Bridging the Gap

Setting up a cost-effective infrastructure to read mobile ID cards

The mobile ID revolution is gathering pace, but not everyone has a smartphone today, and many citizens prefer to carry a physical card. How do government agencies manage this transition from physical to mobile, and ensure they can issue both cards and mobile ID at the same time? How do agencies set up a cost-effective infrastructure to read mobile IDs with common devices? It’s still early in this developing story, but the path for the latest smart card and mobile ID technologies needs to be defined.

The number of physical ID cards distributed by governments continues to grow, and the security of these cards continues to be improved. New features make them difficult to forge, particularly when security features are further enhanced by personalization, and many countries have deployed electronic identity cards (eIDs) containing additional security in the embedded chip.

While the use of cards is rising, mobile credentials are also being developed that deliver a cost-effective and convenient citizen ID experience. New technologies have enabled these identity credentials to be enrolled, provisioned and used on mobile devices. They are securely delivered to citizens’ mobile phones, where they can be presented in a way that does not compromise security or privacy.

Weighing the Benefits

Mobile credentials offer many benefits, one being that they give citizens greater control over what identification information they share, whether in person or remotely. For instance, citizens need not divulge their name, address or any other identifying information, except age, to a cashier when purchasing age restricted goods.

Mobile credentials lower deployment barriers by eliminating the need to create an expensive reader infrastructure. In many cases, the mobile credential can be verified by another mobile device over a Bluetooth Low Energy (BLE) or near-field communication (NFC) connection. This verification process may take place in an on-line or off-line scenario, with the BLE connection providing additional functionality for verifying at distances up to about 98 feet.

As mobile IDs are introduced, governments will adapt their single- purpose use into a multi-service model where a variety of functions and services are enabled through one mobile device. This will foster much better communication and interaction between the government and their citizens.

As attractive as these benefits are, the advent of mobile credentials should not be considered the end for physical documents. Identity and travel documents are defined by numerous standards that ensure commonality of authentication and encryption approaches, which do not yet exist for digital credentials. It could be several years before these standards are completed and mobile credentials are widely accepted as IDs or proof of privilege. Additionally, the functionality and security of mobile identity relies on the use of smartphones, which are not universally carried by citizens and the distribution of which varies greatly across demographics.

The real challenge with mobile IDs, then, is how to deploy them in such a way as to accommodate their co-existence with physical cards, today and in the future. One answer is a single infrastructure for issuing and authentication of both ID types, supported by encryption and security levels that are at least as high as—if not higher than—those in established security documents.

One big advantage of supporting both physical and mobile ID types is that it gives governments the opportunity to implement strong authentication by having each form factor act as a trust anchor for the other. As an example, citizens could use their phones to authenticate their card or passport visually, or possibly read the chip that is embedded within an order to be issued with a mobile ID for instance. Additionally, a multi-factor authentication strategy could be implemented which requires the physical and mobile credentials to be present to access a secure service such as a person’s health records.

Making the Transition

New technologies need to bridge the gap between the physical credentials of today and the mobile credentials of the future. They should enable organizations to issue a physical or mobile credential, or both, from a single source. They should enable the credentials to be efficiently authenticated via a single verification infrastructure. This type of infrastructure could be low-cost and easily distributed, such as through an app or a simple, low cost hardware device.

With this level of flexibility, a government can, for instance, issue mobile-enabled ID cards that can be read by simple mobile phones. Or, it can issue mobile IDs on smartphones that can be read by bespoke readers with, perhaps, biometrics or other special functionality. Governments can decide the capabilities they want to support and how much they want to spend on their infrastructure, and when, and scale the platform accordingly to deliver incremental new mobile benefits.

Governments are looking at new approaches to enhance citizen identity schemes. Physical ID cards will continue to be widely used as the primary source of identity documentation, at least for now. At the same time, the use of mobile citizen ID credentials is gathering pace as governments seek to improve convenience and communication with their citizens. Making the transition to supporting both ID types requires smart solutions that meet the requirements of citizens and governments while still delivering a high degree of security, privacy and trust.

This article originally appeared in the October 2017 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3