Access ControlFeatured NewsIoT

Exclusive: Connecting the dots with LEGIC

LEGIC’s Christine Mayr, John Harvey and Carl Fenger reveal the benefits of the company’s state-of-the-art smartphone security platform.

Creating secure virtual services or apps that require rapid deployment on smartphones or other mobile devices is becoming increasingly common for consumer and professional applications. LEGIC Connect is a cloud platform service which enables you to carry out this task quickly and securely over publicly available internet or cellular services.

The rise of smartphone-based services

Services that enable users to interact with and control infrastructures such as shared offices and vehicles, hotel rooms, campuses and city services are on the rise. Personalised interaction with infrastructure based on a smartphone-based mobile app is becoming the preferred choice for users to interact with the world around them for both professional and leisure activities.

Today, such services are growing in consumer markets as well as industrial IoT sectors where they enable access to and personalised interaction with private and vacation dwellings, shared and rental vehicles, electric car charging stations, industrial machines, robots and personal IoT devices.

As most users today possess a smartphone, many new mobile app-based solutions are being introduced to serve all these application areas.

A shared challenge

A common challenge that applies to all these use cases be it for private or professional use is how to securely onboard new users as well as instantly enable or disable access and modify usage rights – an example being a virtual smartphone-based hotel room key which has very precise times when it should open specific doors, when it shouldn’t and by whom.

The LEGIC Security Platform solves this issue by providing secure and flexible technology consisting of a central cloud-based Trusted Service and plug-in mobile SDK that communicates with LEGIC hardware Security Modules embedded in edge devices (a hotel room door, for example). This enables service providers to focus on managing their infrastructure and offerings and on optimising the user experience – the secure communication of configuration data between the service provider’s management backend, mobile apps and service infrastructure is taken care of by the LEGIC Security Platform.

Introducing LEGIC Connect

LEGIC Connect is the smartphone part of the LEGIC Security Platform. It is used to manage mobile credentials which determines what each user pre­fers, or is allowed to do and when. It is a mature technology with thousands of credentials being deployed at any given moment around the globe based on secure end-to-end AES data encryption, an encryption technique so powerful it has been adopted by the US government for protection of classified information.

Thanks to LEGIC’s service-agnostic platform, smartphones can be securely provisioned over-the-air for a wide variety of applications such as unlocking doors, purchasing train tickets, starting cars or streamlining manufacturing or logis­tics processes.

LEGIC Connect also enables operators to configure cryptographic keys or custom parameters on edge devices, update and maintain infrastructure or securely receive status reports or maintenance data back from infrastructure to the service backend. This capability is useful for status and security alerts, for enabling preventive maintenance and can be done at any time all over the globe via any Android or iOS smartphone.

LEGIC Connect not only leverages existing user smartphones but allows for a highly customisable user experience tailored to service and security needs. It also supports security mechanisms such as optional PIN code or biometric verification including facial or fingerprint recognition, features which are readily available on today’s smartphones.

To support contactless communication between smartphone and infrastructure, Bluetooth Low Energy (for up to 10+ metres) or NFC wireless communications (typically up to 20 cm) are leveraged – both are common features on modern smartphones and are supported by LEGIC Connect.

Focus on your service, not how it is deployed

The beauty of LEGIC Connect is that it enables service providers to focus on their mobile service offerings and not on its deployment or security. LEGIC Connect ensures secure distribution and management of cryptographic and authentication data. It secures the communication channel between backend and infrastructure which can be over the publicly available internet or cellular service. When a smartphone and LEGIC technologies are combined, the possi­bilities for secure mobile services are endless.

How LEGIC Connect works

LEGIC
Figure 1: LEGIC Connect end-to-end mobile security platform

Figure 1 illustrates the operation of a smartphone-based authentication and credential management sys­tem which uses LEGIC Connect.

A service provider’s application management system uses LEGIC Trusted Service to send credentials to a mobile app via an encrypted channel. These credentials are provisioned to users to indicate what he or she pre­fers, or is allowed to do and when. A classic example used in infra­structure management is determin­ing which doors may be opened in an office building by whom and at what times.

Credentials which are relevant for a specific user and edge device, for example a car door or vending machine, are then transmitted to the edge device using the smartphone’s built-in Bluetooth or NFC capabilities. In order to facilitate the seamless design of the application and authentication sys­tem, API and Mobile SDK for mobile devices, as well as Security Modules with embedded Secure Element for the edge device are all provided by LEGIC.

Thanks to LEGIC Connect, smartphones can be securely provisioned over-the-air with multiple powerful functionalities within existing telecommunications infrastructure.

Key features

Android- and iOS-based Smartphone apps which leverage secure user authentication and credential management can be quickly developed and deployed based on an easy-to-use mobile SDK provided by LEGIC.

Smooth, fast, secure radio connectivity over short (up to 20 cm) or long (up to 10+ metres) distances can be established based on Bluetooth or NFC.

Secure, contactless file transfer of system configuration as well as application data can be sent via the LEGIC Trusted Service.

Low power consumption of the SM-6000 Security Module series makes them ideal for battery powered edge devices.

Online and offline operation are supported – secure authorisation and credential management continues even when network connectivity is unavailable, for example when opening a car door via smartphone app in an underground park house.

End-devices based on the LEGIC Security Platform meet the official Common Criteria level EAL5+.

Encrypted, bi-directional messaging between edge devices and management system backend is ideal for pre-emptive maintenance or alert notifications.

Smartcard option: applications are also supported by all globally relevant smartcard standards such as LEGIC, NXP MIFARE, and HID iCLASS.

One-stop shop – all software, components and tools as well as training and support are provided by LEGIC, an industry leader in embedded, contactless security solutions.

www.legic.com

This article was published in the September 2020 edition of International Security Journal. Pick up your FREE digital copy on the link here