Bridging the Gap

Setting up a cost-effective infrastructure to read mobile ID cards

• By Steve Warne
• Oct 01, 2017

The mobile ID revolution is gathering pace, but not everyone has a smartphone today, and many citizens prefer to carry a physical card. How do government agencies manage this transition from physical to mobile, and ensure they can issue both cards and mobile ID at the same time? How do agencies set up a cost-effective infrastructure to read mobile IDs with common devices? It’s still early in this developing story, but the path for the latest smart card and mobile ID technologies needs to be defined.

The number of physical ID cards distributed by governments continues to grow, and the security of these cards continues to be improved. New features make them difficult to forge, particularly when security features are further enhanced by personalization, and many countries have deployed electronic identity cards (eIDs) containing additional security in the embedded chip.

While the use of cards is rising, mobile credentials are also being developed that deliver a cost-effective and convenient citizen ID experience. New technologies have enabled these identity credentials to be enrolled, provisioned and used on mobile devices. They are securely delivered to citizens’ mobile phones, where they can be presented in a way that does not compromise security or privacy.

Weighing the Benefits

Mobile credentials offer many benefits, one being that they give citizens greater control over what identification information they share, whether in person or remotely. For instance, citizens need not divulge their name, address or any other identifying information, except age, to a cashier when purchasing age restricted goods.

Mobile credentials lower deployment barriers by eliminating the need to create an expensive reader infrastructure. In many cases, the mobile credential can be verified by another mobile device over a Bluetooth Low Energy (BLE) or near-field communication (NFC) connection. This verification process may take place in an on-line or off-line scenario, with the BLE connection providing additional functionality for verifying at distances up to about 98 feet.

As mobile IDs are introduced, governments will adapt their single- purpose use into a multi-service model where a variety of functions and services are enabled through one mobile device. This will foster much better communication and interaction between the government and their citizens.

As attractive as these benefits are, the advent of mobile credentials should not be considered the end for physical documents. Identity and travel documents are defined by numerous standards that ensure commonality of authentication and encryption approaches, which do not yet exist for digital credentials. It could be several years before these standards are completed and mobile credentials are widely accepted as IDs or proof of privilege. Additionally, the functionality and security of mobile identity relies on the use of smartphones, which are not universally carried by citizens and the distribution of which varies greatly across demographics.

The real challenge with mobile IDs, then, is how to deploy them in such a way as to accommodate their co-existence with physical cards, today and in the future. One answer is a single infrastructure for issuing and authentication of both ID types, supported by encryption and security levels that are at least as high as—if not higher than—those in established security documents.

One big advantage of supporting both physical and mobile ID types is that it gives governments the opportunity to implement strong authentication by having each form factor act as a trust anchor for the other. As an example, citizens could use their phones to authenticate their card or passport visually, or possibly read the chip that is embedded within an order to be issued with a mobile ID for instance. Additionally, a multi-factor authentication strategy could be implemented which requires the physical and mobile credentials to be present to access a secure service such as a person’s health records.

Making the Transition

New technologies need to bridge the gap between the physical credentials of today and the mobile credentials of the future. They should enable organizations to issue a physical or mobile credential, or both, from a single source. They should enable the credentials to be efficiently authenticated via a single verification infrastructure. This type of infrastructure could be low-cost and easily distributed, such as through an app or a simple, low cost hardware device.

With this level of flexibility, a government can, for instance, issue mobile-enabled ID cards that can be read by simple mobile phones. Or, it can issue mobile IDs on smartphones that can be read by bespoke readers with, perhaps, biometrics or other special functionality. Governments can decide the capabilities they want to support and how much they want to spend on their infrastructure, and when, and scale the platform accordingly to deliver incremental new mobile benefits.

Governments are looking at new approaches to enhance citizen identity schemes. Physical ID cards will continue to be widely used as the primary source of identity documentation, at least for now. At the same time, the use of mobile citizen ID credentials is gathering pace as governments seek to improve convenience and communication with their citizens. Making the transition to supporting both ID types requires smart solutions that meet the requirements of citizens and governments while still delivering a high degree of security, privacy and trust.

This article originally appeared in the October 2017 issue of Security Today.