Will Mobile Identities and Derived Credentials Spell the End of the Physical Identity Card?

With a vast number of Electronic Government (e-Government) services available online and widespread smartphone penetration rates in most developed nations, the convergence of e-Government and mobile services could be considered a natural technological progression as governments attempt to reduce ongoing operational costs and demands for physical staffing by allowing services to be conducted by citizens on their devices.

Today there are a number of mobile identity projects, either fully established or within pilot stages. Governments around the world have launched dedicated mobile solutions for a variety of applications, such as driver’s licenses and national IDs, including mobile driver’s license projects in Brazil and Indonesia and national mobile identity projects in Estonia, Moldova, Finland, and Austria to name a few.

The rise of mobile identities has raised questions related to the role of mobile identities within the citizen ID space and whether a mobile derivative of a national ID card, passport, etc. could spell the beginning of the end of the well-trusted and reliable physical counterpart.

In terms of citizen mobile credentials, a growing number of opportunities are presenting themselves as drivers of the mobile identity market as it relates to citizen-issued identities:

• The use of mobile handsets can be considered reliable. The Average Selling Prices (ASPs) of lower-end smartphones make them widely available, and with developments in 4G and 5G networks connectivity is widespread, so access to e-Government services is usually guaranteed. This supports the development and life cycle of a mobile credential program and limits the amount of infrastructure to be installed, as the credential uses connections that are already available, thus reducing costs.
• Having a population of which a significant majority owns smartphones enables governments to focus on standardized e-service deployments and allows large amounts of feedback data to be gathered. This helps with the continual monitoring of identity programs and provides issuing governments with a range of data points with which to optimize deployments.
• Mobile identities have had a presence in the enterprise space for a number of years. This has allowed the development of frameworks and standards, such as Federal Information Processing Standards (FIPS) and Personal Identity Verification (PIV), to drive the market in this sector. Migrating this to the citizen ID space is simplified due to the preexisting standards and, with the growth of electronic Identification, Authentication, and Trust Services (eIDAS) in Europe, mobile identities can be regulated and standardized, allowing legislation to be introduced.
• In terms of security, there are a number of options available for storing credential information. The confidentiality and availability of the information can be managed according to the use case that is required of it and storage can be assigned as either a physical tamper-resistant device within the handset itself through using a secure element, a Trusted Execution Environment (TEE) contained within a secure area of the device processor, or storing the credential on a server-based backend system.
• An increasing number of governments are digitizing their identity systems and deploying biometric-based backend systems containing their citizens' information. This eliminates the requirement for an initial enrollment stage in the mobile credential program, as the information will already be present. The rollout of a mobile identity can begin using the information already held on a database. This also has the benefit of allowing the information to be monitored by the relevant authorities for people of interest and for legal, justice, and welfare systems.
• Mobile credentials also help streamline Government-to-Citizen (G2C) and Citizen-to-Government (C2G) communication channels, providing a platform from which information can be exchanged in almost real time, ensuring records are kept up to date and contemporary information is readily available to both parties. Furthermore, with the constant connection available to a smartphone, a mobile credential can achieve functionality that an offline legacy or smart document cannot.

By providing a platform with multi-application enablement, it is possible to use a signal mobile device to access services across multiple government departments. As new services are developed and launched, applications can be updated and patched to provide additional functionality.

Having a mobile identity as the only form of credential, without a physical document to accompany it, will likely not occur for a significant amount of time. Therefore, mobile and physical identities should be considered complementary, rather than competing, form factors. Having a digital or mobile identity, as well as a hard copy of the document, can achieve a wider range of functions and use cases, both in commercial and in government markets, in turn increasing trust between all parties.

One such case study that demonstrates the implicit benefit of implementing a dual credential program is that of the itsme service made available in Belgium in May 2017. Three Mobile Network Operators (MNOs) and four Belgian banks cooperated to launch a mobile identity platform that allows users to use a singular identity to access a variety of services, able to request government documents and verifying online transactions by using the Subscriber Identity Module (SIM) card within their mobile devices and a unique five-digit code.

The mobile identity program connects a range of commercial partners and the Belgian government with citizens to enable a range of functionalities. The app runs on smartphones using a SIM card as the unique identifier to create the digital identity, paired with biometric hardware on mobile devices (such as fingerprint scanners), which are leveraged to provide an additional layer of security.

Most importantly, while itsme was designed to facilitate a wider range of access to services for citizens, it was not designed to replace the Belgian e-ID card, but rather as another medium through which Belgian citizens can access governmental services. Physical checks at borders and terminals and the requirement of fallback physical credential in case digital counterparts experience downtime are just two examples of why physical credentials are still required.

This demonstrates that, while a mobile identity can be used to support and increase the number of services available to citizens, it is important to consider the range of benefits that a physical document brings in terms of validation and authorization of identities.

Today, governments are looking to mobile not to replace physical credentials, but rather as a way of expanding and improving C2G communication lines, using a digital path in order to provide new levels of convenience and another medium through which secure access and consumption of e-Government services can be achieved.