The expansion of the Internet, mobile computing, and the proliferation of connected devices have led to increased opportunities for data and identity theft. In the mobile ecosystem, the number of mobile applications is growing exponentially, and mobile devices can access services without explicit user intervention, which means the device may be sending sensitive data to an untrusted third-party without proper protection or authorization. In addition, users access Internet resources using untrusted mobile applications and browsers, increasing the probability of propagating malware to their devices. And while the widespread availability of WiFi is convenient for users, it opens the door to unfettered attacks on mobile devices and the unauthorized collection of sensitive data.
Mobile computing is currently so pervasive that besides storage of personal data, personal financial applications and social media activities, corporate applications often coexist on the same device. The device can also serve as an online identity tool and as an additional factor of authentication enabling access to highly sensitive domains and resources. Malicious software can invade a mobile device as a result of user activities that originate from an approved device, but the potential for damage increases significantly with practices such as rooting, jailbreaking, and side loading untrusted applications. Avoiding or delaying device security updates can also make a device an easy target for vulnerabilities.
Recent Alliance resources include:
- Identity on a Mobile Device
- The Mobile Driver’s License (mDL) Ecosystem
- The Mobile Driver’s License and Ecosystem Webinar Series.
This four-part Identity Council webinar series provides an introduction to ISO/IEC 18013-5-compliant mobile driver’s license and ecosystem, discusses the security, privacy and trust framework for mDLs, highlights mDL use cases and reviews industry implementation considerations.
- Mobile Identity Authentication
- NFC Non-Payments Uses Cases
- Secure Technology Alliance mDLConnection.com information portal
- Secure Technology Alliance Mobile Driver’s License Initiative
- Trusted Execution Environment 101: A Primer
- Using Mobile Devices for Physical Access Control
Additional resources on transportation payments can be found in the Alliance Knowledge Center.