered.
Organizations will no longer need intelligent readers connected to backend servers through physical cabling – just stand-alone electronic locks that can recognize a mobile device’s encrypted “open” command and operate under a set of access rules.
This will dramatically reduce access control deployment costs, and the industry will begin securing interior doors, filing cabinets, storage units and other areas where it has been prohibitively expensive to install a traditional wired infrastructure.
The virtualization of contactless smart cards, and their residency on smartphones, allows a whole host of new innovative thinking, along with the ability to combine many access control applications and capabilities into a single, very convenient solution.
As the industry moves to a mobile access control model that turns smartphones into trusted credentials, these devices also offer an ideal platform for gesture technology. Used alone or in tandem with other authentication factors, gestures will be easy to use, and offer the potential to significantly improve privacy and security.
About the author
Nat Pisupati is regional sales director, identity & access management, Middle East & Africa, HID Global.