Bringing Mobile ID platforms to life

13 downloads 21521 Views 2MB Size Report
Application. mPayment. mWeb- ... document to secure mobile services. 8 .... Password. Soft Token. Mobile Smart. Credential. Biometrics. Transaction. Signing ...
Bringing Mobile ID platforms to life Panel Session Frank Smith, Chair, ENLETS Mobile Detlef Houdeau, Infineon Wayne Fletcher, Entrust Datacard Steve Warne, HID 1

Frank Smith, ENLETS Mobile Chair, ENLETS Mobile… EU working group on mobile solutions for law enforcement

2

Context • World of mobile is changing; mobile is changing the world • Smartphone; biometrics; payments, travel; social media; video; law enforcement, identity… Mobile ID • 3 experts on the panel… 3 x 10 minute presentations; discussion amongst the panel.

3

Detlef Houdeau, Infineon Senior Director, Business Development

Member of the focus group on Secure Mobile Identification, supported by the German Ministry of the Interior 2016-09-08 restricted

Copyright © Infineon Technologies AG 2016. All rights reserved.

4

Setting the scene 2 slides each on 2 topics… • The Big Picture • Deeper dive into one country example—German architecture and approach on Mobile ID

2016-09-08 restricted

Copyright © Infineon Technologies AG 2016. All rights reserved.

5

Mobile ID = mID Key Driver for mID

Standards/Techn.

Application

Key Criteria

Banks

NFC/ISO

mPayment

Privacy

Retailer

FIDO

mWeb-Service

Convenience

MNO

GSMA/MC

mDriving License

Security

Government

PKI-SIM/ETSI

mTicketing

24/7

Internet Provider

QRC/SQRC/ISO

mPassport

Easy to use

OEMs

eSIM, iSIM

mGovernment

Age-independent

Service Provider

BLE

mBusiness

Business Model

others

others

others

Others

6

Mobile ID Government‘s interest Government‘s interest

Example

Country

Using eID-card as trust anchore

Contactless eID-Card combined w/ NFC-Phone

Germany

Offering w/ Smart Phone same service as used for eID-Card/PC/WebService

mID equal to eID-Card

Estonia

Increasing eGovernment Service, 24/7

France Connect

France

Speed up control procedures

mDriving License

USA

Plan B, if eID-cards/card reader/PC can‘t be used

eHealth Service

France

7

Germany: From secure electronic ID document to secure mobile services Mobile Device Card-Reader Network Access

Secure Anchor

ISO/IEC 14443 NFC

ID-Card Germany

Quality

Lifetime

*Application-SW-App

Network

Services

LTE 4G

NFC-Smart Phone with AusweisApp2*

> 50 Mio pieces issued

> 30% penetration in Germany

10 Years

Typical 2-3 Years

Mobile Network

Supported from

Copyright © Infineon Technologies AG 2016. All rights reserved.

8

Focus group “Secure Mobile Identification”  Sponsor: Federal Ministry of Interior, Germany  Start: 18th of May 2015  Scope: Guideline for 82 Mill. Citizens in Germany on balancing „privacysecurity-usability“ of mobile identification. Paper would be published soon.

 Members of the Focus Group

Copyright © Infineon Technologies AG 2016. All rights reserved.

9

Wayne Fletcher, Entrust Datacard Global Director, Government Solutions

10

Developments in Mobile ID Wayne Fletcher

GOVERNMENT TO CITIZEN MOBILE ID Pulled by it’s potential, Mobile is being developed as an enhanced electronic ID platform, with the promise:

 for Citizens • • •

Choice in credential form factor (physical or mobile) Real ease-of-use & convenience Real-time responsiveness to government interactions in their always connected world

 for Identity & Credential Authorities • • •

A path to increasing dematerialization A platform on which to anchor service delivery in citizen centricity The means to meaningfully engage citizens and other stake-holders

 for Relying Parties (e.g. Law Enforcement, Retailers, et al) • •

The means to establish greater assurance in citizen identity and associated privileges/authorizations Provide for richer and more current identity and attribute data

MAJOR ACTIVITY AROUND MOBILE DL/ID POC’s are all about defining and proving the concept

