The first open standard for access control, PKOC, brings bank-grade security to access cards and contactless smartphone entry via Bluetooth
By John Tepley, CEO, EMS Integrators & G.W. Habraken, Managing Director, Taglio
The old engineering mantra 'If it ain’t broke, don’t fix it' has shaped industries for decades – and often for good reason. Why take on the effort, or the risk, of replacing something that still works?
This mindset has long defined access control. The question isn’t whether existing systems function, but whether they’re truly keeping up with today’s security demands. And the reality is, traditional access control isn’t just aging – it’s overdue for an upgrade.
The problem with legacy access control
For decades, access control has relied on outdated, proprietary card-based systems. These legacy solutions have done their job – allowing employees to tap a card and enter a building. But compared to modern security standards, they fall short in three major ways:
· Lack of advanced security – Traditional access cards don’t have the same level of encryption as today’s contactless NFC bank cards, making them easier to clone or compromise.
· No smartphone integration – Smartphones are central to modern life – yet most access control systems still don’t support secure authentication via mobile devices. In an era where we rely on our phones for everything from banking to boarding passes, why should security be any different?
· Limited functionality – Standard access cards are designed to open doors. But what if they could also, for example, allow secure access to workstations, shared printers, forklift trucks, or even factory workstations? Access control should go beyond just opening doors.
The issue isn’t that access control has failed. It is simply that it has never had a reason to evolve. And that means it cannot solve any of the above problems in its current format.
A turning point for access control
Think about how people viewed smartphones before the iPhone. At the time, most mobile phones did the basics: calls, texts, and a few did emails (remember BlackBerries anyone?).
At that time, no one believed they needed to have in their pocket a touchscreen, their music library, a digital camera, an app store, social media, or GPS navigation, etc.
Then Apple introduced the iPhone, and suddenly the world saw what was possible and everybody wanted one. In fact, today it’s impossible to imagine a life without smartphones.
Access control is at a similar technological crossroads, thanks to a new specification standard called PKOC (pronounced like the word ‘peacock’). This could eliminate all the traditional drawbacks of legacy access control and add in a whole new range of features and capabilities.
In fact, the question isn’t when access control will evolve. It’s who will lead the way in adopting the next generation of security, and who will get left behind.
Enter PKOC
Short for ‘Public Key Open Credential’, PKOC was developed, and will be overseen, by the Physical Security Interoperability Alliance (PSIA).
Unlike proprietary systems, PKOC isn’t controlled by a single company, individual, or entity. Instead, PKOC fosters an open ecosystem where multiple vendors can develop and support PKOC-compatible products, driving innovation and ensuring widespread adoption.
Because PKOC is free from proprietary licensing fees and vendor lock-ins, users aren’t burdened with additional costs for their security credentials.
Designed to break free from restrictive, closed security models, PKOC is poised to redefine the access control industry with enhanced security, seamless interoperability, and advanced capabilities. PKOC is not just an alternative, it’s poised to become the future of access control.
Tech history has shown that open standards can transform industries. Take Bluetooth, for example. Once just a connectivity option, it has evolved into a universal standard with a vast ecosystem of suppliers and applications. PKOC has the potential to do the same for access control, creating a more secure, scalable, and adaptable future for organizations worldwide.
Designing an access system with PKOC
PKOC introduces a next-generation approach to credential delivery, offering two key methods:
· NFC-based credentials for physical access cards
· Bluetooth-based mobile credentials for smartphone authentication
Unlike traditional access systems that rely on centralized or symmetric encryption – where both parties must be pre-registered – PKOC operates using decentralized, asymmetric encryption through a Public Key Infrastructure (PKI) where one side doesn’t need to be known until the moment of access.
This means the private key is never openly exchanged, eliminating the need for centralized storage and ‘one-breach exposes all’ security risks. This makes PKOC a significantly more secure option for access control.
PKOC uses Elliptic Curve Cryptography (ECC) for authentication security, and uses the 256 bit long compressed form of an ECC public key as a credential.
For legacy panels and control systems that do not support the full 256 bit credential as recommended, the credential can be truncated. The specification sets the minimum length at 64 bits, which is supported by even the oldest panels and systems.
With PKOC, access credentials are also streamlined for simplicity and security. There’s no need for facility codes, issue codes, or site codes during setup, nor the complexity of managing card formats or bit configurations. Organizations no longer need to track, or pay extra, for card numbers when ordering credentials, eliminating concerns about duplication or unauthorized cross-access between facilities.
Since there’s no shared key for readers or physical card manufacturing requirements, PKOC further enhances security while reducing administrative overhead and costs.
Using PKOC with physical access NFC cards
PKOC-enabled NFC access cards function like traditional physical access credentials but with major improvements in security and interoperability.
These improvements can be broadly broken down into three categories:
1. Secure decentralization – PKOC ensures decentralized and highly secure access by allowing each card to generate its own unique public-private key pair using industry-standard public key encryption. The private key remains securely stored within the card’s private ‘vault’ and is never shared. Meanwhile, the public key can be used to securely authenticate the card, and at the same time serves as the credential for authentication.
2. Interoperability – Because PKOC is an open standard, NFC access cards from different manufacturers can work seamlessly across systems without vendor lock-in or licensing fees.
