New spec uses asymmetric key pairs to change the way system keys are managed
The Public Key Open Credential (PKOC) Standard – developed by the Physical Security Interoperability Alliance (PSIA) – is considered by many to be the future of secure credentials.
CampusIDNews talked with ELATEC’s campus lead Rawldon Weekes about the specification and how it could be a game-changer for mobile credential rollouts.
Using public and private keys, it essentially eliminates the need to safeguard the dedicated system key(s) that make today’s card and mobile credential solutions possible.
At the most basic level, the user’s mobile phone creates a public and private key pair. The private key stays securely housed on the device. The public key is sent over the air to the physical access control and other systems, which in turn distributes it to the network of readers.
According to a PSIA presentation, “When the phone is presented to an access device it is authenticated at the device or at the access panel then the public key (acting as the Badge ID Number) is pushed to the PACS for access granted.”
“In many of the solutions today, for cards and mobile, you get tied into one credential or one solution provider and you get siloed,” says Weekes. “PKOC will provide the flexibility to not be tied in and siloed into one solution but rather have that flexibility to really control who you're working with in your end customer environment and ecosystem.”
TRANSCRIPT:
Hi, my name is Rawldon Weekes and I'm with Elatec.
PKOC stands for Public Key Open Credential. It's a standard that has been introduced by a group of companies within the space who view the importance of interoperability for the end user.
When you come across different customers who are working with a solution, as it is today, it's very hard to move from one solution to the other.
So a solution like PKOC, which allows you to easily be able to manage the keys because of the presence of asymmetric keys (public key and a private key) and being able to share that in between users and the solution.
That makes it much more flexible in comparison to as things are today with symmetric keys, being able to have control over just one key and keeping it private as opposed to the flexibility between using two different keys.
How does it play into mobile credential space?
In many of the solutions today, for cards and mobile, you get tied into one credential or one solution provider and you get siloed.
As everyone's trying to move to mobile credentials, PKOC will provide the flexibility to not be tied in and siloed into one solution, but have that flexibility to really control who you're working with in your end customer environment and ecosystem.
And be able to plug and play essentially switching between one manufacturer to another making it easier for you to transition between solutions as needed.
So you as a user would have a lot more flexibility as opposed to being just tied into that one solution.
With mobile, also being able to easily support different credentials as they come to market, based on this standard, it just provides that added flexibility as well.
In terms of the standard and its availability, there are specs out there when you're available.
From the Elatec standpoint, we do support the spec on many of our readers and modules.
And the beauty of it also is not just tied to one modality, so it's not just NFC, but it could also be used on BLE, ultra-wideband down the line as well.
So it's all about future proofing and making it available for whatever you end up bringing to market. That's the beauty of the ecosystem and using a standard like this.