SDW 2018 Interview: HID on mobile ID

27/06/18

In this interview, Security Document World talks to Jean-Baptiste Milan, HID product manager, about the future of mobile ID.

Increasingly, governments are becoming interested in offering mobile IDs to their citizens. What do you think is driving this particular trend?

Approximately one in three people in the world has a smartphone and they are doing much more with them. Now you can communicate, prepare travel, book a taxi, use flight tickets and so much more. But of course, you cannot store a valid identification credential on your device, yet. This is leading citizens to request that their governments develop mobile identification solutions to prove their identity and manage their ID documents --and governments are now ready to move forward to develop these systems.

Why should governments consider mobile IDs as part of the ID systems for citizens?

In our evaluation of mobile identity, there are actually three main stakeholders - citizens, governments and "interested parties" or "verifiers" from the private and public sector, who need to confirm identities or privileges before a transaction can happen. There are many scenarios in which a reliable and secure government-issued credential is both desired and needed by third parties. The benefit for governments here is that verifiers will pay for that service, monetizing mobile ID.

Another benefit is that mobile ID doesn't require you to collect it in person as you may have to do with a physical ID - it can be simply provisioned to remote users, almost in real-time. This is of tremendous value for governments, as distribution is often costlier that the credential itself. Savings can be quite substantial when you think about distributing identities to perhaps millions of citizens.

What type of system does a government need to have in place to consider offering mobile IDs to their citizens?

We strongly believe there should not be a single issuing agency in charge of this; a mobile ID scheme should be a country-wide initiative. Every issuing body -- from the driving licence bureau to the tax authority, for example --- will need its own initiative in terms of system, but this must be supported by a common structure. Therefore, HID Global has developed the goID™ gateway system, which can serve different public issuers with mutualised services, allowing them to securely install it in users' devices.

To break it down, a government agency needs to firstly deploy a very specific issuing system in each of its agencies for mobile IDs. Because people change their devices often a seamless way for ID to be deleted and re-installed on a new smartphone must be put in place.

Next, the gateway needs to be implemented, as outlined previously. The last building block is a secure core, residing in the citizens' device, which is responsible for storing their credentials and connecting to their government's issuing systems. This is important since it will manage how identities are shared with the private sector "verifiers".

Are mobile IDs to be compatible with ID cards? In what way and for how long?

We believe that mobile and physical ID will work hand-in-hand for quite some time. In our discussions with government ministries, we advise them there should be a transition phase. Citizens will naturally turn to their mobile ID for certain transactions, but for others, they will be less inclined to do so. The physical documents of today will likely be fully replaced by mobile ID sooner than later, but it is certain both types will co-exist for many years. However, there is a growing interest in new use cases for mobile identities, such as mobile emergency passports. We are convinced that more unique use cases like this will be uncovered as governments progress towards a total digital transformation.

Citizens are concerned about the privacy of their data when it comes to mobile ID. How can they be confident that their privacy will be protected?

Privacy is really at the core when designing a mobile ID project, and we have put a lot of effort into ensuring privacy by design. We have developed our platform in such a way that a citizen's data cannot be tracked.

HID Global's product, HID goID™, keeps your data on your mobile phone; it is not stored in the cloud or a government database. In each case the person requesting your data is identified, and you get to choose whether, and how much of your data, to share. Furthermore, our verification principles are role based which means that a verifier can only request specific data, and are unable access the wider dataset.

The police have the authority to read data, as they do with physical documents. But for example in certain situations, say an age-restricted purchase, the verifier can only see data relevant for their query - the date of birth. It guarantees people will not access more data than is needed. And because goID works offline, the government cannot track it. After the verification transaction any link is removed permanently.

How are governments applying mobile IDs beyond driver's licenses?

While it is true we have witnessed the market being excited about driving licences, we see that the focus on the latter has really occurred in North America and Western Europe.

In the United States, driving licences are very important documents as they constitute the most accepted form of identification, alongside the passport. As each state issues its own driver's licence there are 50 different designs for a private verifier to recognise, making authentication difficult and fraud commonplace. Therefore a mobile ID solution, standardised across the 50 jurisdictions is attractive, as it has the potential to solve these problems and bring additional revenues to the issuers. Europe and Australia, in particular, are also seeing these benefits and are implementing mobile driver's licence initiatives of their own.

Conversely, elsewhere in the world, we see an interest in mobile IDs being used for radically different types of applications for government-to-citizen programs, including national IDs, and secondary or even temporary documents.

For national IDs, governments are envisioning that a mobile ID be the core interface for multiple agencies, attaching different citizen services to your personal identity as a citizen, such as your right to drive, entitlements to social services, etc.

Secondary or temporary documents are often vulnerable to counterfeiting as they tend to be paper documents in order to minimise costs. An example, is a temporary vehicle registration document issued whilst the official card is being prepared. A mobile ID could be instantly issued in place of the paper document, giving greater security and ease of accessibility for the citizen. Once the physical document is issued the mobile temporary document could be instantly revoked or used as a convenient and secure duplicate.

What do you believe will be the next evolution of government-issued mobile IDs?

Our vision for the future is a government-issued mobile ID that revolves around "aggregated" identity. Let me explain that term.

Currently, each physical identity is issued by one specific entiity. While a government may issue multiple identity documents, and there might be a link between databases, the identity documents are managed and issued separately. The first steps in mobile identity have been to recreate that situation.

We see a big change coming that will go beyond technology to also affect policy and culture. In fact, the technology already exists but political change is needed to support the vision. The idea is that one government entity will act as the provider of a strong core identity which will form the basis for all other identities. This government entity will then offer this core identity to other ID providers as a service. . Other agencies and ministries will build on this core identity by adding their own identity attributes eg driving privileges creating a secure and convenient identity wallet for the citizen.

So, we expect one ministry to be responsible for issuing identities, and there will be a mechanism for agencies to add privileges to an identity -- an "aggregate identity". There may also be a secondary aggregation that can benefit the private sector, such as loyalty cards, subscriptions or memberships.

The first ministry - the agency responsible for the strong verification of a citizen's identity - would be able to charge other parties that want to aggregate privileges to it, helping to fund the government's identity services.

This is the future direction of mobile ID's - one we strongly believe will happen sooner than later.

Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn

Latest Features & Interviews

SDW 2018 Interview: secunet on EES

In this interview, Frank Steffens, Principal in the Homeland Security division of Germany’s secunet tells us about their approach to the biometric Entry/Exit System (EES) planned in Europe.

SDW 2018 Interview: Ixla

Company spotlights have been created to give firms operating in the secure documents and identity industry an opportunity to discuss trends, product innovations and achievements.

White paper: Gemalto - The paper elements of a passport

An expert’s guide to using the paper elements of a passport.

More articles >>
Share |

Sponsored Links

SDW Conference and Exhibition
SDW is a world-leading conference and exhibition providing a global showcase for next-generation secure credentialing solutions.