Bridging the Gap

Setting up a cost-effective infrastructure to read mobile ID cards

  • By Steve Warne
  • Oct 01, 2017

The mobile ID revolution is gathering pace, but not everyone has a smartphone today, and many citizens prefer to carry a physical card. How do government agencies manage this transition from physical to mobile, and ensure they can issue both cards and mobile ID at the same time? How do agencies set up a cost-effective infrastructure to read mobile IDs with common devices? It’s still early in this developing story, but the path for the latest smart card and mobile ID technologies needs to be defined.

The number of physical ID cards distributed by governments continues to grow, and the security of these cards continues to be improved. New features make them difficult to forge, particularly when security features are further enhanced by personalization, and many countries have deployed electronic identity cards (eIDs) containing additional security in the embedded chip.

While the use of cards is rising, mobile credentials are also being developed that deliver a cost-effective and convenient citizen ID experience. New technologies have enabled these identity credentials to be enrolled, provisioned and used on mobile devices. They are securely delivered to citizens’ mobile phones, where they can be presented in a way that does not compromise security or privacy.

Weighing the Benefits

Mobile credentials offer many benefits, one being that they give citizens greater control over what identification information they share, whether in person or remotely. For instance, citizens need not divulge their name, address or any other identifying information, except age, to a cashier when purchasing age restricted goods.

Mobile credentials lower deployment barriers by eliminating the need to create an expensive reader infrastructure. In many cases, the mobile credential can be verified by another mobile device over a Bluetooth Low Energy (BLE) or near-field communication (NFC) connection. This verification process may take place in an on-line or off-line scenario, with the BLE connection providing additional functionality for verifying at distances up to about 98 feet.

As mobile IDs are introduced, governments will adapt their single- purpose use into a multi-service model where a variety of functions and services are enabled through one mobile device. This will foster much better communication and interaction between the government and their citizens.

As attractive as these benefits are, the advent of mobile credentials should not be considered the end for physical documents. Identity and travel documents are defined by numerous standards that ensure commonality of authentication and encryption approaches, which do not yet exist for digital credentials. It could be several years before these standards are completed and mobile credentials are widely accepted as IDs or proof of privilege. Additionally, the functionality and security of mobile identity relies on the use of smartphones, which are not universally carried by citizens and the distribution of which varies greatly across demographics.

The real challenge with mobile IDs, then, is how to deploy them in such a way as to accommodate their co-existence with physical cards, today and in the future. One answer is a single infrastructure for issuing and authentication of both ID types, supported by encryption and security levels that are at least as high as—if not higher than—those in established security documents.

One big advantage of supporting both physical and mobile ID types is that it gives governments the opportunity to implement strong authentication by having each form factor act as a trust anchor for the other. As an example, citizens could use their phones to authenticate their card or passport visually, or possibly read the chip that is embedded within an order to be issued with a mobile ID for instance. Additionally, a multi-factor authentication strategy could be implemented which requires the physical and mobile credentials to be present to access a secure service such as a person’s health records.

Making the Transition

New technologies need to bridge the gap between the physical credentials of today and the mobile credentials of the future. They should enable organizations to issue a physical or mobile credential, or both, from a single source. They should enable the credentials to be efficiently authenticated via a single verification infrastructure. This type of infrastructure could be low-cost and easily distributed, such as through an app or a simple, low cost hardware device.

With this level of flexibility, a government can, for instance, issue mobile-enabled ID cards that can be read by simple mobile phones. Or, it can issue mobile IDs on smartphones that can be read by bespoke readers with, perhaps, biometrics or other special functionality. Governments can decide the capabilities they want to support and how much they want to spend on their infrastructure, and when, and scale the platform accordingly to deliver incremental new mobile benefits.

Governments are looking at new approaches to enhance citizen identity schemes. Physical ID cards will continue to be widely used as the primary source of identity documentation, at least for now. At the same time, the use of mobile citizen ID credentials is gathering pace as governments seek to improve convenience and communication with their citizens. Making the transition to supporting both ID types requires smart solutions that meet the requirements of citizens and governments while still delivering a high degree of security, privacy and trust.

This article originally appeared in the October 2017 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities