Mobile ID is the latest and biggest buzzword in the identification industry. Far from being a clearly defined term, though, ‘mobile ID’ describes many different technologies with different purposes. Mobile ID scenarios describe so many stakeholders, use cases and environments that it would be difficult if not impossible for one technology to address them all. This is a good time to discuss the conflicting requirements and use cases for mobile ID. In this article, Frank Schmalz focuses on border control, which has not received as much attention as other scenarios.
Around 80% of the search results in a typical online search for ‘mobile ID’ are for internet authentication services. A while ago, the GSMA launched Mobile Connect, a new standard in digital authentication, and many companies offer similar solutions. Authentication for government services on portals is an important use case for governments who wish to cut administration costs and improve government-to-citizen communication. However, volumes of citizen-government transactions are low. Approaches usually only succeed if they include private and business use cases as well.
Online authentication requirements
An internet connection is essential to this use case and can therefore be assumed. The difficult part is to verify that the person logging in to a portal is really who he or she claims to be. Not only does the mobile phone have to be protected against manipulation, but it has to be confirmed that the right person is actually using the phone. Biometrics do not lend themselves to this scenario. For privacy reasons, most approaches store the biometric data on the phone and use it to grant access to cryptographic authentication functions. The enrolment process for these features is not controlled by the government, making it hard to achieve a strong link to a citizen. Also, no way has been found to prevent the manipulation of data acquired by the biometric sensors. Data acquisition is completely unattended and unsupervised, providing attackers with many options. Inconvenient as it may be, a properly chosen PIN or password that grants access to the cryptographic function for establishing a secure connection remains the most secure method for this scenario.
Physical access control
The term ‘mobile ID’ also shows up in relation to modern access control systems. Identity cards, especially RFID cards, have long been the primary solution for managing physical access control at companies, government agencies, hotels and in public transport. The NFC interface built into many modern mobile devices offers an easy avenue for replacing these cards with mobile phones. Instead of touching an RFID card on the reader, it is more convenient to use a mobile phone. In these scenarios the RFID reader is usually equipped with biometric sensors, while the data acquisition process is supervised by cameras to detect sensor manipulation. It is assumed but not necessary that the phone has an internet connection.
Identity document replacement
Replacing national ID cards and passports with a mobile device-based solution poses different challenges. The major use case in this scenario is the verification of a citizen’s identity by a government official. The advent of the electronic passport introduced a standardised method of storing cryptographically signed biometric and biographic data: the logical data structure (LDS), as defined in ICAO Doc9303. The data could be stored on a mobile device or in the cloud, instead of on the chip of an e-Passport (see Figure 1). Cloud-based approaches are usually called ‘virtual ID.’ To verify the information, the official performing the verification will need to have another electronic device. This use case does not allow the kind of visual verification possible with security documents. Mobile devices do not have visually verifiable security features. It would be futile to attempt to write apps that try to imitate document security. Unlike security features, the smartphone display is equally accessible to security manufacturers and counterfeiters. The verifying app would have to somehow acquire the LDS from the citizen’s phone or the cloud.
Identity verification anytime and anywhere
The difficulty with a cloud-based solution is its dependence on internet access. Internet access is not available everywhere, but identity verification has to be possible at any time or place. Even highly developed countries have internet blackspots in basements, multistorey car parks and in national parks and other remote areas. Therefore, in this scenario, it seems more realistic to store the LDS on the mobile devices. Data can be transferred using various technologies available on the phone, including near field communication (NFC), Bluetooth, Wi-Fi or barcodes displayed on smartphone screens. The verification devices have to check the electronic signature for evidence of data manipulation.
Verification with an electronic device offers several advantages compared to visual document verification. If the verification device has biometric sensors, they can be used to electronically compare biometric information. A large screen to display a photo of the ID card’s owner is a major advantage for an officer trying to verify an identity.
Completely replacing an ID document with a mobile solution would require equipping all of the country’s law enforcement officers with mobile verification devices. If the document also needs to be accepted in other countries, as is the case with passports and driving licences, these other countries would have to make a similar investment. These obstacles will make complete replacements difficult. However, complementary solutions for special environments are possible.
Speeding up the border control process
One such complementary solution is the border control process. The number of border crossings is constantly increasing. According to IATA, flight passenger numbers are expected to reach 7.3 billion by 2034. Countries will have to make border checks even more efficient just to keep up. Modern ABC gates for e-Passports can cut processing time to less than 20 seconds per passenger using biometrics to verify the traveller’s identity. Up to 30% of this time is spent reading the e-Passport. Of course, this assumes the traveller is familiar with the process. If the traveller removes the passport too early and needs several attempts, it will take a lot longer instead.
