Secure P2P offers a number of advantages over card emulation mode, the access control specialist’s Raj Venkat has told NFC World — there is no no need to wait for carriers to deploy TSM platforms, no middlemen have to be involved and the technology works on both locked and unlocked NFC phones.
AptiQmobile, an NFC key management system developed by access control specialist Ingersoll Rand, is now commercially available following more than two years of development and extensive testing at Villanova University and at the University of San Francisco.
The solution uses a newly developed secure P2P architecture, enabling keys to be issued to Android NFC phones without the need to gain access to a secure element. iPhone users can also be issued with keys, using an NFC add-on device, and support for Windows phones is to be added later.
Advantages of this secure P2P approach is that the technology can be deployed today by the company’s global network of distributors, Raj Venkat, Ingersoll Rand’s VP for readers and credentials, told NFC World — without waiting for carriers or other players to launch commercial NFC platforms supporting secure elements and card emulation mode.
AptiQ can also be deployed on both locked or unlocked phones, independent of the user’s carrier, and “the economic model becomes a lot more attractive. There’s no middlemen.”
Distributors can also price the service in the same way they charge customers for current generation card-based access control systems: the service carries a one time fee, similar to the cost of a smart card, for loading a mobile credential onto a user’s phone. There are no annual or usage fees.
“We are using NFC peer-to-peer and have added layers of security to it so it can be used for access control and adjacent applications,” Venkat explains.
Users simply download the AptiQmobile app to their smartphone and their access control administrator then uses the AptiQmobile cloud service to send a secure mobile credential directly to the user’s phone.
This mobile credential is a 128 bit AES encrypted version of the user’s actual ID that can be decrypted by an AptiQ access control reader and is stored in their phone’s main memory “in the same memory location as your other app passwords and sensitive information”.
Once the mobile credential has been downloaded, the user can then open the app and tap their smartphone on AptiQ readers running a new NFC P2P software stack, in the same way they use an ID card today. No online connection is required by either the reader or the mobile phone.
“For customers already using AptiQ readers, there is no need to replace anything,” Venkat says. “The existing AptiQ readers work with prox/smart cards and the AptiQmobile credential. For new customers, AptiQ readers are multi-technology, offering an easy migration path from prox/magswipe or smart cards to mobile. Customers can also continue to operate in a hybrid world of cards and mobile.”
All communications between the door lock and an NFC phone are encrypted and further secured using patent-pending anti-playback technology that changes every time it is used. “Every transaction is unique and cannot be duplicated. This prevents someone from trying to transfer the credential to a second device or someone trying to record and then send it back to the reader at another time.”
The platform is currently being tested by Heartland Payment Systems and, Venkat says, secure P2P is expected to be the preferred choice for most Ingersoll Rand customers.
A solution is also, however, under development that will use a secure element to store user’s credentials. “There would be some customers who would prefer to have the secure element solution but I believe a good majority of customers will opt for the secure peer-to-peer option,” Venkat concludes.