Mobile Devices and Identity Applications
Publication Date: September 2012
Mobile devices are a critical element in most people’s lives, not only providing a communications platform but also supporting an ever-increasing array of applications. The use of mobile devices as a platform for secure transactions–payment, identity authentication, ticketing, access control, and many others–is an emerging market globally. The convergence of the move to digital identity credentials stored on smart ID cards with the new technologies being built into mobile devices offers opportunities for individuals to use a mobile device to authenticate identity in a wide variety of ways:
This white paper describes the global trend toward using digital identity credentials and the role that smart card technology plays in securing those credentials and protecting digital identity transactions. It includes descriptions of the different scenarios illustrating how mobile devices can be used to authenticate identity, including:
- Generating and receiving one-time passwords to log on to secure sites or access secure services.
- Storing digital identity credentials on a mobile device’s secure element and using them to log on, digitally sign, and encrypt documents as part of a secure mobile browser session.
- Storing digital identity credentials on the secure element in an NFC-enabled mobile device and using the credentials for physical access or secure logon.
- Using an NFC-enabled mobile device to read identity credentials presented with a contactless smart card (e.g., an employee ID badge) securely.
About this White Paper
This white paper was developed by the Smart Card Alliance Identity Council to present the vision of the secure use of mobile devices for identity applications and to describe different use cases for current and NFC-enabled mobile devices.
Identity Council members involved in the development of this white paper included: Accenture LLP; Booz Allen Hamilton; Consult Hyperion; Deloitte & Touche LLP; Gemalto; HID Global Corporation; HP Enterprise Services; Identification Technology Partners; Identive Group; IDmachines; INSIDE Secure; Intellisoft, Inc.; NXP Semiconductors; SecureKey Technologies; XTec, Inc..
About the Identity Council
The Smart Card Alliance Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and the appropriate authorization across different use cases. Through its activities the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials–e.g., smart ID cards, mobile devices, enhanced driver’s licenses, and other tokens.
The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to bear on addressing the challenges of securing identity information for proper use.