Is Gesture-Based Access Control The Future Of Identity Management?

Gesture Controls

Changes in the access control industry, together with innovation, is occurring at a rapid pace. The virtualisation of contactless smart cards allows a whole host of new innovative thinking, along with the ability to combine many access control applications into a single, very convenient solution.

The ability to hold ID credentials on smartphones is perhaps one of the most exciting developments. In this instance, a regular smartphone becomes a ‘digital key’. The phone simply behaves like a normal access card – the identity information on the phone is communicated to a reader that makes the decision whether or not to unlock the door.

Mobile access control will be rolled out in stages. In the first deployment phase, also known as card emulation mode, smartphones will receive digital keys that the users can then present to door readers in the same way they present today’s ID badges.

In the future, the phone’s on-board computing power and built-in network connectivity will be used to perform most tasks that today are jointly executed by card readers and servers or panels in traditional access control systems.

This includes verifying identity with rules such as whether the access request is within a permitted time and, using the phone’s GPS capability, whether the person is actually standing at the door. Information is checked against cloud data, and the phone sends a trusted message over a cryptographically secure communication channel to open the door.

With this model, mobile devices (rather than an access control system) become the access decision-makers, and doors (rather than cards) become the ID badges. This paradigm reversal, sometimes called duality, will change how the industry offers access control solutions.

Organisations will no longer need intelligent readers connected to back-end servers through physical cabling – just stand-alone electronic locks that can recognise a mobile device’s encrypted “open” command and operate under a set of access rules. This will dramatically reduce access control deployment costs.

This next-generation form of access control will open up new opportunities to more economic solutions that protect even more doors, while also enabling new services like authenticating documents, anywhere, anytime, by using the technology intrinsic to a mobile phone.

Moving to IP-based access control processes such as these simplifies system operation, expansion and customisation, and enables the physical access control system (PACS) to be integrated with many other solutions on the same network. In doing so, an integrated enterprise-wide physical and logical access control system can be created.

Other new developments include using hand gestures for access control which will make this process even more convenient. This addition could invariably enhance the next generation of mobile device-based access control credentials in the future. Just as mouse technology was a disruptive innovation that revolutionised the computer interface, gesture-based technology will change how users interact with access control systems.

The industry is already seeing the impact of gesture technology in gaming. Further developments are underway in the interactive TV market, where users are able to swipe through on-screen TV and game console menus by gesturing in the air from their seat on the couch.

Other developing applications for gesture technology include robots that help care for the elderly and digital signage that can see who the customer is and display content that is relevant to them. Now, perhaps, the access control industry is poised to experience a similar transformation.

With a simple user-defined wave of the hand or other gesture, individuals will be able to control a variety of RFID devices. This will improve the user experience while increasing security by providing new authentication factors that go beyond something the cardholder “has” (the card) to include a gesture-based version of something the cardholder “knows” (like a password or personal identification number).

Gesture-based access control works with smartphones in a mobile access control environment, where it will be possible to use both two- and three-dimensional gestures by leveraging a smartphone’s built-in accelerometer feature.

Because the phone’s accelerometer senses movement and gravity, it can tell which way the screen is being held. This allows for a novel way of adding another authentication factor to the existing authentication scheme.

A user could present the phone to a reader, rotate it 90 degrees to the right, and then return it to the original position in order for the credential inside the phone to be read, and for access to be granted. So in the future when you see someone waving their phone at a secure door and it opens, don’t be surprised. “Open Sesame’ has arrived.

Increased knowledge and awareness of such advancements is vital to ensure that businesses can ultimately take advantage of these access control developments and make strategic investment decisions for the mid to long-term.

Harm Radstaak

Harm Radstaak is MD, Identity & Access Management, Europe Middle East and Africa (EMEA) with HID Global. Harm is responsible for the strategic development and growth within the region and brings more than 15 years of experience in the security and smart card industries. Prior to HID Global, Harm held various international sales and marketing management positions, where he specialised in the time and attendance and security markets.