made headlines at the end of 2017 for its promise to let strangers deliver packages inside your house by automatically unlocking your front door. Then at , Apple announced student ID card access in . Students at six different American universities -- Duke, the University of Alabama and the University of Oklahoma this fall, and Johns Hopkins University, Santa Clara University and Temple University by the end of year-- will be able to add their ID cards to Apple Wallet and use their Apple Watch just like a traditional keycard to access campus buildings like libraries and dorms with a compatible reader.
Accessing physical spaces via digital technology isn't new, but centralizing that access to a consumer phone or a watch manufacturer puts even more information about our comings and goings in the hands of big companies like Apple. Are mobile devices with digital credentials a safe, even inevitable next step in secure access? One lock manufacturer certainly thinks so.
The company behind keyless
The company behind Apple's NFC expansion and the hardware that supports it is Assa Abloy, a Swedish company with roots going back to 1907 and the invention of the disc tumbler lock. Assa Abloy is the world's largest lock manufacturer. If you don't recognize the name, you might know one of its acquisitions, like residential lock makers Yale and August. Your place of employment or your university might also use key card systems manufactured by its HID Global subsidiary. The mobile ID cards in Apple's WatchOS 5 use a credential that matches up to a university database, the same way physical key cards manufactured by HID Global do.
Before his company was acquired by Assa Abloy in 2017, August CEO Jason Johnson was working on automating access to your home for service providers, similar to Amazon Key. Through a feature called, a dog walker could, with your prior authorization, automatically enter your August Smart Lock-equipped home to pick up your pup. Now a spokesperson for Assa Abloy, Johnson sees digitized access as facilitated by consumer electronics as the natural progression of the .
"We went from cassette tapes to CDs, and now we carry thousands of songs on our phones," said Johnson in a phone interview. "Likewise with keys -- we went from metal keys, to key cards and now that's being virtualized into the mobile phone."
The idea of digital access to a college dorm might be concerning to some people and rightly so. Concerns are growing across the country about school security and how to physically protect students of all ages. Johnson admits granting access to places where students live and work is a sensitive area.
"When it comes to access, we believe that has to be handled very carefully, and systems have to be architected so that you can grant and you can revoke access in real time," said Johnson.
Student data is another sensitive area when things go digital. When a watch becomes a way to access a building and it's connected to a university database, what happens to the information coming from each student's watch? Johnson says it's the schools that are ultimately responsible for how that sort of data is used.
"Each enterprise that implements our access control systems, they choose how to use the data and what to use it for," Johnson said. "They're using our system, our hardware devices, our software, but what they do with it and how they use it is entirely up to them."
Assa Abloy uses encryption technology it calls Seos, which creates an ecosystem where credentials, readers and applications communicate over NFC or Bluetooth. Johnson and the team at Assa Abloy don't seem overly concerned about any hacking risk.
"We never say that there's no risk to anything that's encrypted being compromised, but we've built a business on it," Johnson said. "We've done it with key cards, and now we've transferred that over to mobile to do it with NFC and Bluetooth."
Jim Dearing, Senior Analyst at IHS Markit noted that physical key cards might not be as secure as we think. In fact, the security risk could be lessened with a move toward mobile credentials.
"The 25KHz proximity cards are extremely easy to clone, and in many cases the readers themselves can be attacked and compromised," said Dearing. "Encrypted mobile credentials are far more difficult to compromise using traditional methods."
Where is this going?
Schools aren't the only places where digitizing IDs might replace the cards we carry around in our wallets. Johnson noted that Assa Abloy is working with governments on the idea of digital driver's licenses and even passports.
"We're actually working with certain states to create a digital version of the drivers license that resides in an app on the phone," said Johnson. "We're working with countries for ePassports; We have an electronic passport system rolled out with the country of Tanzania."
Australia and HID Global are working on a digital license project, and American states including Illinois, Louisiana, Iowa and Massachusetts have expressed interest in the idea of a digital ID.
That brings a lot of other use cases to mind. Could we someday scan through airport security? Digital boarding passes are already out in full force, but the idea of a digital driver's license or passport doesn't seem too far-fetched. Could we get rid of the DMV altogether? We've seen digital license plate testing in California already this year. Maybe someday we won't need to renew our driver's licenses at all.
Dearing says the idea of mobile or digital IDs could offer better security in a physical sense.
"If a person's smartphone is stolen, in many cases the thief would still need to get past the smartphones lock to access the device, plus potentially additional authentication requests to gain access to the application that stores the digital identity. Physical credentials like passports and drivers licenses are not able to offer this level of security if stolen."
The last August Smart Lock
The student ID program is nearly identical tothis April which allowed users to lock and unlock their door with just their watch. This sort of thing is what August has been focused on since the release of its last smart lock in September 2017, less than a month before the . Since then, we haven't seen any hardware releases from the company, and it doesn't seem likely that we will.
At CES this year, August highlighted, an in-home delivery system much like Amazon Key, that the company piloted with Walmart. August also announced its partnership with last-mile delivery service Deliv, which supports thousands of popular retailers. It's since rolled out August Access technology to AirBnb and HomeAway for delivering digital keys and PINs to renters.
With all this service-centric activity and the acquisition of August by Assa Abloy, it seems August's focus might be shifting away from hardware production. Johnson alluded to a blending of Assa Abloy's lock hardware (think Yale locks) and August's tech features as the path forward.
"With the acquisition with Assa Abloy, we're working very hard to enable a variety of Assa Abloy locks and products with all of the features and functionality of an August Smart Lock," said Johnson.
Assa Abloy's Yale partnered with Google's Nest for thethis year. Now, Assa Abloy's alliance with Apple's NFC student ID program gives the company a solid foot in both camps. Of course, if a shift in August's priorities and services gives consumers a Yale lock with August smarts, I'm on board.
There's no denying it. The way we interact with our entrances is changing. No matter what that means for August hardware, the future looks keyless. Digital doorways are stepping into the mainstream, with Assa Abloy and college kids at the helm.