Alliance Activities : Publications : Mobile Identity Authentication

Mobile Identity Authentication

Publication Date: March 2017

With consumers increasingly using mobile devices to access a variety of digital services, service providers are grappling with how to provide authentication methods that are more secure and convenient than passwords or one-time passcodes. The white paper, “Mobile Identity Authentication,” explores the new authentication mechanisms and use cases where authentication is critical in a new white paper released today.

Mobile identity (ID) authentication is the process of validating the identity of a mobile device user. It can rely on a number of on-device technologies to identify a user reliably and conveniently. In this white paper, the Secure Technology Alliance Mobile Council provides an overview of mobile ID authentication, highlights use cases that rely on secure user credentials stored on a mobile device, and provides perspectives on how emerging technologies and standards are addressing the growing need for mobile ID authentication.

Mobile ID authentication provides an answer to the security vs. usability conundrum that many organizations face with authentication, especially now that users expect to use their mobile devices to connect to services without manual entry of personal information that could be compromising their security. This white paper will provide security-minded professionals across a wide range of industries an overview of the benefits and challenges of mobile ID authentication and recommendations on the best practices for implementation.”

The white paper provides:

  • An overview of and market drivers for mobile ID authentication
  • An exploration of use cases that rely on secure user credentials stored on a mobile device, including for mobile device access, payments, access control, government-issued citizen credentials, and online banking
  • Best practices for authenticated ID credential protection on mobile devices, including using hardware secure elements (SEs), trusted execution environments (TEE) and NFC-based Host Card Emulation (HCE)
  • Perspectives on how emerging technologies and standards are addressing the growing need for mobile ID authentication, including FIDO Authentication, W3C Web Crypto API, 3D Secure Protocol and Client TLS Certificates

About the White Paper

The Secure Technology Alliance Mobile Council developed this white paper to provide an educational resource on mobile identity authentication techniques and use cases. Participants involved in the development of this white paper included:  Capgemini; CH2M; CPI Card Group; Discover Financial Services; Entrust Datacard; First Data; FIS; Giesecke & Devrient; GlobalPlatform; HID Global; ID Technology Partners; Intercede; IQ Devices; JPMorgan Chase; Oberthur Technologies; PayGility Advisors; SHAZAM; TSYS; Vantiv; Verifone; Wells Fargo.

About the Smart Card Alliance Mobile Council

The Secure Technology Alliance Mobile Council aims to build industry awareness around the business and security impacts of utilizing different technologies for distributing, storing and using secure credentials on personal mobile and tethered wearable devices. The Council believes raising awareness will facilitate broader discussion on creating standards. The Council will create resources to help implementations and accelerate the adoption of payments, loyalty, marketing, peer-to-peer, identity, and access control applications using mobile and tethered wearable devices. The Council focuses on activities that will help to educate the industry on implementation and security considerations and will act as a bridge between technology development/specification and the applications that can deliver business benefits to industry stakeholders.