Mobile ID, a new dimension of identity verification in the digital world

Nowadays, government agencies around the world are now seeing the benefits of number of mobile phone access users that cover almost the entire population of each country. Therefore, they have added features for mobile phones to be able to keep your personal documents instead of carrying a lot of paper documents.

Mobile ID is another technology that is modernized and helps you protect your digital data through mobile phones and various devices for identity verification when doing both online and offline transactions. In addition, it is also providing safe data storage, reducing lost paper documents, and facilitating users in various purposes. It can be used instead of an ID card.

This Mobile ID authentication technology is not new to us, and many countries around the world have already implemented it, such as Estonia, Norway, Belgium, Qatar, Oman, Netherlands, Iceland, Finland, Moldova, etc. Initially, the government will be an initiator and supporter to build trust and credibility in using digital data that can take care of the security of online services in both the public and private sectors. As a result of the rapid success of the project, using of mobile ID is becoming more widespread and has a large number of users. Therefore, the private sector is interested in and sees the benefits of applying mobile ID to various businesses because it has advantages that can protect their customer data more securely.

There are 5 patterns to implement the mobile ID:

  • Smartphone App: It can store identity credentials in a virtual version to simplify the process of carrying documents which is similar to adding a “card” to Google or Apple Wallet. You can quickly access the data via QR code or authenticate with a PIN, OTP, or FIDO code. India and Brazil are using this pattern.
  • Sim-based PKI: It is similar to a chip embedded in a smart card. This pattern works by activating the SIM card with PKI (Public Key Infrastructure) and allowing the data owner to authenticate their identity on the mobile device by using encryption to manage the private key, a PIN to authenticate the user, or sending the result through a mobile network operator. This pattern is used in countries such as Sweden, Finland, Estonia, and Moldova.
  • Server-side PKI: This method uses a Hardware Security Module (HSM) to authenticate through any mobile phone with a SIM card and can be used to send and receive SMS. When a user activates the service, a transaction authentication number (TAN) is generated and sent to his/her mobile phone via SMS. The user needs to compare the TAN value and enter the PIN, and then the server will verify with PIN and HSM.  
  • FIDO-enabled devices: In addition to implementing through apps, FIDO-certified smartphones, laptops, and tablets, as well as all devices running Android 7 or higher and all Windows 10 can provide secure multi-factor authentication (MFA). You can verify your identity with a PIN and use public key cryptography to authenticate again for more security.
  • Mobile network operator service: This pattern can use a variety of different technologies that are both linked and unlinked to the country’s basic ID system based on the customer’s registered information or transactions. For example, GSMA, a global mobile network operator has developed a Mobile Connect which is a centralized digital identity using an OpenID-based API to allow people to log in or authenticate themselves when accessing websites.

Mobile ID in the Republic of Moldova

In 2011, the government of Moldova initiated a system modernization program by using information and communication technology (ICT) to check e-service access. The government has also adopted Mobile eID (MeID), as well as MPass (single sign-on authentication) and MSign.

In 2012, MeID was launched through a PPP built on the existing PKI infrastructure and basic ID system, as well as the State Population Register (SRP) which covers almost the entire population and assigns a 13-digit identification number at birth. The SRP is the core source for identification and the basis for registration in many other systems. In addition, the government also issued physical identification cards in 2014, including the option of an “eID” smart card that can verify rights and digital signatures.

Virtual Citizen Card in Austria

The Central Register of Residents or CRR is a national information system storing data of all residents in Austria (both citizens and non-citizens). According to the law, all residents are required to register their presence in the country and record all of these registrations. Each data record has a 12-digit confirmation number, full name, gender, date of birth, citizen status, and address or passport number in case of foreigners. Those records are simply called a virtual citizen card (CC).

The virtual citizen card can be used instead of a real ID card and can also be installed on a variety of devices, such as smart cards and mobile phones so that residents can use CC for services via smart card or connect their PC to the internet. Alternatively, they can use special software (Citizen Card Environment – CCE) or “MOA-ID” special software.

This digital transformation is essential in the country’s infrastructure development to make it become modern and convenient and to accelerate economic growth. By referring to the number of devices accessing the digital world today, smartphones are devices that should be considered first if the government wants citizens to enter an online system.

In addition, according to the prediction of Juniper Research’s latest report, more than 3 billion people worldwide will have installed the Mobile ID app provided by the government by 2024. However, the key to enhancing the population system for the data platform depends on reliability. If the application is highly secure and reliable, people will accept it and be ready for identity verification in this digital world.

Image by gstudioimagen on Freepik