Frequently Asked Question about Seos Does Seos work over NFC and/or Bluetooth? Yes. Seos provides a secure channel over any underlying communication protocol. Solutions are available today that work over both NFC and Bluetooth. Which mobile operating systems can support Seos? In theory any mobile operating system can support Seos. Applications are deployed today on iOS and Android. Where is Seos implemented today? Seos powers a broad range of ASSA ABLOY solutions. Employees are accessing buildings and office spaces today where enterprises have deployed HID Global’s Mobile Access or issued Seos cards. Students are using their phones/ID cards to open the doors to their dormitories at universities that have adopted the Seos platform. Consumers in South Korea are opening doors to their homes using their phones on locks from iRevo. US consumers are enjoying the convenience of opening their doors with their phones by using Real Living locks from Yale. Guests at Starwood hotels can use their phones to bypass the front desk and get into their hotel rooms How will Seos be licensed to parties operating outside of the ASSA ABLOY ecosystem? Parties wishing to develop solutions that leverage a mobile phone or other smart device as an ID credential will be able to license Seos to implement a secure vault for digital identities on the phone. Can Seos be used for solutions beyond physical access control? Yes. Seos can be used for any solution where convenience and/or security require a user to prove his/her identity using a phone, wearable or any other smart device. Examples might include login to online services, virtual driver’s licenses and payment systems. How does ASSA ABLOY help solution providers who are licensing Seos? ASSA ABLOY will provide an end to end platform, in the form of Software Development Kits (SDKs) and cloud-based services that provision user identities to mobile devices and enable applications to verify the authenticity of those identities when the device is presented as an identity credential. This leaves developers free to focus on building new and innovative solutions that leverage mobile phones and other smart devices as identity credentials. What is available today? The ASSA ABLOY Mobile Access service can provision digital keys (representing user identities) over the air to mobile devices. These keys can be managed on the mobile device by any Android or iOS app that embeds the Seos Mobile SDK. The app enables the mobile device to be used as a trusted credential with a wide range of readers and locks from ASSA ABLOY as well as Seos capable applications from over 60 partners providing solutions for time & attendance, cashless payments, offline locks, secure printing, parking access, biometric based verification, electronic vehicle charging and computer system Login. How will ASSA ABLOY drive expansion of the Seos ecosystem through 2015 and beyond? ASSA ABLOY will continue to expand the platform by adding new components, such as Seos capable Bluetooth enabled reader modules, enhanced tool kits for app developers and cloud based services for the verification of Secure Identities. Does Seos work with wearables? Yes. Wearables that extend the mobile phone user interface will be able to be supported with some additional development effort. Support for wearables as standalone identity credentials will be introduced at a subsequent point. How secure is a Seos? The Seos protocol is derived from best in class cryptographic standards defined by NIST (National Institute of Standards). During provisioning of digital keys to the mobile device Seos establishes a mutually authenticated channel between the provisioning service and the mobile device that ensures safe delivery of key material. Likewise, during use of the credential, a mutually authenticated channel is established between the mobile device and the relying party application. This ensures a secure private transaction independent of Bluetooth, NFC or any other transport protocol. Is this a global licensing strategy? Yes How would application developers gain value from licensing Seos? Any developer who is building an application which relies on a mobile device as a secure identity credential can leverage Seos to provide an out of the box platform to create, manage and use secure identities issued to mobile devices. How would Mobile Network Operators (MNOs) gain value from licensing Seos? MNOs could license Seos to bring to market solutions that enable their customers to use their mobile phones as secure credentials for a broad range of applications. In some cases the application might be a product or service that the MNO resells; in other cases they might develop that product/service themselves. How would handset manufacturers gain value from licensing Seos? A handset manufacturer or mobile operating system provider can deliver a differentiated implementation of the Seos vault on their platform by taking advantage of unique capabilities of the platform to improve security and/or the end user experience. Is Seos a mobile wallet? Similar but not quite. Seos provides a platform that enables developers to build a mobile wallet for identity credentials - as opposed to payment credentials. The toolkits and services provided by ASSA ABLOY take care of securely provisioning identity credentials to the phone and enabling those identities to be verified at time of use. This leaves the developers free to focus on the user experience for the app or the relying party application. Unlike some platforms Seos does not introduce dependencies on the underlying hardware or mobile network operator. Identity credentials can be provisioned over any IP network, stored securely on the phone without dependencies on SIM chips or Secure Elements and used over NFC and/or Bluetooth. Can there be multiple Seos enabled apps on the same device? Yes. How does Seos protect Identity Credentials stored on a mobile phone? Identity credentials are encrypted while in storage on the mobile device. The methods used to protect those encryption keys vary depending on the best available mechanisms provided by the underlying mobile operating system. The Seos vault can also be implemented as an applet that executes in a SIM chip or Secure Element. This provides a greater level of protection, but introduces dependencies on the underlying hardware and the Mobile Network Operator (MNO). Is the Seos Mobile Access Service a TSM? It is similar to a TSM in that it is a cloud based service capable of provisioning data through a secure pipe to a secure endpoint on the phone. However TSMs are typically operated by MNOs or handset manufacturers and used to provision data to Secure Elements that they control. Hence, while a TSM based solution can offer ‘military’ grade security, it can usually only provide access to a subset of devices across any given population. The Seos Mobile Access Service, by comparison, provisions data to a software based container on the endpoint device. Hence it can provide coverage across a broad range of Android and iOS devices, regardless of the handset manufacturer or Mobile Network Operator, at an excellent level of security for commercial applications.