Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
PhysicalAccess ManagementIdentity Management

The Future of Mobile Credential Standards

It’s time for the security industry to realize the benefits of mobile credentials.

By Steve Van Till
The Future of Mobile Credential Standards
Steve Van Till

Steve Van Till

The Future of Mobile Credential Standards
Steve Van Till
February 1, 2017

Over lunch recently, a former Secretary of the Department of Homeland Security asked me, “How long do you think it will be until mobile credentials fully replace plastic badges and cards?” My reply was that “I would like to see it happen within the next five years. I usually give that number in public, and it always stirs up discussion. However, the reality is probably somewhere between 10 years and never.” He paused for a moment and said, “You’re way off. I think it’s going to be within three years.”

The former Secretary clearly works with a different constituency than I do on a day-to-day basis. Not a huge surprise. But his view is intriguing because somewhere, there’s a group of corporate and government leaders who are pushing this technology much harder and much faster than what we see in the commercial security channel, where old habits die hard. They must see the benefits for trust, convenience and cost that are primary motivators for people concerned with ROI and effective defense at the highest level.

Taking it further, though, we agreed that the various timeframes we bandied about for adoption of mobile credentials depended a great deal on standards. But standards cut both ways. On the one hand, they can be an accelerant, removing technical and financial uncertainty so that manufacturers and buyers alike can feel confident that they are placing their bets on a technology that will last. On the other hand, the process of creating and adopting standards can be very protracted. This can delay implementation decisions for many years while everyone sits around waiting to see which standard will win.

In the midst of this standards conundrum, what seems to have triumphed often in recent years is the promotion of a de facto standard. Such standards begin their lives as proprietary implementations belonging to a single company or perhaps a consortium. Then, through a combination of market dominance and open sourcing the underlying technology, they become widely adopted as the path of least resistance. By the time the standards are actually published in their final form, there can be many nearly compatible products on the market or nearly ready to be released.

And then there are the cases where no one agrees with each other and an entire genre of products remain incompatible with each other for many generations. Users suffer. Profits suffer. Technology suffers.

In the case of mobile credentials, Bluetooth is the odds-on favorite for radio transmission of credentials between smartphones and readers. Everyone has it on their smartphones already, and it’s free of the implementation headaches of NFC and its dependence on device manufacturers’ APIs, SDKs and “secure elements.”

But Bluetooth alone is not the end of the story. It’s not a “full stack” protocol. It doesn’t specify the application layer – the part that distinguishes one use case from another. It says nothing about what kind of data is transmitted, its format, or what it means to the transmitting and receiving parties.

For mobile credentials exchanged between smartphone apps and readers, saying that they all use Bluetooth does not mean that they will work with each other. Every mobile credential app in the market today is manufacturer-specific, and only works with that manufacturer’s hardware. If users need to access buildings that happen to be equipped with components from different sources, they will need to have multiple apps and multiple credentialing processes for each.

This is extremely inconvenient, to say the least. It is also error-prone because there are more credentials and systems that need to be managed, and in many cases be consistent with one another.  That makes it ultimately less secure than what could be accomplished with unified management and a common credential format.

This problem is being attacked by a number of organizations, both inside and outside of the security industry.

The Security Industry Association’s Standards Committee is one organization working on creating common standards for mobile credentials. Specifically, the Cloud, Mobility and IoT Subcommittee has formed a working group to study the possible scope and levels of standardization that might be practical to pursue for access control systems and smartphone apps. The working group has received several proposals, and remains open to additional technical approaches.

Unfortunately, this standards activity is occurring at a time when many manufacturers have already invested significant resources in creating their own proprietary credential exchange protocols. These circumstances mean that if and when one or more standards are published, manufacturers will need to decide whether to invest additional resources in conforming to the standard – assuming they see convincing business value in doing so.

An analogous standards battle is taking place in the IoT community. The standards are not about mobile credentials as such, although they do include the broader concepts of trust, authentication and data exchange between smartphones and IoT devices. They also address these same transactions among groups of IoT peers, and with other computing services in general.

What they also have in common is that they are all published and open to debate. Dozens of them.  They are available for public review and commentary right on the Internet. Many are open sourced, and can be evolved by the entire community of interest. Some are promoted by industry consortia with hundreds of members. But they are all aimed at making devices and services more interoperable with one another.

The point is that the IoT industry (if it can be called a single industry) is making an effort (or many efforts) to put standards in place for important classes of interactions between our connected devices. That’s because they know the price of not doing so: frustrated users, lower security, slower growth for the whole industry and higher maintenance expenses for all.

The security industry should take note. The secure exchange of credentials between people and systems is one of the bedrock requirements of physical security.

Let’s get it right. Even better, let’s do it in the next three years.

KEYWORDS: mobile credentials security standards security technology smartphone security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Untitled 1
Steve Van Till is the Founder, President and CEO of Brivo, the global leader in cloud-based physical access control and Software-as-a-Service solutions. He has previously served in a variety of senior management roles in high technology companies spanning Web development, healthcare, and satellite communications. A Board Member of the Security Industry Association (SIA), he also currently serves as Chairman of the SIA Standards Committee. He is a frequent author and speaker, as well as the inventor of numerous patents. Steve has been honored by Security Magazine as one of “The Top 25 Most Influential People in the Security Industry.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • big data feat

    The Future of Big Data for Retail and Property

    See More
  • Steve Van Till

    Changing Security with Big Data, the Internet of Things and Social Media

    See More
  • Generic Image for Enterprise Services

    Calculating the Importance of Norms in Big Data

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing