Going Inside Aliro: A Q&A With Connectivity Standards Alliance President & CEO Tobin Richardson

Following a recent visit to the Security Industry Association (SIA) offices by Tobin Richardson, president and CEO of the Connectivity Standards Alliance (CSA), SIA wanted to dive deeper on the Aliro protocol and share information for our members, to get greater details on the protocol and share what’s possibly coming next for this emerging communication protocol that connects mobile credentials, phones and the access control technology ecosystem.

Richardson has been working in the Internet of Things (IoT) domain since 2008, when he helped establish Zigbee Smart Energy as the open connectivity standard for the utility industry. Since 2014, Tobin has led the Connectivity Standards Alliance, which today includes over 850 member companies in 45 countries. The alliance is a member-driven standards development group, known for technologies like Zigbee, Matter and now Aliro, in addition to serving as a broader IoT industry association.

In the following interview, we explored areas of future opportunity for Aliro, like employing ultra-wideband (UWB) communication for security applications to questions on complexities of access control in dramatically different environments (residential, common commercial applications and high-security applications).

What is Aliro … and what is it not?

Tobin Richardson: Aliro is an open, standardized communication protocol and credential framework that enables smartphones, wearables, locks and readers to work together securely across manufacturers and ecosystems.

At its core, Aliro defines how a user device—like a smartphone or smartwatch—securely communicates with a lock or reader to make an access decision. It creates a foundation for credentials, leveraging near-field communication (NFC), Bluetooth Low Energy (BLE) and ultra-wideband (UWB) as underlying technologies.

Just as importantly, Aliro is not a proprietary platform, app, credential provider or access control system—it  doesn’t replace access control vendors or dictate how companies build their user experience. Instead, it creates a standardized interoperability layer that helps devices and systems work together more seamlessly at an opening.

For the security industry, think about Aliro as an enabler for the access control ecosystem. It is designed to help move the industry beyond fragmented credential experiences toward more consistent, secure and scalable solutions.

Who are the key companies that initially backed this specification or brought this effort to the CSA? And what has been the role of the big phone tech companies (Apple, Google, Samsung) in the development of Aliro? What does the partner ecosystem look like today?

TR: Aliro was developed through broad collaboration across the Connectivity Standards Alliance membership, bringing together stakeholders from across the entire access ecosystem: lock manufacturers, reader providers, silicon companies, mobile ecosystem providers, credentialing companies, system integrators and access control leaders.

Today, the ecosystem includes participants across hardware, software and credentialing. Since the Aliro 1.0 release, the industry has shown decisive momentum toward a unified mobile access ecosystem, moving swiftly beyond proprietary silos.

The adoption is visible across the entire value chain. We have seen certified product announcements emerging from lock manufacturers like Aqara, Nuki, Last Lock and ULTRALOQ, alongside public commitments for future support from companies like ASSA ABLOY, HID, Yale, Kwikset and more. Furthermore, the major mobile wallet platforms—Apple, Google and Samsung—are actively rolling out support for Aliro digital keys in their wallets, while key systems integrators such as Kastle Systems are establishing Aliro as the standard for secure, enterprise-scale commercial real estate access.

We view this as a coalition effort, recognizing that the value of interoperability increases with ecosystem diversity. This cross-industry commitment confirms Aliro as the clear, future standard for scalable, secure mobile access.

When you look at the world of access control, there are very different environments. In some environments, the expectation is convenience and in other environments, the expectation is security. What features of the specification adapt to the various demands that users expect from these different environments?

TR: This is one of the reasons Aliro was designed with flexibility in mind.

Different environments have different operational requirements. Multifamily residences, enterprise offices, government facilities, university campuses and hospitality environments all think about convenience, friction and security differently.

Aliro supports multiple communications methods, including NFC, BLE and UWB, allowing end users to purchase products that address use cases that fit their organizational needs.

Aliro is flexible enough to support tap-to-open, hands-free access or app-based integrations. Aliro supports both standalone (offline) and connected (online) access systems.

The specification also incorporates strong cryptographic protections and secure credential handling, helping organizations balance convenience with security rather than treating them as competing priorities.

Ultimately, Aliro is designed to support flexibility in implementation while maintaining consistency and interoperability underneath.

The specification supports various communication protocols. UWB is known for great range while simultaneously being able to locate signals within inches. What possibilities are created in terms of producing additional convenience (or driving extra security)?

TR: UWB is particularly exciting because it adds spatial awareness to the access experience. In practical terms, it enables systems to better understand proximity, movement and intent. That creates opportunities for both convenience and security.

On the convenience side, UWB can support more seamless, hands-free experiences where access feels natural and intuitive. Instead of tapping a device or opening an app, the system can better determine whether an authorized user is truly approaching a door and grant access accordingly.

On the security side, precision matters. UWB’s spatial awareness can help reduce ambiguity around location and intent, enabling more confidence that a credential holder is physically where they are expected to be.

That said, Aliro is designed to support a range of deployment models. Not every environment needs the same experience, which is why flexibility matters. Some organizations may prioritize deliberate user actions, while others may optimize for speed, flow or operational efficiency.

Earlier this year, you released the Aliro 1.0 specification. What is the group working on next as you evolve the specification?

TR: Aliro 1.0 was an important milestone, but we view it as the foundation—not the finish line.

Right now, the focus is on ecosystem activation. This includes supporting implementation, enabling certification and helping manufacturers, integrators and system providers bring interoperable solutions to market.

At the same time, Alliance members are continuing to evaluate future enhancements based on industry needs and real-world deployment feedback. That includes looking at additional use cases, ways to further improve user experiences and opportunities to expand flexibility while maintaining interoperability and security.

The strength of an open standard is that it evolves with the market. The work happening now is about turning the promise of interoperability into something practical, scalable and widely adopted.

Looking farther ahead, are there applications for the Aliro specification beyond locking and unlocking doors?

TR: Access control is the natural starting point, but the broader opportunity is trusted, secure interaction between users and physical environments.

When you establish a secure, interoperable framework between devices and infrastructure, there are many adjacent possibilities. Imagine applications in shared spaces, elevators, parking, amenity access, workplace experiences, hospitality environments and other interactions where identity, permissions and trust matter. That said, we want to stay disciplined. The immediate focus is on delivering a strong, secure and interoperable foundation for access control.

Historically, standards succeed when they solve a real problem well first. Our priority is making access simpler, more secure and more interoperable for the industry today, while building a foundation flexible enough to support future innovation.