Tech: Enabling Next Generation Mobile Identity with Digital Credentials
by Jared Heng
Lee Wei Jin, Director of Sales, ASEAN, Identity and Access Management, HID Global
With the digitalisation of credentials today, mobile identity has taken on a meaning beyond the use of traditional items such as physical access cards.
Traditionally, the physical access card was required for securely carrying our identity, and the decision to allow or deny access was made between the reader and a central panel that stores the access rules and decides if a particular person should be allowed to open a door.
Last August, secure identity solutions provider HID Global launched its new iCLASS SIO technology-enabled, or iCLASS SE, platform. Unlike traditional access control, this platform allows technology-independent digital credentials to be deployed for use on smartphones, microprocessor-based cards, contactless smart cards, USB tokens and related devices.
Generally, iClass SE seeks to address the needs of people concerned about portability, security and multi-applications, with specific examples of application areas including government departments, banks and universities.
In an interview with Biz Daily on the sidelines of the recent Cards & Payments Asia 2012, Lee Wei Jin, Director of Sales, ASEAN, Identity and Access Management, HID Global, explained why the iCLASS SE platform was developed.
“Today, more and more people are talking about cloud computing, virtualisation, and NFC (near field communication). At HID, we think how these topics can create opportunity or how they can complement our technologies to provide more solutions. When you go into that, standardisation is a problem,” he said.
Lee explained that in cloud computing for example, getting the system to work across different environments such as iOS or BlackBerry OS is a challenge, hence requiring a universal product that is compatible with all of them.
“One of the major challenges most end users face is when you buy an access card for example from one vendor, it is always tied to the technology of that vendor. If you go to another vendor, the new card from the different vendor cannot be read by the original reader, so it’s not interoperable,” he added.
“That’s why we came out with iClass SE, which provides a universal solution that can work with different vendors, products and suppliers, while also providing a higher security credential solution. We digitalise the credentials but we want to make sure it is interoperable and can work with different products universally,” Lee said.
Besides interoperability, HID also wanted to provide a portable solution to address the increasing mobility of users today.
To enable portability, iClass SE digitalises the credential as an independent object, which HID calls SIO, or Secure Identity Object. The SIO can be implanted into a card or any other NFC-enabled devices, which means the user is not tied down to any particular supplier or technology in the future.
There is also greater flexibility to expand into more applications based on the same technology.
“We will help you program the SIO into the different devices. So once you change the device, you just transfer the SIO to the other device. You can consider SIO as a digital token. The challenge is how to protect this digital token. (To ensure) only authorised devices can read the token, HID introduced security measures such as a data wrapper,” Lee said.
According to HID, the iCLASS SE platform’s SIO digital credentials inhibit data cloning by binding information to a specific credential for additional authentication and encryption on top of device-specific security. These allow the platform to improve security in traditional card and reader applications.
“The issue is how do you ensure your credentials cannot be copied or cloned when NFC devices are used for things like door access or data network access? We provide a “data wrapper” to not only ensure the digital credentials are independent from devices but also secure. We “wrap” the credentials with security authentications using cryptography,” Lee said.
In addition, the device can be configured for either single-factor or multi-factor authentication. Examples of multi-factor authentication include the use of both a card and a PIN; a mobile phone and a PIN; or a mobile phone and biometric measure such as a fingerprint.
Lee said that if the NFC-enabled mobile phone was lost, the iCLASS SE solution would allow the system administrator to disable the particular credentials through cloud computing upon request by the user.
Successful Pilot Project
Earlier this year, HID announced the completion of a mobile access control pilot project at Arizona State University (ASU). According to HID, this was the first project to validate the use of digital credentials on NFC smartphones for physical access control on a college campus.
A group of ASU staff and students were given NFC smartphones containing HID Global’s iCLASS SE credential technology, which allowed them to gain access to their residence hall and selected rooms by presenting the phones to their door readers. The participants used a variety of popular smartphones connected to all major mobile networks.
“The initial feedback we received mid-way through the pilot in September was confirmed through its completion, cementing our vision of a future where virtual identities can be created for each registering student and then delivered to them via a mobile application,” said Laura Ploughe, director of business applications and fiscal control, University Business Services, at Arizona State University.
“This pilot proved the viability of the NFC-based mobile access model using secure portable credentials and the next generation of advanced access control systems, and also confirmed the high value that staff and students place on using their phones for more and more applications, including opening doors throughout the campus,” she added.
Mobile access using NFC has also received support from industry players.
“From a pilot perspective, it was clear that the students loved it, and they want it. The pilot gave us a clear indication that people would use their smartphones to unlock their dorm room doors, and this technology can be used for office doors and home doors too,” said Humphrey Chen, Executive Director, New Technologies and New Market Development, of Verizon Wireless, which was a partner in the ASU pilot project.
“I think that physical access and identity are going to prove to be equal to ‒ or more important than ‒ payments in the long run for NFC, and for that idea of the handset as the wallet or the handset as the credential,” Chris Corum, Founder and Executive Editor of Avisian Publishing, said.