Login
get in touch

A short guide to Public Key Open Credential (PKOC)

Learn what Public Key Open Credential (PKOC) specification is, why it matters for modern physical access control, and how enterprises can now implement it at scale.
Schedule a demo
Learn more

Contents

What is Public Key Open Credential (PKOC)?

Public Key Open Credential (PKOC) is a license-free, vendor-agnostic credential specification developed under the Physical Security Interoperability Alliance (PSIA). It replaces legacy symmetric encryption with asymmetric cryptography, where each credential carries a unique public-private key pair. The private key never leaves the device’s secure hardware element, making credential cloning or duplication extremely difficult. The public key is shared openly to authenticate access requests, without ever exposing sensitive data.

PKOC supports both NFC and Bluetooth Low Energy (BLE) and works across physical cards and mobile devices, and is designed to integrate with a wide range of readers, platforms, and identity management systems, without licensing fees or vendor lock-in.

Why is Public Key Open Credential (PKOC) important?

Higher security by design

Traditional access credentials rely on symmetric encryption, where the same secret key is used to both issue and verify a credential. If that key is compromised, every credential it protects is at risk. PKOC eliminates this vulnerability. Each credential contains its own unique public-private key pair. The private key is stored in the smartphone’s secure enclave, the same hardware used to protect mobile payment credentials, and is never transmitted or shared. Authentication is performed via cryptographic signing, making credentials highly resistant to cloning or replay attacks.

Freedom from vendor lock-in

PKOC is an open, license-free specification, therefore it can be implemented across multiple hardware and software platforms simultaneously. Organizations can introduce PKOC alongside existing proprietary card systems, choosing best-in-class components without being locked into one ecosystem.

Enterprise-ready at scale

PKOC is not just a security improvement, it is an operationally scalable framework and ready for practical roll out. With Sentry Interactive’s asymmetric credential mass enrollment SDK integration, organizations can enroll hundreds or thousands of users with PKOC credentials in bulk, remotely, from a centralized cloud access control or identity management platform. This transforms access credential issuance from a manual, one-by-one administrative task into an automated workflow that reduces cost and complexity, especially across multi-site or global organizations.

Alignment with modern IT security standards

PKOC credentials support compliance with GDPR, HIPAA, NIST best practices, and other regulatory frameworks. They integrate naturally with enterprise identity infrastructure including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control, bringing physical access in line with the same security standards applied to digital systems.

How do I implement Public Key Open Credentials (PKOC)?

To implement PKOC credentials for organizations, Sentry Interactive works with the access control OEMs, reader manufacturers, and integrators that are part of the Physical Security and Interoperability Alliance (PSIA). The reader manufacturers will install their PKOC-compatible readers and issue PKOC physical access cards, these readers will work with the OEMs systems that support PKOC and finally Sentry Interactive’s SDK is integrated with the systems and readers to provide mass enrollment capabilities of physical and mobile PKOC credentials.   

Typical implementation journey:

  1. PKOC-enabled readers are installed by a PKOC reader manufacturer or integrator at the relevant access points an organizations sites.
  1. The access control OEM’s system is configured  to support PKOC, so that reader and platform share the same open credential standard.
  1. Sentry Interactive’s SDK is integrated with the access control or identity management system to unlock mass enrollment capabilities.
  1. Users are enrolled at scale – PKOC physical cards and mobile credentials are provisioned remotely in bulk, directly to employees’ devices or issued via automated workflows.
  2. PKOC credentials are managed in a centralized management system – permissions can be updated instantly, users added or removed in bulk, and access activity monitored across all sites from one platform.

Are my readers compatible with PKOC credentials?

Whether your existing readers can support PKOC credentials depends on their hardware capabilities and integrations. Readers that support 64-bit to 256-bit encrypted credentials will generally be able to work with PKOC credentials. Any PKOC credential will be able to work with any PKOC compatible reader. Most modern readers will be able to do a firmware update to support PKOC credentials.

PKOC credentials can be delivered over NFC or BLE, so readers that support contactless NFC or Bluetooth communication are candidates for PKOC. Many modern readers from a wide range of manufacturers already have the hardware to receive PKOC-formatted credentials.

Software and SDK integration

The critical enabler is the SDK integration between your access control platform and Sentry Interactive’s PKOC credential mass enrollment capability. If your access control system has integrated the Sentry Interactive SDK, or if it connects to a cloud-to-cloud integration supported by Sentry, your readers can begin accepting PKOC mobile credentials without requiring new hardware in many cases.

Working alongside existing systems

PKOC does not require you to replace your existing access control infrastructure. It is designed allowing organizations to migrate gradually and operate a mixed credential environment while retaining full control over the transition timeline.

Looking ahead

PKOC and its new mass enrollment capabilities represent a fundamental shift in how mobile and physical access credentials are issued, managed, and secured. By replacing proprietary, symmetric-encryption-based credentials with an open, asymmetric standard, it gives organizations greater security, true interoperability, and the operational efficiency of large-scale automated enrollment. As open standards continue to gain traction across the access control industry, PKOC is positioned to become the foundation of enterprise mobile credentialing.

Get in touch to find out more about PKOC and how enterprises can start rolling it out to employees at scale.

Start your journey to mobile credentials today

Extend the life of your access control systems and provide the choice of secure NFC mobile credentials to automate operations and optimize user experience.

Connect with a member of our team within 24 hours.

Get a system audit for integration.

Deploy and activate mobile credentials within days.

