While physical ID badges will always play an important role, you can expect to see mobile credentials (such as employee badge in the Apple Wallet) and logical access control solutions quickly gaining prominence — just as you’ve probably noticed more and more people opting for mobile payment, door access and user identification with the tap of a smartphone.
Why go mobile? There are many benefits, beginning with user convenience. People rely on their phones for all kinds of interactions and services throughout the day. If your smartphone can already handle tasks like payment and physical access, why not put it to work handling all your logical access needs as well?
Mobile authentication is a great way for healthcare enterprises, businesses and other organizations to consolidate security management for building access, workstation single sign-on, time and attendance, secure print management solutions, cashless cafeteria and more — without the need to physically distribute, manage and revoke credentials for employees, contractors or visitors.
Card-based, mobile, biometric and combined authentication methods all have their place. Helping you decide which is right for your business would require a one-on-one discussion to tailor a solution for your specific secure access needs. But if you’re investigating mobile, there’s one question you’ll immediately face: NFC or BLE?
BLE: Bluetooth® Low Energy
Everyone is familiar with Bluetooth®, the UHF radio technology incorporated into virtually every smartphone and computer that allows short-range communications with headsets, speakers, keyboards, mice and more. Bluetooth® Low Energy is a separate communication protocol that operates at the same 2.4 GHz frequency as Bluetooth, but is designed to consume far less energy and is used for applications that require only brief or intermittent connectivity.
Classic Bluetooth and BLE use the same antenna, with the different protocols implemented through software. Today’s smartphones offer both, and users typically aren’t even aware of the difference. When making a phone call, for example, Bluetooth is used to support a continuous conversation via a wireless headset. But for the purpose of indoor location tracking or proximity-based login, the same phone would use BLE to communicate short, intermittent bursts of data to nearby readers with minimal battery consumption.
Both Bluetooth and BLE can have a line-of-sight range of up to several dozen meters and a practical indoors range of several centimeters to 10 meters or more, depending on the phone model, whether the signal is attenuated by something like a phone case or purse, and other factors. BLE can be a great option for logical access and tracking applications that don’t necessarily require the closest proximity or ironclad assurance of user intent — for example, drive-up access to a parking garage or walk-up unlocking of equipment.
NFC: Near Field Communication
Similar to RFID card security technology, NFC allows a powered device, such as a credential reader, to activate and communicate with an otherwise unpowered electronic tag using inductive coupling via an alternating magnetic field at 13.56 MHz. This technology is most familiar in contactless payment cards, but contemporary smartphones also offer the same capability. The digital wallets in Apple, Google and Samsung phones, for example, all rely on NFC.
While BLE requires active radios in both phone and reader, the NFC tag is powered by the credential reader’s magnetic field and doesn’t place a significant load — or potentially any load at all — on the phone’s battery. The digital wallet and other applications that use the NFC tag do require power. But once the tag is configured, it could in principle be read even while the phone is powered off if the software enables this.
Because NFC transmits data via magnetic field induction rather than radio wave propagation, a payment card, phone or other NFC-capable device can only be read when it is very near to the reader — typically closer than 10 cm. With tap-and-go simplicity, a very short range, and the same security technologies used in contactless payment cards, NFC is an ideal option for applications that depend on next-level security with an absolute assurance of user intent — for example, access to corporate networks, protected health information, financial transactions and more.
|Range||Credential may be read at maximum range of 30 meters.||Credential may be read at maximum range of 10 centimeters.|
|Speed||Data transmission is about 1 MB per second.||Data transmission is about 424 KB per second.|
|Power requirement||15 mA||Passive: None Active: 5mA|
|User action required||Various app-specific actions may be required to prevent unintentional reads.||None.|
|Battery usage||Bluetooth radio consumes power and is controlled by software.||Passive NFC tags can be read without power.|
|High-throughput access||Interference between multiple signals may occur at turnstiles and other busy access points.||No interference due to the short range.|
|Security||Longer-distance, active communication may be vulnerable to relay attacks and other hacks.||Close proximity supports secure element validation and encryption.|
|Implementation||Variable with each phone OS and app.||Standard.|
|Provisioning and management||Credentials vary with each new phone, app and OS.||Credentials can be uniformly provisioned, managed and revoked in seconds.|
|Maintenance||New phones and OS upgrades require app maintenance.||Apple, Google and Samsung always ensure wallet functionality with no separate app to maintain.|
So Which One Should I Use?
As with so many technology choices the answer is, it depends. Understanding how BLE and NFC work can lead you to the best choice for your particular needs. For example, consider these factors:
NFC requires users to take explicit action, but is simpler than BLE in several other ways. For example, all user credentials can be added to a single digital wallet that’s easy for users to manage, potentially eliminating any need to carry separate cards. NFC can even be used when the phone is powered off or the battery has been dead for hours.
For both BLE and NFC, the ability to distribute, manage and revoke mobile credentials remotely simplifies administration and drives significant cost savings when compared to the management of physical cards.
NFC is extremely secure by the nature of how it was built within the Wallet. It’s the same industry-standard technology used in hundreds of billions of contactless payment card transactions every year. It’s virtually impossible to hack into or clone an NFC credential. And there’s no danger that an NFC credential could be intentionally or inadvertently read from a distance of more than a few centimeters. Given this level of security, NFC is gaining prominence as Apple and Google open up identity authentication as a viable pillar of their digital wallet solution offerings.
NFC, by contrast, is still in its infancy, but is gaining momentum in physical and logical access applications. The technology is implemented via the Apple, Google or Samsung Wallet — though adoption rate for digital wallets is still low — and applications must be licensed to use it. This typically involves a fee and agreement, but licensing restrictions are rapidly opening up as providers realize the huge potential for facilitating secure access to virtually everything users need with just one device. And for users, secure access couldn’t be easier. No pairing, no fumbling with applications, no radio interference — just tap and go.
Make the Right Choice for your Business
BLE and NFC both have their strengths, and both are here to stay. Both are popular with users, as they eliminate the need to carry physical credentials in addition to their phone. Both are great for implementing multi-factor authentication, as the phone itself is a possession factor, unlocked by a knowledge factor such as a PIN or a biometric factor such as fingerprint or facial recognition. And both can simplify credential management while enabling passwordless security across the organization.
BLE is best suited to applications where identifying users and their approximate location is the main goal, and the risks of a security breach are relatively minor. For example, on a construction site, BLE authentication might be used for site access and to ensure that heavy equipment can’t function unless a qualified operator is present. Other good examples include attendance tracking, mustering, follow-me printing, presence-based workstation locking and more.
NFC is best suited to applications where next-level security is paramount. That’s why NFC is used for contactless payment, but it has many other uses as well, such as passwordless single sign-on to workstations, cybersecurity for manufacturing, secure print release, attendance tracking, payroll, controlled substance prescribing, equipment cabinet access and more.
Mobile credentials can open the way to greater employee productivity and satisfaction, with simplified management at a lower overall cost. Interested in learning more? Get in touch, and let’s start the conversation.