A dictionary definition of the word ‘credential’ is ‘an identity authentication,’ and this is a widely used term in many areas. In general, it refers to a means of verification that a certain person has authority to do something. ID cards and various kinds of certificates are the best examples. In access control technology, a credential is an authentication that proves authority to access, where ‘access’ refers to the act of physically entering and exiting specific doors. There are various kinds of access control credentials, including keys, passcodes, RF cards, biometric information and smartphone devices.
The first kind of credential used in access control was the lock and key. Dating back to around 4,000 BC in Mesopotamia, the first key used by mankind was a toggler. Surprisingly, the principle of a toggler is not very different from today’s lock and key. Over the past 6,000 years, development of key technology grew more sophisticated until the 19th century AD.
In 1857, the invention of a lock that can open with a keypad started a new type of credential — the password. Around 150 years later at the end of the 20th century, an electronic access control system using RF cards was developed, digitally combining key and password credentials into a convenient new form of authorization.
Then, in the 2000s, biometric technology appeared, creating a brand new credential concept far superior to any the world had seen before. When mobile devices later became prevalent in the late 2010s, mobile identity authentication cards for smartphones were introduced, offering another high-security means of verifying identity and access credentials.
Strictly speaking, keys and passwords cannot be true credentials. They can function as credentials only if the right person possesses them, but if they fall into the wrong person’s hands they still grant access without discrimination. This is the problem with keys and passwords — it is hard to identify who is entering and exiting a facility. If a key or password is compromised, the owner has to replace the lock or change the password. Overall, keys and passwords are suitable for access control in private spaces for a small group of specific people, but not for public spaces for a large group of people.
RF cards were developed to overcome these limitations. Since an RF card is embedded with a unique number, it is possible to identify which card is used to enter and exit a specific door. Furthermore, RF cards can be individually deactivated when lost, making them more suitable for access control of spaces for a large group of people.
▲RF cards are embedded with unique numbers for secure access control
That said, RF cards are still problematic as access control credentials because they can still fall into the wrong hands. RF card authentication can identify the owner of a card, but it does not mean that the person who used the card is the same person who is authorized to use it. With such a limitation, RF cards can’t prevent the misuse of credentials.
This is where biometrics come in as a more secure alternative to RF card technology. Biometrics leverage personally identifiable biometric characteristics of individuals, making it impossible to misuse the credentials.
The biometric market has been driven by the growth of fingerprint recognition solutions, but a rapid change has occurred due to the outbreak of Covid-19. With an increasing demand for contactless innovations, AI-based facial recognition solutions have quickly replaced fingerprint recognition, which requires physical contact. AI-enabled facial recognition has a rapidly growing market demand as it adds non-face-to-face registration and contactless authentication features on top of the unique benefits of biometrics.
▲ Mobile cards are the final step of evolution in access control credentials
The emerging technology of mobile access cards is another future-oriented credential that addresses the limitations of RF cards while satisfying the challenging contactless requirements brought on by the Covid-19 pandemic. Nowadays, smartphones contain all the information we need in our daily lives, including private data and financial information. As the whole world has already accepted that smartphones are personal devices which are normally not lent to others, it can be said that mobile cards installed on one’s smartphone are a stronger credential than RF cards. Furthermore, if the mobile card is configured with FIDO-based biometrics embedded on the smartphone, it is impossible for an unauthorized person to use the card, thereby completely overcoming the security risk associated with RF cards. In addition, unlike typical RF cards that have to be physically issued and delivered, mobile cards are issued remotely — e.g., via text message — and used via the smartphone’s Bluetooth or NFC capabilities, satisfying the post-pandemic demand for contactless interaction.
Based on the evolution of access control credentials illustrated above, we can surmise that ideal credentials need to ensure:
① It is possible to identify who has actually entered and exited a space; ② Access authorization can be revoked; ③ Transference of access authorization can be prevented; and ④ All required interactions can be performed in a contactless way, with the assumption that the demand for contactless interactions brought on by the Covid-19 pandemic will not be short-lived.
These four requirements of access control credentials show that the most satisfactory credentials are AI-based facial recognition and mobile access cards — the final step of evolution in access control credentials. The knowledge gained through the 6,000-year development of the access control industry has brought us to these two superior forms of credential authorization, which are expected to become the industry standard of the future.
For these reasons, Suprema is dedicated to focusing our efforts on developing industry-leading AI-based facial recognition and mobile access card technology.
Attibute to: Seongbin Choi, the head of Suprema R&D Center, Suprema Inc.