3. Simplified deployment – With PKOC there is no need for complex card formatting, facility codes, or proprietary credential management systems. All PKOC NFC cards automatically work with any PKOC-compliant reader out-of-the-box.
Why NFC cards matter for PKOC
NFC access cards remain a key part of enterprise security, especially in environments where:
· Users prefer physical credentials (e.g. corporate offices, government facilities, physically impaired users)
· Smartphone access isn't practical (e.g. manufacturing floors or high-security sites)
· A hybrid approach is required (supporting both NFC cards and smartphone mobile credentials)
By supporting both NFC cards and Bluetooth, PKOC gives organizations the maximum flexibility to choose the best access method for their needs, whether that’s a physical card, a smartphone, or both.
Using PKOC with smartphones and Bluetooth
Bluetooth has become a universal and ubiquitous wireless connectivity for all brands of smartphone. The launch of Bluetooth 5, built on the power-efficient and highly secure Bluetooth Low Energy (BLE) standard, is the most capable and flexible version of Bluetooth to date.
By leveraging smartphones and Bluetooth, PKOC brings the convenience of mobile access control, allowing smartphones to function as secure digital credentials – just like NFC cards, but with even more flexibility and security.
Each smartphone generates its own unique PKOC credential, with the private key securely stored in the device’s Trusted Platform Module (TPM) or secure element, making it impossible to clone.
With Bluetooth-based authentication, users can enjoy a truly contactless entry experience. When approaching a PKOC-enabled reader, their smartphone automatically communicates over Bluetooth, allowing seamless access without needing to tap a card or enter a PIN. Plus, since PKOC doesn’t rely on centralized key management or shared encryption keys, it eliminates the risks of cloned, stolen, or leaked credentials.
Why Bluetooth matters for PKOC
Traditional access control systems come with challenges – lost cards, security risks, and high costs. Bluetooth access control solves these issues by offering:
• Hands-free entry – No need to pull out a card; users can enter with their phone in their pocket.
• No more lost or forgotten cards – Employees no longer need physical credentials.
• Stronger security – Mobile credentials can’t be cloned like traditional access cards.
• Real-time credential management – Organizations can instantly grant, revoke, or modify access.
• Cost savings – No more spending on card production, distribution, or replacements.
By leveraging the smartphones that everyone already owns, organizations can establish a secure, contactless entrance system through a single app. Beyond the entry reader, no additional hardware is required.
Bluetooth systems also enable advanced features like location tracking, giving building operators greater visibility into who is entering and exiting a facility – and where they are at any given time. During emergencies, PKOC’s Bluetooth tracking helps first responders locate missing individuals quickly – without risking their own safety in time-consuming searches.
Seamless, phased-in transitioning from legacy systems
Organizations don’t need to overhaul their entire access control infrastructure to adopt PKOC. Migration can be gradual, with a phased approach using PKOC-enabled NFC physical cards and/or PKOC-enabled mobile credentials via Bluetooth on smartphones.
Dual-technology readers can further ease the transition by supporting both legacy credentials and PKOC, allowing both systems to operate side by side. Looking ahead, PKOC adoption could extend to Apple Wallet, Google Wallet, and other secure mobile credential platforms, ensuring even greater flexibility and future-proofing security.
PKOC is ready to deploy in access control today
With PKOC, the future of access control is no longer a distant vision—it’s here today. This isn’t tomorrow’s technology; it’s ready to deploy now.
If you're in access control, now is the time to rethink your product roadmap and future development plans. If PKOC isn’t on your radar yet, it should be – because those who ignore it risk being left behind.
To assist you in your PKOC journey:
Taglio can supply PKOC compliant NFC cards today. Taglio is a leading, independent provider of smart card technologies with deep experience in cryptography and security software. Taglio provides the complete solution, including full smart card stack, hardware, software, and services.
EMS Integrators (EMSI) can help you develop a fully tailored, turnkey solution, including PKOC-enabled Bluetooth readers, PKOC-enabled card readers, RFID NFC readers, and Bluetooth-based smartphone apps. By partnering with EMSI, you can seamlessly transition from legacy systems or integrate PKOC into your own branded products—ensuring a fast, easy, and future-ready adoption.
Why Be a Sitting Duck? Migrate to PKOC
Access control has remained largely unchanged for decades, but the landscape is shifting.
With PKOC, the industry finally has an open, secure, and future-proof specification standard that eliminates the risks and limitations of legacy systems.
Whether through NFC-enabled physical cards or Bluetooth-powered smartphone credentials, PKOC delivers a smarter, safer, and more flexible way to manage access. One that is poised to transform access control.
The choice is clear: stick with outdated, proprietary systems that are costly, vulnerable, and inefficient, or embrace PKOC and move toward a modern, secure, and interoperable future.
Businesses that act now will gain a competitive edge, reduce operational costs, and provide seamless, user-friendly access control that meets both today’s and tomorrow’s security and wider IT-system integration demands.
The future of access control has arrived. It’s called PKOC – and soon, it will be the standard no company in access control, can afford to ignore.
Want to see how PKOC and Bluetooth can modernize your access control system? Contact EMSi or Taglio for a free consultation today.