I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about:
- NFC’s moving parts
- Impending demand from your users
- NFC’s potential for access to buildings and applications
- Missing ecosystem components
The next revolution in mobility is coming: it is near field communication (NFC). The industry focus today for near field communication (NFC) is tap-to-pay systems that leverage mobile devices, a la Google Wallet and ISIS. That’s all well and good because it will feed customer demand for NFC-enabled devices. Last year, Gartner estimated that 50% of smartphones will be NFC-based. In my opinion, the estimate is conservative. I am more interested in what happens after payments, when NFC-enabled devices reach a deployment tipping point and will be used for enterprise access.
The enterprise use of NFC can be distilled into two challenges: the lack of ownership and increased complexity. For starters:
- The user owns the smartphone.
- The mobile network operator (MNO) owns the network pipe to the smartphone, which is required for over-the-(OTA) air provisioning of credentials to the secure element (the storage area inside the smartphone).
- The MNO also owns the keys necessary for writing the credentials, so “sideloading” the credentials (via physical access to the smartphone) will not work.
- An additional actor in the NFC ecosystem is the Trusted Service Manager (TSM). Its job is to enable OTA provisioning of credentials by acting as an intermediary between you (the enterprise) and the plethora of MNOs who gate access to your users’ smartphones.
My next posts will talk about the specifics of NFC and the missing puzzle piece required for NFC to work. To telegraph the punch line a little, a new service is required to provide secure credential and application distribution. We’re calling this service mobile credential management. It doesn’t exist yet. The service must be able to:
- Distribute applications to mobile devices
- Interface with credentialing services (like an on-premises certificate authority)
- Interact with the MNOs provision credentials to the secure element. There is a fair amount of technical interoperability to make this work.
I’ll also discuss mobile credential management, authentication, NFC, and authorization at Catalyst 2012—hope to see you there.
The Evolving Intersection of Mobile Computing and Authentication (research document – subscription required)
 Subscription required.
 If you are a smart card enthusiast, think GlobalPlatform keys and security domains.