In the Annual Report on Identity Management 2015-2016, Michael Lynch and Alan Bennett discussed border control processes without passport booklets and suggested a virtual passport that would be cloud-based and encrypted. Virtual passports would eliminate the handling problem at electronic gates.
The approach requires 1-to-n matching since the automated border control system can only assume that the traveller will be part of a group of recent arrivals (see Figure 2). However, this requires additional information from systems such as the Advance Passenger Information System (APIS). Unfortunately, biometric comparisons are not exact. If the Automated Biometric Identification System (ABIS) checks enough records, it will find two people with enough similarities to qualify for a match. A typical case would be relatives travelling together, e.g. two brothers. In large hubs, there may be too many identities to check, leading to multiple matches. In this case the system cannot determine who is actually entering the country. In addition, 1-to-n matching requires increased computing power and thus slows down the system.
Mobile device provides direct link to identity
A mobile device can remove this limitation by pointing the system to the right record or even transferring the identity information on a just-in-time basis. This eliminates the risk of false matches and makes the system usable in situations where no prior travel information is available. Typical scenarios are heavily travelled land borders, such as those between Canada and the United States or Poland and Russia (see Figure 3).
Binding the identity information used for travelling to a single mobile device makes it harder for imposters: not only would they have to pass the system before or instead of the person whose identity they wanted to steal, but they would also have to be in possession of their mobile phone. In our hyper-connected world, a stolen phone will rarely remain unnoticed for long.
Mobile devices know which gate and when
The citizen’s mobile device can acquire its position based on BLE/iBeacon technology. As the citizen approaches the gate, the mobile device tells the ABC system that the citizen is intending to use a specific gate based on the iBeacon data. If the system already has the identification data, it will only need a unique ID for this travel and data set in order to find the right record. The identification data can also be transferred just-in-time as the citizen approaches the gate. The ABC system uses the biometric information stored with the data set to identify the citizen. If it matches, the citizen can pass the gate. Mobile IDs can be used side-by-side with standard e-Passports. From the gate’s perspective, approaching the gate with a mobile ID is identical to placing an e-Passport on the reader. The only difference is the source of the information.
Identification in the country
The paragraph ‘Identity document replacement’ already mentioned the difficulties involved in verifying virtual or mobile IDs on the street. Travellers have to identify themselves within the country, not just at its borders. However, the border crossing use case is appealing since it benefits citizens directly even though they still have to carry standard passports for possible in-country checks. Crossing borders will be faster and easier with mobile IDs. However, mobile IDs can also be used during in-country checks if the officers have electronic verification equipment. A mobile ID might be even easier to introduce for foreigners than the country’s own citizens, because only the introducing country would have to accept this form of identification.
Easy enrolment without the need for bilateral cooperation
Solutions that require bilateral interstate cooperation will be more difficult to adopt. However, mobile ID enrolment can be completed at a kiosk installed by the traveller’s destination country (see Figure 4). LDS data is transferred from the e-Passport to the phone at these kiosks without any involvement from the passport-issuing countries. Additional biometrics not available in the e-Passport can be added in a secure, controlled environment.
In 2015, the EU issued a call entitled ‘Exploring new modalities in biometric-based border checks’ (BES-6). The objectives of this funding project included: “finding new most fluent non-intrusive control processes”, “optimisation of the use of current biometric modalities” and many more. The project will run for the next three years and is likely to generate many interesting new proposals related to mobile IDs and virtual IDs in border control scenarios.
Mobile or virtual passports in border control scenarios have a high potential for adoption because of their obvious advantages for travellers and governments. They might even be the first steps towards completely document-free travel. Australia and New Zealand are willing to take the first steps in this direction, and their progress will be of great interest to the research community. Research contributions and trials from the BES-6 project will drive innovation in this area over the next three years.
1 New IATA Passenger Forecast Reveals Fast-Growing Markets of the Future. Press release 16 October 2014. http://www.iata.org/pressroom/pr/Pag/2014-10-16-01.aspx. Accessed on 3 April 2016.
2 Lynch, M. and Bennet, A. (2015). Beyond the book: A model for virtual passports. Annual Report on Identity Management 2015-2016, pp. 3‑6.
3 Bourke, L. (2015). Australia to trial cloud passports in world-first move. http://www.theage.com.au/federal-politics/political-news/australia-to-trial-cloud-passports-in-worldfirst-move-20151028-gkkkr3.html. Accessed on 3 April 2016.