Example POC projects • • • • • • •

Colorado DL Iowa DL Maryland DL Virginia DL Washington DC DL ….. Queensland DL

Most key industry players are part of standardisation process

• • • • • • • • • • •

CBN EDC Gemalto HID IBM Infineon Masktech MorphoTrust Multicert NXP OESD

International Standards: ISO_IEC_JTC_1_SC17 WG10 (TF14): mDL taking the lead for mID ISO_IEC_JTC_1_SC17 WG3: Mobile analysis beginning 13

Standardisation

Key Industry Players • Secunet • SuperCom • Veridos • • • • •

AAMVA BSI NIST RDW UK-DVLA

• ISO WG10 - TF14

Key areas of attention • • • • • •

Data Groups Privacy Protections Attended User Verification Offline and connected protocols Trust Model – Issuers to Verifiers Downstream: Unattended

• …and many more Significant mID example deployments to-date: • Estonia • Austria • US NIST – PIV Mobile Derived Identity

Mobile DL/ID Ecosystem Standardization

Issuing Authority

Verifying Entities Online Services

Privacy

Proof of Identity Unattended & Use Cases Authentication

Authenticity Kiosk

Consent

Meeting the needs of all stakeholders

Face-to-face Interactions

Integrity Proof of Identity /Age

Validity

mDL/ID Holder

Attended Use Cases

Proof of Identity /License

14

MOBILE ID FOR TRUSTED CITIZEN IDENTITY TRANSACTIONS

CITIZEN REGISTRY

TRUSTED GOVERNMENT ONLINE

Improve service levels, control costs and enhance both private and security with digital ecosystems based on trusted identity.

Healthcare Benefits

Trust Services

Social Services

CITIZEN ENROLLLMENT CITIZEN ID MANAGEMENT ENROLLMENT ESSENTIALS

SIMPLIFIED ENROLLLMENT Easy to deploy for governments and easy to adopt for citizens. Secure process captures all required identity elements.

SECURE ISSUANCE

Leveraging Principals of Transparency & Privacy by Design Digital Certificates

CITIZEN ENGAGMENT

Education Services

Whole Government Web Portal

Greatly enhanced experiences & privacy for citizens — security & savings for governments.

Voting Services

Taxation

TRUSTED TRAVELER

Password

Soft Token

Mobile Smart Credential

Transaction Signing Biometrics

TRUSTED CITIZEN DIGITAL & PHYSICAL CREDENTIALS One central core identity used to issue all credentials, including digital mobile identity and physical driver’s license and passports. DESKTOP, CENTRAL AND OVER-THE-AIR ISSUANCE

IN-PERSON

ON-LINE

PRIVACY & CONSENSUAL RELEASE Citizens empowered to share only the necessary identity information for various applications, such as age verification.

Steve Warne, HID Director of Solutions Marketing, Government ID Solutions 16

Mobile ID Benefits 1. Voluntary 2. Interoperable

3. Secure 4. Private 5. Remote-Capable

Ease of Implementation Compatible with existing infrastructure Database PKI and signature services No enrolment burden Easy to distribute

Cost Effective • Meet the need of the Government or Authority • Business Models – Who pays for it – When and how do they pay for it

• Revenue generation

Standards

Convenience REMOTE REGISTRATION

TRAVEL

CAR RENTAL

HOTEL REGISTRATION

More…

A World of New Opportunities Transactions any time, any place, anywhere

Trusted seamless access

Innovative digital services

Trusted transactions in digital economy THE single trusted online source

Mobile and Physical Credentials: Bridge the gap Verification

Issuance

Enrollment

Final Thoughts • The future is mobile…but a mobile ID-only solution is unrealistic today • Physical and mobile IDs will continue to co-exist for some time • The challenge is engage the citizen to want mobile ID • Need to provide an inclusive transition pathway

Powering Trusted Identities

hidglobal.com

PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.

An ASSA ABLOY Group brand

Panel discussion on Mobile ID Frank Smith, ENLETS Mobile Detlef Houdeau, Infineon Wayne Fletcher, Entrust Datacard Steve Warne, HID 26