William Bainborough

Board of Directors

William is an experienced British entrepreneur, founder, and accomplished board executive and advisor for a number of businesses. He is the CEO and co-founder of Doordeck, the world’s only true cloud-based access control aggregator. He is also the managing director and founder of Group Secure, a leader in providing security, CCTV, and access control solutions, products, and installation for high-net-worth individuals in the UK. 

William established his first business at just seventeen and brings 20-plus years of in-depth experience and industry knowledge. He has a proven track record for building businesses from the ground up—and then leading them to profitability and a successful exit across a myriad of sectors including hospitality, retail, security, telecommunications, and e-commerce. William’s leadership, vision, and experience in creating cutting-edge SaaS-based technology platforms will prove invaluable for Sentry Interactive moving forward.

Denis Hébert

CHAIRMAN & CEO

Hébert began his career at Honeywell International where he held several leadership positions including Managing Director for the Automation and Controls business in France and eventually President of the NexWatch Corporation from 1999-2002. Hébert led HID Global as President & CEO over a transformative 12-year period from 2002-2015, where he provided strategic guidance and grew the business tenfold through a mix of strong organic and acquisitive growth. Most recently, Hébert was President of Feenics Corporation which is a cloud-based access control company that was successfully sold to ACRE LLC at the end of 2021. Hébert also served on the Board of Directors for the Security Industry Association (SIA) from 2009-2020 and was nominated to be Chairman of the Board for SIA from 2016-2018. He is currently Chairman of the Board for Nightingale Security based in Newark, CA.

Stephen Taylor Matthews

Board of Directors
Stephen is a very accomplished attorney, member of the Texas State Bar, licensed commercial real estate broker, and an avid philanthropist. He is an experienced executive board member, serving in leadership positions for more than 20 community councils and corporate boards—ranging from Boy Scouts of America to the ABBA Business Leaders Council, and most recently the American Bank BOD, the Real Estate Council of Austin, and the Marbridge Foundation BOT. With more than 35 years experience, Stephen and his firm, Barrond & Adler, L.L.P. are devoted to eminent domain cases in Texas.

Jon Davis

Board of Directors

Mr. Davis is an Experienced corporate board member, having served on boards of public, private equity-backed, and venture-backed companies. Jon possesses deep industry expertise in dairy, food processing, food technology and manufacturing, and food, beverage, and entertainment services. 

During Jon’s tenure of 25 plus years, he’s led operations, research and development, and mergers and acquisitions. He’s served as CEO and has been the founder and active board member for many successful enterprises—from startups to billion-dollar corporations. While COO and CEO of Davisco Foods International, Jon built a state-of-the-art cheese plant which was awarded the United States Dairy processing plant of the year in 2005 by Dairy Foods magazine. Currently, Jon is active with several non-dairy projects, including investments in local real estate, the Wayzata Brewworks, and his latest venture the new CōV restaurant in Edina’s Galleria.

Joe Caldwell

Founder and Chairman of the Board

Joe is an American entrepreneur, investor, and accomplished executive. He has co-founded, founded, and led many successful businesses, including US Internet, a leading fiber internet service provider, Securence, a leading provider of email filtering software, and Ravon, an industry-leading digital voice communications service. 

It was Joe’s venture, Municipal Parking Services (MPS), that inspired him in 2020 to start Sentry Interactive, an advanced touchless and staffless detection platform.

Caldwell currently serves as CEO and Chairman of the Board for Municipal Parking Services (MPS), a global tech company based in Austin, TX responsible for inventing and patenting technologies that assist in parking and security enforcement.

Joe was named one of Minnesota’s 500 Most Powerful Business Leaders for the past two years—and is a seasoned corporate board member. He’s served on boards of public, private equity-backed, and venture-backed companies—and has deep industry expertise in all aspects of digital technology.

Jason Bohrer

Board of Directors

Jason Bohrer is one of the visionaries behind our mission to bring people back together safely and securely, in any environment, through Sentry’s advanced digital communications and detection platform. With over two decades of senior leadership experience, Jason’s track record of success spans across sales, operations, product innovation, strategy, and technology for domestic and global companies like Bexar Technology Partners, CPI Card Group, HID Global, and Motorola, Inc. Prior to launching Sentry Interactive, Jason was actively involved with several key technology transitions across multiple industries, including the contact and contactless EMV transitions in the U.S. payments industry and the adoption of smart card and mobile technologies in the global access and identity market. Jason was an inaugural member of the University of Chicago Executive Institute and holds a bachelor’s degree in Economics from the University of Texas at Austin. He also serves as the Executive Director for two industry-leading not-for-profit organizations: the Secure Technology Alliance and the U.S. Payments Forum.
Brent Terry

Brent Terry

Chief Operating Officer
Brent Terry leads the operations and solutions organizations at Sentry. This includes all product innovation, development, and operations management. A veteran in the technology space, Brent has more than 30 years of experience across a myriad of industries, like physical security technology and building automation, SAAS, hardware and software product development, internet, digital TV, interactive TV, digital media, telecommunications, and medical products and services. Prior to Sentry, Brent has spun up successful startups and led high-performing teams for some of the biggest global, Fortune 500 companies, including ARRIS, Conerco, Motive Communications, SeaChange International, and IBM. Brent holds a BS in Computer Science from the University of Louisiana. He also is the committee Chairman and Program Director for a non-profit organization responsible for the rollout of smart cards for physicians and first responders.