The process of creating adoption standards continues to drag on
The time has come to run with the benefits mobile credentials offer. Unfortunately, the adoption of mobile credentials may be years off as the commercial security industry grapples with challenges that continue to postpone the ability of mobile devices to interact with security systems.
Despite the obstacles, pretty much everyone recognizes that the future of access control is mobile, and each year the technology inches closer to acquiring more widespread adoption. We’re all just waiting on the standards.
The technology and end-users are ready for mobile credentials. Current projects are moving from the pilot stage to implementation, and feedback from the market suggests that more and more end-users are demanding the inclusion of this technology in their projects, if not for immediate use but as a way to future-proof systems.
The DeFacto Market Standard
The technology must still overcome some obstacles before mobile credentials eventually overtake physical access cards as the defacto market standard. Some corporate and government leaders are pushing the technology faster and harder than the commercial security channel, but widespread adoption depends substantially on standards. The process of creating adoption standards can be long and drawn out, which can delay implementation for many years to come.
In the midst of this standards paradox, the promotion of a defacto standard seems to have prevailed. Defacto standards start off as proprietary implementations belonging to a single company or a consortium. Through a combination of market dominance and open sourcing the underlying technology, they become widely adopted as the path of least resistance. By the time the standards are published in their final form, many nearly compatible products will be on the market or close to being released.
Bluetooth problems persist
Bluetooth is a contender for radio transmission of credentials between smartphones and readers. Everyone has it on their smartphones already, and it’s free of the implementation issues of NFC. But Bluetooth alone is not a “full stack” protocol. It doesn’t specify the application layer—the part that distinguishes one use case from another. Bluetooth technology is fragmented, there are a lot of moving parts to manage, and there are too many versions of Bluetooth for any one card reader to handle.
The Security Industry Association’s Standards Committee is working on creating common standards for mobile credentials. The Cloud, Mobility and IoT Subcommittee has formed a working group to study the possible scope and levels of standardization that might be practical to pursue for access control systems and smartphone apps. The group has received several proposals, and remains open to additional technical approaches.
Unfortunately, this standards activity is occurring at a time when many manufacturers have already invested significant resources in creating their own proprietary credential exchange protocols. These circumstances mean that if and when one or more standards are published, manufacturers will need to decide whether they see convincing business value in investing additional resources to conform to the standard.