Mobile Devices Offer Promise in Identity Solutions
The U.S. federal government should consider implementing a digital identity for each citizen and enable the use of mobile devices for in-person access and other applications, experts say. Mobile devices, paired with strong standards, can enable physical access to federal buildings—as the common access card, or CAC, does currently. In addition, employing more digitally integrated, holistic systems would improve privacy. And given the onset of COVID-19, the pandemic has heightened the need for innovation, especially around contactless technologies, said officials speaking yesterday at the Federal Identity Virtual Collaboration Event.
The conference, known as FedID, virtually brought together experts from around the globe to discuss trends in governmental next-generation identity solutions. The officials included Garrett Golubin, manager, Business Development, Strategic Partnerships at Johnson Controls Government Technologies; Ted Oorbals, founder and general director, YourID Foundation; Maria Vachino, director of Digital Identity, Easy Dynamics Corp.; Alex Wellman, team leader, Marketing And Communications, E-Residency, Republic of Estonia; and moderator Rebecca Nielsen, director of Technology Integration, PKH Enterprises.
Wellman, an American working for the Estonian government in Estonia, shared that the country first deployed a digital identity (ID) card to its citizens in 2002. That identity management solution has advanced over the years, to a global ID-sim card and now to a Smart ID card, which is an application-based mobile, digital form of ID. The Estonian government is also working on the first transnational digital ID solutions to issue to Estonian people living outside of its borders, an estimated 70,000 citizens around the world.
Alex Wellman, Marketing & Comm Team Lead
— Kimberly Underwood (@Kunderwood_SGNL) September 9, 2020
E-Residency, Republic of Estonia @EstonianGovt shares that the country has had a digital ID card since 2002. It is now evolving to become a SmartID, an app-based identity platform & people there trust this gov ID the most. #FedID #AFCEA
Golubin, from Johnson Controls, sees the contribution that mobile devices can make as part of access controls. Instead of presenting a CAC with an integrated circuit chip at a facility, a mobile device could be used in lieu of the card. “Eventually, we are going to see mobile devices acting as the reader, doing all of that multifactor authentication at the device, putting it up to the interface, which is your normal reader, and then that would authenticate you through the software on both the mobile device and the controls,” he explained.
Vachino agreed that mobile devices do provide the government with a lot of opportunities for physical access use and can provide additional protections from COVID, while offering a higher level of privacy. “Remote identity proofing and the ability to leverage federated identity credentials and the expansion of online services by improving ID solutions, allows people to engage with the government without exposing themselves through in-person transactions,” she said. “They can do biometric matching on a device; it doesn’t have to be sent into another system.”
Maria Vachino, Director of Digital Identity @EasyDynamics
— Kimberly Underwood (@Kunderwood_SGNL) September 9, 2020
offers that mobile devices will provide a lot of opportunities in ID management and will protect people in a COVID environment and also offer greater privacy #FedID #AFCEA pic.twitter.com/UOt5ReDDhS
These types of technical solutions do exist but standards for their use, such as from the National Institute of Science and Technology, or NIST, have not been adopted yet, Vachino said. “Hopefully in the next revision of FIPS 201-3, they will be allowed,” she offered. “For example, you can have derived credentials on your mobile device for logical access control.”
Vachino added that the Department of Homeland Security’s Science and Technology directorate is developing a technical solution to allow the use of Bluetooth Low Energy with the OPACITY protocol, or Open Protocol for Access Control, Identification, and Ticketing with privacY authentication. That technology will enable the use of derived credentials for physical access. She also stressed that the widespread use of ID and security standards were the key to governmental technology advancements and interoperability.
Meanwhile, as part of YourID, Oorbals, who is from the Netherlands and resides in Spain, is implementing a cross-industry initiative to build an identity platform. It is a centralized system from which people can use and manage their own identity, giving them the control over the information, he said. “Customers don’t want all those enrollment processes,” he said. “And you see more resistance from people in leaving all that ID data there and it is a serious problem for companies. The ID data becomes a burden and you are liable now if it is compromised.”
Ted Oorbals, founder & general director, YourID Foundation, is forming a cross-industry initiative to build an identity platform, a centralized place for people to manage and use their own identity, giving them the control
— Kimberly Underwood (@Kunderwood_SGNL) September 9, 2020
over their identity #FedID #AFCEA pic.twitter.com/MzHw59T5mJ
Innovation needs to be harnessed to give people smooth access using their identity, as well as providing a positive customer experience, the highest levels of privacy, with the least amount of procedures, Oorbals noted.
